Posted 31 July 2006 - 10:08 AM
The way I do it is to have a call to an authorize function near the start of the script for each page that is restricted to members only. The function returns true or false and does three things. First it checks to see if the user is logged in. If so it returns true. If not, it checks to see if a valid username and password was supplied, and if so it logs the user in and returns true. Otherwise it renders a login form and returns false - the "action" parameter of the form is set to the same page as the calling script using the $SERVER["PHP_SELF"] superglobal. On return from the function, if the return was false, I just end the script there instead of rendering the rest of the page. So, as soon as the user successfully logs in they will be returned to the same page which is then rendered fully.
It works for me, it may not be the way everyone does it.
Sir Isaac Newton said "If I have seen farther, it is by standing on the shoulders of giants". But it is not recorded as to whether he said it before or after he was hit on the head by a falling apple.