Hey guys, pretty new to this web stuff so here goes... I'm using PHP. 1. I have an HTML form for authoring something or other, right, but on pressing the submit button, how do i alert the user to the fact that he/she has not filled in the mandatory fields. Where do i perform the php code to verify? Could i do it like this: - Submit button submits the form to the same page ( itself ). - PHP code runs on this page to verify the contents of the fields and display messages accordingly. - If everything was ok, the php code forwards to the following page as if the user logged in ok. Actually i might have just solved the second one, haha. Thanks, Dave

that's a possible solution. another one might be to forward the submit request immediately to the following page, check it there and refer back to the login page if login failed for any reason.
It's best to check every time any page as requested, that has restricted access, if the user is currently loged on. if the check fails, redirect to the login page (or insert login screen instead of private content). Call on top of your restricted pages some verification function:

<?php  ... // define verification function somewhere    if (!verify_user_login()) {    header('Location: https://your.domain/login.php');    exit; // {EDIT: <- doh, dont forget to exit here }  }  // private content?>...

The user verification function can check the state of your login mechanism (session, db?), but also check any POST (login/logout) or GET (logout) data and handle it accordingly.
Maybe there's a better method but this basic setup works for me quite well.

Some other tips:
1) don't forget you'll want to use https instead of http protocol (some servers use for this private_html dir instead of public_html)
2) always use server side verification of client data, but it's good to use &#106avascripts, maxsize HTML attributes, etc. for client side data verification aswell: less load on your server and faster for the clients.

good luck :)

the majority of sites i have seen use java script to do client side verification of data which'll catch 90% of problems, then submit to the server where you recheck everything.

Quote:Original post by jul_k
that's a possible solution. another one might be to forward the submit request immediately to the following page, check it there and refer back to the login page if login failed for any reason.
It's best to check every time any page as requested, that has restricted access, if the user is currently loged on. if the check fails, redirect to the login page (or insert login screen instead of private content). Call on top of your restricted pages some verification function:

<?php  ... // define verification function somewhere    if (!verify_user_login()) {    header('Location: https://your.domain/login.php');    exit; // {EDIT: <- doh, dont forget to exit here }  }  // private content?>...

The user verification function can check the state of your login mechanism (session, db?), but also check any POST (login/logout) or GET (logout) data and handle it accordingly.
Maybe there's a better method but this basic setup works for me quite well.

Some other tips:
1) don't forget you'll want to use https instead of http protocol (some servers use for this private_html dir instead of public_html)
2) always use server side verification of client data, but it's good to use &#106avascripts, maxsize HTML attributes, etc. for client side data verification aswell: less load on your server and faster for the clients.

good luck :)

TY, thats basically all i needed, how to redirect. Thanks

I always use &#106avascript for client side verification, to make sure certain fields are filled out etc. It's really simple to do and there are plenty of sites that have examples. It also reduces the work done by the server, but if it isn't a huge traffic site it probably doesn't mean much.