Redirect After Login

[eluser]waterloomatt[/eluser]
Hi,

I'm looking for some design advice. I want to setup my site so when a user tries to access a restricted area, they are redirected to the login page. After a successful login, I want them redirected to the original page that redirected them.

Initial thought:
1. Store each page URI in the session.
2. After successful login, redirect user to page.
3. This will keep the URL clean. I.e. No "?redirect=forum/12" or "/redirect/forum/12".

Issues:
1. Don't store the URI of certain pages. Ex. The Logout URI - this will create a loop of Logout->Login->Logout->Login etc.
2. Maybe a heavy handed approach to pages that don't require login Ex. About Us, Contact etc.

Do you have any suggestions or a cleaner/lighter solution?

Cheers.

[eluser]richzilla[/eluser]
I used your first option to solve this problem:

when a user is not logged in and tries to view a protected page:

Code:

$this->session->set_userdata('bounce_uri',$this->uri->uri_string());
            redirect('start');

where 'start' is my default login page. Then...

Code:

function _redirect($user_id)
    {
            
        if($this->session->userdata('bounce_uri'))
        {
            redirect($this->session->userdata('bounce_uri'));
        }
        elseif($this->user_model->is_admin($user_id) == 0)
        {
            redirect('client/home');
        }
        elseif($this->user_model->is_admin($user_id) == 1)
        {
            redirect('admin/home');
        }
    }
        
    function login()
    {
        $this->form_validation->set_error_delimiters('<div class="error">','</div>');

        $this->form_validation->set_rules('username','Username','required');
        $this->form_validation->set_rules('password','Password','required');

        if($this->form_validation->run() == FALSE)
        {
            $this->index();
        }
        else
        {
            $username = $this->input->post('username');
            $password= $this->input->post('password');
            $user = $this->user_model->authenticate($username, $password);
            if($user)
            {
                $this->session->set_userdata('userid',$user->user_id);
                $this->session->set_userdata('logged_in',TRUE);
                $this->_redirect($user->user_id);
            }
            else
            {
                $this->session->set_flashdata('status','Your username or password was incorrect');
                redirect('start');
            }
        }
    }

this is your usual login process, after the user has been authenticated, they are sent to the _redirect function. If the 'bounce_uri' session variable is set, the user is redirected to this page. Works a treat for us. Hope this gives you some ideas.

[eluser]waterloomatt[/eluser]
Hi ricardino,

Thanks for the reply. That looks like a decent solution.

I noticed that you're a User 'object' in you're controllers ($user->user_id). How have you set this up? Or are you simply returning "this" from your models? If it is not the Model object that you're returning, in which folder are you keeping your classes?; Library folder?

Cheers again.

[eluser]novice32[/eluser]
At some point you'll need to unset bounce_uri, otherwise whenever returning folks perform a standard login, they will be redirected to the last set bounce_uri

Code:

if ($this->session->userdata('bounce_uri'))
            {  
                //this will allow us to unset bounce_uri in user session
                //since we can't unset user session after the redirect
                $bounce_uri = $this->session->userdata('bounce_uri');
                $this->session->unset_userdata('bounce_uri');                            
                redirect($bounce_uri);
            }