The web (
HTTP://) is stateless. When you open a new window to enter username and password, you lose all information about the previous window. You probably could do some things client-side to keep the information about the previous window, but many people's security settings would explicitly foil this.
Why don't you just open a username/password requester using javascript the way most sites do it? This keeps the focus on the current window and will eliminate your problem.
Alternatively, when someone clicks on your sign in link, rewrite the home page to them with a username/password field provided.
What I do for this kind of problem is I write my PHP so that I am submitting a form and my sign in link would be a command button. There is a hidden field in this form that is called, for instance, authstatus. The form action calls my homepage in all cases (in other words, the page calls itself).
When I initially provide this page to the user (user requests it via a GET), I set the authstatus value to FALSE. Then, when the user clicks on the link, I process the POST to see what authstatus is and if it is FALSE, I change it to TRYING then rewrite the page (with the same HTML) but providing a userID and password login box, and another form button to submit.
When the user enters username and password, I then see that the hidden authstatus field is TRYING so I process the login and branch appropriately.
Code something like this:
Code:
<?php
if ($_SERVER['REQUEST_METHOD'] == "GET") {
$authstatus = 'FALSE';
$authstat = 'FALSE';
(do any other things I need to do)
} else if ($_SERVER['REQUEST_METHOD'] == "POST") {
$authstat = $_REQUEST['authstatus'];
if ($authstat == "FALSE") {
$authstatus = 'TRY';
(do other stuff as needed)
} else if ($authstat = "TRY") {
(process login and set $authstat appropriately based on result)
}
}
?>
<HTML><HEAD> (my head code) </HEAD><BODY>
(my body html code)
<?php
if ($authstat == "FALSE" or $authstat == "TRY") { ?>
<form action="myhomepage.php" name="login" METHOD="POST">
<input type="hidden" name="authstatus" value="<?php echo "$authstatus";?>">
<?php
if ($authstat == "TRY" ) { ?>
<input type="text" name="username"><br>
<input type="password" name="password">
<?php } } ?>
</BODY>
</HTML>
You can see this mechanism in action if you visit
http://www.softwareforlandlords.com/TPMWeb/index.php
This site is a demo template site that I sell and it does exactly what I show here at many places in the site. On the home page, I choose to always display a login box (username/password) but all processing occurs using the framework I have shown here.