There are 5 types of users in my MVC application:
guest, customer, deliver person, staff and admin
If any user tries to view a page that they do not have access to, they are redirected to a specific page, and the rest of the script ends.
For example, if a client or delivery person tried to view a page to which they do not have access, they will be redirected back to http://www.mysite.com/members/ or, for example, if a guest tries to access the participants area, they will be redirected to the login page.
My Auth class checks this, and it is also responsible for the login process.
As soon as $auth->login($username, $password) checks the login information, it calls
$this->http->redirect() at the bottom of the login() method.
public function redirect() { if($this->auth->isLoggedIn()) { switch($_SESSION['accountType']) { case 1: $url = $this->config->setting('url.members'); break; case 2: $url = $this->config->setting('url.members'); break; case 3: $url = $this->config->setting('url.staff'); break; case 4: $url = $this->config->setting('url.admin'); break; } } else { $url = $this->config->setting('url.base') . 'login'; } $this->setHeader('Location', $url); }
The $http->respond() method is called later, which sends any added headers (for example, the "Location" added above).
I think the redirect() method does work that it should not do, but I'm not sure. It seems to me that my Http class should not check whether people are registered and what types of user accounts the users have, and it should only do things such as adding headers and sending a response to the client, but then it seems wrong to have the redirect() method in the class Auth , because it should only handle authorization.
Any ideas would be greatly appreciated.