开发者

Using GET Method to Maintain Variables After Logging In

问答 作者:

I am using a login system. When I navigate to comments/index.php without logging in, some variables get passed along using the GET method just fine. 开发者_Go百科 Then, if I log in while I am on this page, these variables disappear. The variables that disappear are $submission, $submissionid, and $url.

I thought I could use the GET method to keep them live after logging in by appending ?submission='.$submission.'&submissionid='.$submissionid.'&url='.$url.' to the URL of the login form action as seen below. But the variables still disappeared after I made this addition.

The relevant code I am trying to use is below.

Any idea what I can do to make it do what I want?

Thanks in advance,

John

In comments/index.php:

 require_once "header.php"; 

 include "login.php";

 include "comments.php";

In login.php:

if (!isLoggedIn())
{

    if (isset($_POST['cmdlogin']))
    {

        if (checkLogin($_POST['username'], $_POST['password']))
        {
            show_userbox();
        } else
        {
            echo "Incorrect Login information !";
            show_loginform();
        }
    } else
    {

        show_loginform();
    }

} else
{

    show_userbox();
}

In comments.php:

$url = mysql_real_escape_string($_GET['url']);
echo '<div class="subcommenttitle"><a href="http://www.'.$url.'">'.$submission.'</a></div>';




$submission = mysql_real_escape_string($_GET['submission']);
$submissionid = mysql_real_escape_string($_GET['submissionid']);

The login function:

function show_loginform($disabled = false)
{

    echo '<form name="login-form" id="login-form" method="post" action="./index.php?submission='.$submission.'&submissionid='.$submissionid.'&url='.$url.'"> 

    <div class="usernameformtext"><label title="Username">Username: </label></div> 
    <div class="usernameformfield"><input tabindex="1" accesskey="u" name="username" type="text" maxlength="30" id="username" /></div> 


    <div class="passwordformtext"><label title="Password">Password: </label></div> 
    <div class="passwordformfield"><input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" /></div> 


    <div class="registertext"><a href="http://www...com/sandbox/register.php" title="Register">Register</a></div> 
    <div class="lostpasswordtext"><a href="http://www...com/sandbox/lostpassword.php" title="Lost Password">Lost password?</a></div> 

  <p class="loginbutton"><input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" ';
    if ($disabled == true)
    {
        echo 'disabled="disabled"';
    }
    echo ' /></p></form>';


}

$submission &c. are local to show_loginform. You either need to declare them global (yech), pass them as arguments to the function:

function show_loginform($submission, $submissionid, $url, $disabled = false) {
    ...

//login.php:
...
    // warning: vulnerable to injection attack.
    show_loginform($_GET['submission'], $_GET['submissionid'], $_GET['url']);

or do something like:

function show_loginform($disabled = false) {
    // vulnerable to injection attacks
    ?><form name="login-form" id="login-form" method="post" action="./index.php?<?php echo $_SERVER['QUERY_STRING']; ?>">
    ...

The last is the cleanest and simplest, merely passing through the query string, rather than rebuilding it.

The $_GET variables will only get passed to the first page so you need to manually pass them on. First check to see if the user is logged in. If they aren't, display the form. Then use the following:

$query = http_build_query($_GET)

This will build a query string out of the $_GET variables. Now in the action attribute for your form, put ./index.php?$query.

This will make sure they are passed along after the user logs in.

You have a typo in your Querystring: ?submission='.$submission.'&submissionid='.$submissionid.'&url='.$url.'

replace the $ sign before submission to an uppersand &.

You should check the above posts for injection vulnerabilities though.

Good luck

User sessions...

<?php
session_start();


$result = checkLogin($_POST['username'], $_POST['password']);

if($result) {
    unset($_POST['password']);
    foreach($_POST as $k => $v) {
        $_POST[$k] = trim(strip_tags($v)); // Fix injection
    }
    $_SESSION = $_POST;
    $_SESSION['authenticated'] = true; // Changed the order to show authenticate
}

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9