Preserving post data after logging in

[joelstein]

Here's my scenario.  I have a blog, and in order to write a new blog, a user must login.  They get logged in, start writing their blog, and then after an lengthy amount of time, submit their form.  However, while they were blogging, they were logged out, and so upon submission of the form, it automatically redirects them to a login page.  They login, but then are redirected to the destination page without their POST data, so their blog is lost.

 

Here is how I want to solve it.  When the script recognizes that the user is logged out, it saves the form data in a session variable, and then redirects to the login page.  Then, after the login page, it looks to see if their is any form data, and if so, redirects with the POST data, sent as POST.

 

The only thing I can't figure out is how to use a header() redirect and also re-post the POST data.  Is this possible?

[papaface]

You cant do this with PHP as PHP is server side so it wouldnt be able to get the POST data before its submitted. Why dont you just increase the logout time?

[joelstein]

Increasing the logout time will help, but it doesn't totally solve the problem.  There are a lot of things which could cause that session cookie to expire, and my proposed solution above would work against all cases.

 

Isn't there some way to do this through the header() call?  Does anyone know what a POST request looks like?  Perhaps then I could use header() to send exactly what a POST call would send.

[trq]

This might help as an example. Not tested.

 

This is the page which inserts your blog into the db.

 

<?php

  session_start();

  if (!isset($_SESSION['logged'])) {
    $_SESSION['saved_blog'] = $_POST
    header('Location: login.php');
  } else {
    // perform blog insert per usual.
  }

?>

 

Now, In the script which processes your login form.

 

<?php

  session_start();

  // process login per usual, but do not redirect anywhere yet.

  if (isset($_SESSION['saved_blog'])) {
    $ch = curl_init ();
    curl_setopt($ch,CURLOPT_URL, "blogprocess.php");
    $post = array();
    foreach ($_SESSION['saved_blog'] as $key => $value) {
      $post[] = urlencode($key) . "=" . urlencode($value);
    }
    $post = implode("&", $post);
    curl_setopt($ch,CURLOPT_POST,1);
    curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
    if ($result = curl_exec ($ch)) {
      curl_close($ch);
      header('Location: blogsuccess.php');
    } else {
      curl_close($ch);
      header('Location: newblog.php');
    }
  } else {
    header('Location: loginsuccess.php');
  }

?>

 

This code assumes a few things.

 

blogprocess.php is the name of the script which processes your new blog posts.

blogsuccess.php is the page displayed after a new blog is successfully added.

newblog.php is the name of the page with your form to add a new blog.

loginsuccess.php is the page displayed after a successfull login.

 

As I said, this is untested and more then likely wont work off the bat. it really depends on how you have things working. I havent used curl in a while either so some stuff might not be 100%.

 

Should give you a start though.

[joelstein]

Thanks for the great ideas!  I started to go down that route, but then realized that much of my POST data contains nested arrays, and that just seemed too complicated.  I came up with a different solution.  I still save the POST information in a session variable called "post_data", and then after logging in and redirecting, I just check to see if "post_data" exists, and if so, I reassign it to the POST variable.  Easy enough!