User Authentication cookbook


I think on the authentication cookbook is a little mistake in it.
On the Protecting Content part, should it not better be
<?php if(!$site->user()) go('/login') ?>
<?php if(!$site->user()) go('/') ?>
I don’t know if it is only on my situation but with go('/') I had a loop in it where I don’t come to the loginpage.

And in my template controllerfile I had a session_start() in it. This had a consequence that the routing to this site was not perform. Is this not a little bit curious? This is the first time for me that session_start() is blocking some other scripts.

I’d say it depends. Maybe you don’t want to let unauthorised users know that there is a login page at all.

However, if your home page is blocked, then you would indeed run into a loop, so you would have to modify the path. Was it the home page that you wanted to lock?

Currently I don’t have an answer regarding your session thingy. But what controller file are we talking about?

I have a searchform on a site and save the formdata ( two fields) in two sessions to show the searchresult on a another site. The hole website with all subpage should be locked from view with a loginform.

search.php controllerfile:


return function($site, $pages, $page) {

if(!$site->user()) go('login');

if(r::is('post') && get('submitsearch')) {
        $_SESSION['propertyquery'] = get('propertyquery');
        $_SESSION['zipquery'] = get('zipquery');

    else {

login controllerfile:

return function($site, $pages, $page) {

    if($site->user()) go('/');

if(r::is('post') and get('login')) {
    if($user = $site->user(get('username')) and $user->login(get('password'))) {
    } else {
        $error = true;
} else {
    // nothing has been submitted
    // nothing has gone wrong
    $error = false;
    $errorpayment = false;

    return array('error' => $error, 'errorpayment' => $errorpayment);

And in the search controllerfile if I have the session_start()declared the login will ended in a error with ERR_TOO_MANY_REDIRECTS. How can I use the login with my sessions?


I guess you mean page not site? The whole website is locked means that you cannot access any page without logging in.

yes the whole website should closed from view only the login is showing.
To perform this I wrote the if($site->user()) go('login');in every templatefile or controller file without the login or error template/controller.