Using GET Method to Maintain Variables After Logging In

Hello,

I am using a login system. When I navigate to comments/index.php without logging in, some variables get passed along using the GET method just fine. Then, if I log in while I am on this page, these variables disappear. The variables that disappear are $submission, $submissionid, and $url.

I thought I could use the GET method to keep them live after logging in by appending

?submission='.$submission.'&submissionid='.$submissionid.'&url='.$url.'

to the URL of the login form action as seen below. But the variables still disappeared after I made this addition.

The relevant code I am trying to use is below.

Any idea what I can do to make it do what I want?

Thanks in advance,

John

In comments/index.php:

require_once "header.php"; 

 include "login.php";

 include "comments.php";

In login.php:

if (!isLoggedIn())
{

    if (isset($_POST['cmdlogin']))
    {

        if (checkLogin($_POST['username'], $_POST['password']))
        {
            show_userbox();
        } else
        {
            echo "Incorrect Login information !";
            show_loginform();
        }
    } else
    {

        show_loginform();
    }

} else
{

    show_userbox();
}

In comments.php:

$url = mysql_real_escape_string($_GET['url']);
echo '<div class="subcommenttitle"><a href="http://www.'.$url.'">'.$submission.'</a></div>';

$submission = mysql_real_escape_string($_GET['submission']);
$submissionid = mysql_real_escape_string($_GET['submissionid']);

The login function:

function show_loginform($disabled = false)
{

    echo '<form name="login-form" id="login-form" method="post" action="./index.php?submission='.$submission.'&submissionid='.$submissionid.'&url='.$url.'"> 

    <div class="usernameformtext"><label title="Username">Username: </label></div> 
    <div class="usernameformfield"><input tabindex="1" accesskey="u" name="username" type="text" maxlength="30" id="username" /></div> 


    <div class="passwordformtext"><label title="Password">Password: </label></div> 
    <div class="passwordformfield"><input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" /></div> 


    <div class="registertext"><a href="http://www...com/sandbox/register.php" title="Register">Register</a></div> 
    <div class="lostpasswordtext"><a href="http://www...com/sandbox/lostpassword.php" title="Lost Password">Lost password?</a></div> 

  <p class="loginbutton"><input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" ';
    if ($disabled == true)
    {
        echo 'disabled="disabled"';
    }
    echo ' /></p></form>';


}

well ,i think rather than correcting this code,you should look for some other more professional login system and try implementing it
even if you get it work i think you will run into problem with this codeā€¦
so earlier you realize better for you
just a suggestion

In 2 seconds of reading this I am 99.9% sure there is register_globals on :slight_smile: Just disable this via .htaccess/php.ini depending on your environment.