tsPHP
asked on
Header(location : and post vars
I have a main page which at the moment has links to all of my sites.
I want to change this so it has a login box with a username and password.
I would like it so that when to user enters the details they are logged into the site
they signed upto.
I have been using the idea below below.
//check username and password in db
//this will give me the site they are registered to
header("Location: http://www.$site_registered_to");
problem is that this will not pass the username and password to the other site.
it works if i use this
header("Location: http://www.$site_registered_to?username=$username&password=$password");
But i need to post the vars, can this be done and any ideas on how?
Thanks
I want to change this so it has a login box with a username and password.
I would like it so that when to user enters the details they are logged into the site
they signed upto.
I have been using the idea below below.
//check username and password in db
//this will give me the site they are registered to
header("Location: http://www.$site_registered_to");
problem is that this will not pass the username and password to the other site.
it works if i use this
header("Location: http://www.$site_registered_to?username=$username&password=$password");
But i need to post the vars, can this be done and any ideas on how?
Thanks
ASKER
i understand your approach but i see this as a security issue if the varibles are placed as hidden fields.
if you really want to hide the variables, cant you store them in a session? or do you have no control over the site_registered_to?
ASKER
I have control of the sites but htey are on different domains a nd different servers.
heh good point, so you wouldn't think about encrypting the values over either get or post?
ASKER
no i need to post the varibles as they are.
is there no way of setting the post in the headers like the location
a wild guess
header("Post: $username");
im going to quickly try this :)
is there no way of setting the post in the headers like the location
a wild guess
header("Post: $username");
im going to quickly try this :)
http://www.faqts.com/knowledge_base/view.phtml/aid/12039/fid/51
try the above script, i think it might work
cheers,
loz
try the above script, i think it might work
cheers,
loz
You could use CURL or raw sockets to send a POST request to the external site with the username and password.
Then get the cookie which sets the sessionID, and then do a redirect to the other site and pass the sessionID in the URL,
which triggers the external site to re-set the sessionID cookie.
Then get the cookie which sets the sessionID, and then do a redirect to the other site and pass the sessionID in the URL,
which triggers the external site to re-set the sessionID cookie.
ASKER
ive heard about CURL what exactly is this and does it need installing
ASKER
ive thought of another idea, if i use
header("Location: http://www.$site_registered_to?username=$username&password=$password");
is it possible to stop the url from changing when i do the location part.
This would stop the varibles being show??
header("Location: http://www.$site_registered_to?username=$username&password=$password");
is it possible to stop the url from changing when i do the location part.
This would stop the varibles being show??
you could do that through javascript but its not particularly secure. did you try the script i posted?
Or, you could store the information in sessions, then you use those session variables on the different server, i can give you a link to how this is done if you are interested because the way you sugested will not work.
Tainted God, I'm interested in your approach of using Sessions on a different server, Please tell us more.
Why do you need to post the variables? The post method is no more secure than GET, unless you are posting a lot of data, ( > ~200 Bytes/Chars AFAIK ).
What you could do(as I've suggested else where on EE), would be to
<?php
header("Location: http://www." . $site_registered_to . "?postvars" = serialize($_POST);
?>
Then on the other side, put something at the start of the script, to take the serialized array, and put it back into a normal array.
<?php
$_POST = unserialize($GET['postvars ']);
?>
The advantage of this approach is that if you defined suitable encryption/decryption functions you could use them too.
like
<?php
header("Location http://www." . $site_registered_to ."?postvars=" . encrypt(serialize($_POST)) );
?>
and
<?php
$_POST = unserialize(decrypt($_GET[ 'postvars' ]));
?>
I forgot to mention it earlier on, but you may need to use urlencode in there too somewhere.
Why do you need to post the variables? The post method is no more secure than GET, unless you are posting a lot of data, ( > ~200 Bytes/Chars AFAIK ).
What you could do(as I've suggested else where on EE), would be to
<?php
header("Location: http://www." . $site_registered_to . "?postvars" = serialize($_POST);
?>
Then on the other side, put something at the start of the script, to take the serialized array, and put it back into a normal array.
<?php
$_POST = unserialize($GET['postvars
?>
The advantage of this approach is that if you defined suitable encryption/decryption functions you could use them too.
like
<?php
header("Location http://www." . $site_registered_to ."?postvars=" . encrypt(serialize($_POST))
?>
and
<?php
$_POST = unserialize(decrypt($_GET[
?>
I forgot to mention it earlier on, but you may need to use urlencode in there too somewhere.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It appears shmert stole my post, that was exactly what i was talking about so you dont really need anything from me now.
Actually, I "stole" my own post ;)
> You could use CURL or raw sockets to send a POST request to the external site with the username and password.
> Then get the cookie which sets the sessionID, and then do a redirect to the other site and pass the sessionID in the URL,
> which triggers the external site to re-set the sessionID cookie.
> You could use CURL or raw sockets to send a POST request to the external site with the username and password.
> Then get the cookie which sets the sessionID, and then do a redirect to the other site and pass the sessionID in the URL,
> which triggers the external site to re-set the sessionID cookie.
no you all stole my post from:
http://www.faqts.com/knowledge_base/view.phtml/aid/12039/fid/51
try the above script, i think it might work
:p
loz
http://www.faqts.com/knowledge_base/view.phtml/aid/12039/fid/51
try the above script, i think it might work
:p
loz
Apologies, loz. That code does look pretty similar...
I'm using the following method with success.
before a header() call do a post_to_session() and just after you load a page do a session_to_post()
<?
function post_to_session() {
session_start();
foreach ($_POST as $key => $value) {
$x[$key] = $value;
}
$_SESSION['PrePOST'] = $x;
session_register('PrePOST' );
}
function session_to_post() {
session_start();
foreach ($_SESSION['PrePOST'] as $key => $value) {
$_POST[$key] = $value;
}
session_unregister('PrePOS T');
}
?>
before a header() call do a post_to_session() and just after you load a page do a session_to_post()
<?
function post_to_session() {
session_start();
foreach ($_POST as $key => $value) {
$x[$key] = $value;
}
$_SESSION['PrePOST'] = $x;
session_register('PrePOST'
}
function session_to_post() {
session_start();
foreach ($_SESSION['PrePOST'] as $key => $value) {
$_POST[$key] = $value;
}
session_unregister('PrePOS
}
?>
in the body tag:
<body onload="document.siteForm.
and for your form:
<form action="<? print $site_registered_to; ?>" name="siteForm" method="POST">
<input type="hidden" name="username" value="<? print $username; ?>">
<input type="hidden" name="password" value="<? print $password; ?>">
</form>