Question on $_GET[]

Can anybody help my solve this problem?

In the header, I have a login form. If you login, the login form is replaced by a logout button. The text “You’re logged in” is also shown above the log out button.
I also have a navigation in the left column. If you click a link in the navigation, the content area in the middle of the page will be updated. The problem is that the login in information gets lost. The text “You’re logged in” and the log out button is replaced with the log in form. I guess it’s a $_GET problem, but how do I solve it.

I do want to use the get method, and not the post method.

GET is very unsecure, but…

How about showing us the relevant code sections?

Use sessions to store the login data.

Make sure you have:


At the top of your PHP file, and save the login information in the $_SESSION array.

yup session and its decendents should work here…

plus get is never suppose to pass confidential data(that also in an unecrypted form in HTTP protocol…)
even if you succeed in passing variable to each page
the user_id=1
will peep into data of user_id=2 …lol with url hijack…

I dont understand how to do it. I know how to “transfer” values between pages, using get or post. But I dont want to do that.
“How about showing us the relevant code sections?” Sorry, but I dont know how do to this, what to write. I am trying to describe the problem.
I know its a session problem.

Paste your current code.

Your question is quite hard to follow.
The guys are right, you will want to use $_SESSION to store your login info at the end.
You will want to use $_POST on your login form to process the details to the session.
Please elaborate or provide code for us to debug.

The webpage consist of a header, which is included, a left navigation which is included, a content area which is included and a footer which is included.
In the navigation, there is a list of links. When I click a link, I update the content area by switching to another included file. So far no problem.
I have two forms, one log in and one log out form. I have put the forms in variables, because I want to be able to hide the log in form when the user logs in and instead show a log out button:

$my_form=‘<form id=“form1” action=“test.php” method=“get”>
User name:
<input type=“text” name="username " />
<input type=“text” name=“password” />
<br />
<input type=“submit” id=“knapp” name=“knapp” value=“Log in” />’;

$log_out=‘<form name=“form2” action=“test.php” method=“get”>
<input type=“submit” value=“Log out” />

When the user puts in his name and the correct password I use unset() to hide the log in form and echo to show a another form, a logout form:


if ($my_password== $_GET[‘password’])
echo "You are logged in;
echo $ log_out;

This will hide the log in form and show the logout form. When I click the log out button, the log in form pops up again. No problem so far. Now to the problem. Let’s say I log in. The log out button pops up on the main page. Let’s say I also click a link in the navigation area:

<li><a href=“?var_music=music”>Music</a></li>

If I click a link in the navigation area, a new included file is shown in the content area and the log in form replaces the log out button. That’s the problem. The browser does not know that I want the logout button to stay at the top of the page.
I know it’s a session problem. I know that I should put this in the main page above the html tag.


But what else do I have to do to make the connection work? I know how to “transfer” values between pages using get and post, but here I am not trying to show something on another page. I want to keep the values on the main page, here test.php. And I want to use the get method.

With sessions, you need to set their value before any output occurs to the page.

Typically this means checking if the login was successful before any output occurs, setting a session value such as $_SESSION[‘username’] = $username and then redirect back to the same page.

When the page loads, it checks if the session value is set, and shows the appropriate form.

What do you mean by “redirect back to the same page”?

Sometimes there can be issues where the updated session variables are not accessible yet on the same page, so redirecting back to the same page allows the page to cleanly handle the changed circumstances.

The other benefit is that by redirecting back to the same page, the posted data is no longer involved, which can help to prevent issues relating to that as well.