Hi,

you don't seem far off the mark to me. I don't see any problem with using your process_login page to deliver the message to be honest. Re-directing to another page after that seems to be the problem is there is one. You could just echo out your failure message with a link back to the login page upon failure or a thank you message with a link to your next page upon success.

You will of course need to set something that you can check to ensure a use is logged in - such as if they try to bypass your login page and go directly to one of the other pages in your site/application - maybe using encrypted session variables?

The best way IMO - don't redirect at all. :-) Take a scenario - in your case, an error. I see too much of this. Submit, then

"There was an error in your form, you didn't enter a valid email address. Please go back and correct the error."

This is really lame. There are all sorts of ways to patch it up - save info in session variables (which really only works with cookies enabled) is one of them. So if you redirect, that's probably the best way - save your messages in session variables.

But the lameness persists in the case of user errors; it's not friendly and it's not usable. If beloved user enters an error, we want to make it easy for them; bring them back to the very same page they were on and populate their form:

if (!$submit) { output_form(); } 
else {  
 $errors = attempt_to_process_data(); 
 if ($errors) { output_form($errors); } 
 else { ouput_yay_you_did_it(); } 
} 

See? No redirects. The simple structure of output_form accepts an error as optional:

function output_form($err) {
$form=null;
if ($err) $form .= "<p class=\"big-and-red\">$err</p>";
// compile your form here
echo $form;
exit;
}

To answer the question of where you store this stuff: If you have a lot of them, use a database, otherwise, you can use a plain text configuration file or an error config file as an include (probably easier), whatever you want. Instead of the numbers, though, your like will be much easier using something easily identified.

include('my-config.php');

<?php

$error_messages = Array (
'bad_email_address' =>
'You have entered an invalid email address. Please make the corrections below.',
'fname_required', => 'Please enter your first name'
);

?>

You will, however, have to declare your array as a global when used within functions.

if ($errors) { output_form($errors); }

function attempt_to_process_data() {
$errors = null;
global $error_messages;
// Do your checks, if an error is found,
$errors .= $error_messages['bad_email_address'];
return $errors;
}

This is but one way to do it, you can do the exact same thing and stay with redirects. It's just handier to build from a user standpoint, which leads you to a self contained script process.

Wittner and rocknbil,

Thanks for the replies.

I like the idea of encrypting session variables.

I thought about using a self-contained script too: a form that submits to the same page. But the problem with this approach is that if the user refreshes the page after an error or goes to another page and then hits Back, he'll get that scary "do you want to submit the information again?" dialog box.

But I guess you could submit the form to another script and then redirect back to the original page when there's an error to avoid that dialog box.

I like your script. I'll consider of using it.

So you would recommend saving the error message in a session variable if I want to redirect?

Also, is there a PHP command that returns the line number of your script where it's called?

Thanks.

Hi all,

>>The best way IMO - don't redirect at all. :-)

I agree, and there have been issues with header() calls (most often using the refresh option - which I do use, and touch wood, not seen any unreliability as yet, though, it is intranet)

I generally have a list of generic answers for erroneous form filling, placed in constants or arrays and (import them at runtime if I'm classing it) then just set a variable if a conditional statement catches for example - blank entry (checked with preg_match()) then just output to the same page but keeping the data held and just changing the class type in the div so that you can dynamically alter the text & colour of the text.

As Rocknbill states you can do this many ways, just have fun choosing one that suits your style.

Cheers,
MRb