There are two simple solutions to this problem. The first you've already mentioned -- store the original link in some hidden form input field.
The other way is to store the original link in a session variable.
When you think about it, storing the original link in a hidden form field is just one way of persisting data -- something that the session variable was *designed* to do... so why not use it?
Here's a simple example:
<?php // login_check.inc.php
if (!logged_in()) // assume that you've written logged_in().
$_SESSION['original_url'] = $_SERVER['PHP_SELF']
<?php // Any password-protected page:
require_once('login_check.inc.php'); // redirects anyone who's not logged in.
// Here we can assume that everyone's logged in.
// Proceed with the rest of the script.
<?php // login.php
if (isset($_POST['username'] && $_POST['password']))
// validate user login.
$target_url = isset($_SESSION['original_url'])
else display some invalid login error
// generate the login form here.
Hope the above gives you ideas.