Home/ Questions/Q 731051
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T06:58:55+00:00

I am using a login system. When I navigate to comments/index.php without logging in,

  • 0

I am using a login system. When I navigate to comments/index.php without logging in, some variables get passed along using the GET method just fine. Then, if I log in while I am on this page, these variables disappear. The variables that disappear are $submission, $submissionid, and $url.

I thought I could use the GET method to keep them live after logging in by appending ?submission='.$submission.'&submissionid='.$submissionid.'&url='.$url.' to the URL of the login form action as seen below. But the variables still disappeared after I made this addition.

The relevant code I am trying to use is below.

Any idea what I can do to make it do what I want?

Thanks in advance,

John

In comments/index.php:

 require_once "header.php"; 

 include "login.php";

 include "comments.php";

In login.php:

if (!isLoggedIn())
{

    if (isset($_POST['cmdlogin']))
    {

        if (checkLogin($_POST['username'], $_POST['password']))
        {
            show_userbox();
        } else
        {
            echo "Incorrect Login information !";
            show_loginform();
        }
    } else
    {

        show_loginform();
    }

} else
{

    show_userbox();
}

In comments.php:

$url = mysql_real_escape_string($_GET['url']);
echo '<div class="subcommenttitle"><a href="http://www.'.$url.'">'.$submission.'</a></div>';




$submission = mysql_real_escape_string($_GET['submission']);
$submissionid = mysql_real_escape_string($_GET['submissionid']);

The login function:

function show_loginform($disabled = false)
{

    echo '<form name="login-form" id="login-form" method="post" action="./index.php?submission='.$submission.'&submissionid='.$submissionid.'&url='.$url.'"> 

    <div class="usernameformtext"><label title="Username">Username: </label></div> 
    <div class="usernameformfield"><input tabindex="1" accesskey="u" name="username" type="text" maxlength="30" id="username" /></div> 


    <div class="passwordformtext"><label title="Password">Password: </label></div> 
    <div class="passwordformfield"><input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" /></div> 


    <div class="registertext"><a href="http://www...com/sandbox/register.php" title="Register">Register</a></div> 
    <div class="lostpasswordtext"><a href="http://www...com/sandbox/lostpassword.php" title="Lost Password">Lost password?</a></div> 

  <p class="loginbutton"><input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" ';
    if ($disabled == true)
    {
        echo 'disabled="disabled"';
    }
    echo ' /></p></form>';


}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    $submission &c. are local to show_loginform. You either need to declare them global (yech), pass them as arguments to the function:

    function show_loginform($submission, $submissionid, $url, $disabled = false) {
    ...

//login.php:
...
    // warning: vulnerable to injection attack.
    show_loginform($_GET['submission'], $_GET['submissionid'], $_GET['url']);

    or do something like:

    function show_loginform($disabled = false) {
    // vulnerable to injection attacks
    ?><form name="login-form" id="login-form" method="post" action="./index.php?<?php echo $_SERVER['QUERY_STRING']; ?>">
    ...

    The last is the cleanest and simplest, merely passing through the query string, rather than rebuilding it.

    • 0