Howdy all,
What this does is emulates what YouTube (and many many other sites have I'm sure) does with logins. If you aren't logged in and attempt to view a video that's restricted by age, etc., you click on a link/button that directs you to the login page. You log in and voila, you are taken back to the video/page you were originally viewing (granted your credentials are legit, but I digress). This is done by setting a query parameter (I shall call it "next_page") to the (relative) url of the page you were just viewing, and then the application redirects you to said page.
Sounds pretty simple? It should be. Here is the code I have started with (from Login.pm):
sub index : Private {
# with much thanks to plu
my ( $self, $c ) = @_;
# Get the username and password from form
my $username = $c->req->param('username');
my $password = $c->req->param('password');
$c->flash->{next_page} ||= $c->req->param('next_page');
# If the username and password values were found in form
if ( $username && $password ) {
# Attempt to log the user in
if ( $c->login( $username, $password ) ) {
my $redirect_url;
if ( defined $c->flash->{next_page} ) {
$redirect_url = $c->uri_for( $c->flash->{next_page} )
} else {
$redirect_url = $c->uri_for( '/users/view', $username );
}
# If successful, then let them use the application
$c->res->redirect( $redirect_url );
} else {
# Set an error message
$c->stash->{error_msg} = "Bad username or password.";
$c->stash->{template} = 'login.tt2';
return;
}
}
# If either of above don't work out, send to the login page
$c->stash->{template} = 'login.tt2';
}
So this works like this:
- you go to http://hotsecksiepics.com/pics/hotnsexy
- you aren't logged in, and being logged in is required
- henceforth, you click the link (that shows up since you aren't logged in) that says "click here to log in"
- this link takes you to the url http://hotsecksiepics.com/login?next_page=/pics/hotnsexy
- you log in and are authenticated/authorized
- you are redirected to the url /pics/hotnsexy (which translates to http://hotsecksiepics.com/pics/hotnsexy after being passed through
$c->uri_for())
Pretty impressive eh? Joking. If you come up with something better update this page and let me know: devin.austin at gmail.com
This is only one way to do it. The Catalyst tutorial has a section on this, which is more up to date than this code.
Things you might want to consider:
- If the action the user is trying to perform isn't allowed unless they are logged in, instead of doing "clicky link + param + flash + redirect", just do "flash + redirect + redirect". This cuts out the need to actually check for the
next_pageparameter and just forwards the user to the log in page. Much more straight forward - Decide whether you need a separate login controller or if you can just do you authorizations through Root.pm with
auto. Decide whether your WHOLE site requires authentication and certain sections don't, or the other way around, only certain parts of your site require authentication.
TODO: move this to auto in Root.pm? (per suggestion in this node)
Another technique to do that is to have a small login form on the page - and have the code for servicing it in one of the begin actions.
