It is tempting to have a separate login script for the admin and normal users, but this can cause problems in the future if you ever change how logins work.
In the form that we created, we set the action to /ww.incs/login.php
, with an added parameter named "redirect".
What's involved with a login is as follows:
Verify that the submitted captcha is correct (we don't want robots logging in!)
Verify there is an entry in
user_accounts
where the submitted e-mail address and password are matchedIf all is well, set a session variable named
userdata
which holds the user's information (saves looking it up in the database all the time)Send the browser to wherever the redirect link pointed it, or to the root of the site if none is provided, or if the provided one is invalid
If anything goes wrong, still send the browser on to the redirect page, but also give an error message as an added parameter
Some of the code for the login will also be needed for other aspects of logins, such as logouts and...