Link to home
Start Free TrialLog in
Avatar of lnwright
lnwright

asked on

Sending Password

Dear Experts,

Is it possible for PHP to securely send the current user's user name and password to another web site?    If so,  how is this done?

Thanks,


Lee.
SOLUTION
Avatar of basiclife
basiclife

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of lnwright
lnwright

ASKER

Thanks basiclife & f0rdmstang,

At this stage it looks like both sites will be https.    It is not a database just PHP.

Lee.
I know in the past I've called or redirected someto to https sites and also passed things such as Credit Card info.  Make you script and include your info in a url.


base url :  https://www.yourdomain.com/scripts-dir/myscript.php
info to pass
user:   myuser
pass:   MyPassword123

final url = ?

https://www.yourdomain.com/scripts-dir/myscript.php?username=myuser&pass=MyPassword123

Then in the myscript.php reference the user or pass as $HTTP_GET_VARS['username'] or $HTTP_GET_VARS['pass'].  One thing you could always do it encrypt the password with md5 and only pass that password to the https url

Hope that helps
I am just wondering with passing the username and password through a URL,  if the browser will remember it in it's history and therefore possibly reveal it to other users
Your browser shouldn't remember https urls if I remember correctly.  You could also call a url from your Script rather than from the url the user sees.  This code is not verified so i don't know if it woks but I know I use to the the equivelent in Perl

include('http://www.google.com');
ASKER CERTIFIED SOLUTION
Avatar of Marcus Bointon
Marcus Bointon
Flag of France image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks Squinky,

I am a newbie to PHP so can you give a little more detail?

Regards,


Lee.
Build the URL something like f0rdmustang suggests, then retrieve the contents of the page by saying:

$page = file_get_contents($url);

$page now contains whatever the URL returned to you. You can send this back to the original user by just saying:

header('Content-type: text/html');
echo($page);

Or alternatively, just pass the results straight from the server to the client by using:

readfile($url);

The upshot of this is that the client will see the pages from the remote server, but at the URL of your server.

Incidentally, normal syntax for a URL containing id and password handled by HTTP is:

https://user:password@www.example.com/index.php
Thanks again Squinky,

Can I trouble you for a simple php code example.   I have set up a protected directory here:

https://aus.unlimited-space.com/~onlineac/test/

the username is "experts" and the pass is "exchange"

Thanks.
<?php
$username= 'experts';
$pass = 'exchange';
$url = "https://{$username}:{$pass}aus.unlimited-space.com/~onlineac/test/";
$page = file_get_contents($url);
//You can do what you like with the page contents in here
header('Content-type: text/html'); //this assumes that what was fetched was actually an HTML page and not something else
echo $page;
?>

Alternatively if you just want to pass the page through untouched:

<?php
$username= 'experts';
$pass = 'exchange';
$url = "https://{$username}:{$pass}aus.unlimited-space.com/~onlineac/test/";
readfile($url);
?>

Note that while you've retrieved this page over SSL, the link back to the client may not be secure.
Thanks Squinky,

With the first one I get this error:

Warning: file_get_contents(https://experts:exchangeaus.unlimited-space.com/~onlineac/test/): failed to open stream: Invalid argument in C:\Inetpub\wwwroot\reports\PassUserAndPassword.php on line 5

Warning: Cannot modify header information - headers already sent by (output started at C:\Inetpub\wwwroot\reports\PassUserAndPassword.php:1) in C:\Inetpub\wwwroot\reports\PassUserAndPassword.php on line 7

I tried adding @ after the pass but still error

For the second I get this:

Warning: readfile(https://...@aus.unlimited-space.com/~onlineac/test/index.htm): failed to open stream: Invalid argument in C:\Inetpub\wwwroot\reports\PassUserAndPassword.php on line 5

Can you please advise.

As far as I can tell. everyone agrees with me. Post additional comments if you have any problems
It is just missing the @ - I don't know why putting it in didn't work for you. This script works fine for me (I get an MYOB page back?):

<?php
$username= 'experts';
$pass = 'exchange';
$url = "https://{$username}:{$pass}@aus.unlimited-space.com/~onlineac/test/";
$page = file_get_contents($url);
//You can do what you like with the page contents in here
header('Content-type: text/html'); //this assumes that what was fetched was actually an HTML page and not something else
echo $page;
?>

The second script had the same problem, I added an @, and it now works too:

<?php
$username= 'experts';
$pass = 'exchange';
$url = "https://{$username}:{$pass}@aus.unlimited-space.com/~onlineac/test/";
readfile($url);
?>

basiclife, this isn't what you suggested - there's no redirect happening here at all, nor should there be; It's really being a kind of dumb proxy.
Sorry, you're quite right - I`was in a rush last night and just scanned the 1st few answers. Please excuse my overbearing asshole attitude :D
Seems to me Squinky should get the points for this one
Sorry forgot about this one.  Thanks for your comments guys.    I ended up not using this type of arrangement so I don't know which actually is the best but I will pick what I thought seemed the best answers.

Regards,


Lee.