Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Sending Password

Posted on 2004-09-05
18
Medium Priority
?
220 Views
Last Modified: 2010-07-27
Dear Experts,

Is it possible for PHP to securely send the current user's user name and password to another web site?    If so,  how is this done?

Thanks,


Lee.
0
Comment
Question by:lnwright
  • 6
  • 4
  • 4
  • +1
17 Comments
 
LVL 5

Assisted Solution

by:basiclife
basiclife earned 400 total points
ID: 11986510
Are you using a standard login? and is the server you're connecting to capable of SSL?

If it's normal authentication, you can redirect them using https://username:password@somedomain.com or by using https://somedmoain.com/somescript?un=username&pw=password

because the connection is secure BEFORE the GET data is sent, it should be sent in an encrypted form. I've never tried this before, so I'll await other experts opinions before guaranteeing anything
0
 
LVL 1

Assisted Solution

by:f0rdmstang
f0rdmstang earned 400 total points
ID: 11986531
What  try of function are you using this for ?  

If your using some type of database such as MySQL you can have your script connect to the remote computers by using it's domain name or IP address considering the right permissions are granted.
0
 

Author Comment

by:lnwright
ID: 11986662
Thanks basiclife & f0rdmstang,

At this stage it looks like both sites will be https.    It is not a database just PHP.

Lee.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Expert Comment

by:f0rdmstang
ID: 11986741
I know in the past I've called or redirected someto to https sites and also passed things such as Credit Card info.  Make you script and include your info in a url.


base url :  https://www.yourdomain.com/scripts-dir/myscript.php
info to pass
user:   myuser
pass:   MyPassword123

final url = ?

https://www.yourdomain.com/scripts-dir/myscript.php?username=myuser&pass=MyPassword123

Then in the myscript.php reference the user or pass as $HTTP_GET_VARS['username'] or $HTTP_GET_VARS['pass'].  One thing you could always do it encrypt the password with md5 and only pass that password to the https url

Hope that helps
0
 

Author Comment

by:lnwright
ID: 11986863
I am just wondering with passing the username and password through a URL,  if the browser will remember it in it's history and therefore possibly reveal it to other users
0
 
LVL 1

Expert Comment

by:f0rdmstang
ID: 11986896
Your browser shouldn't remember https urls if I remember correctly.  You could also call a url from your Script rather than from the url the user sees.  This code is not verified so i don't know if it woks but I know I use to the the equivelent in Perl

include('http://www.google.com');
0
 
LVL 25

Accepted Solution

by:
Marcus Bointon earned 400 total points
ID: 11988296
Use file_get_contents or CURL to query the other server, not include. Include will not fail gracefully if the connection cannot be made.

The browser will never see the remote URL (it passes server-server, not server-client-server like a redirect), so it will never be stored in the browser history.
0
 

Author Comment

by:lnwright
ID: 11988314
Thanks Squinky,

I am a newbie to PHP so can you give a little more detail?

Regards,


Lee.
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 11988424
Build the URL something like f0rdmustang suggests, then retrieve the contents of the page by saying:

$page = file_get_contents($url);

$page now contains whatever the URL returned to you. You can send this back to the original user by just saying:

header('Content-type: text/html');
echo($page);

Or alternatively, just pass the results straight from the server to the client by using:

readfile($url);

The upshot of this is that the client will see the pages from the remote server, but at the URL of your server.

Incidentally, normal syntax for a URL containing id and password handled by HTTP is:

https://user:password@www.example.com/index.php
0
 

Author Comment

by:lnwright
ID: 11988526
Thanks again Squinky,

Can I trouble you for a simple php code example.   I have set up a protected directory here:

https://aus.unlimited-space.com/~onlineac/test/

the username is "experts" and the pass is "exchange"

Thanks.
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 11990748
<?php
$username= 'experts';
$pass = 'exchange';
$url = "https://{$username}:{$pass}aus.unlimited-space.com/~onlineac/test/";
$page = file_get_contents($url);
//You can do what you like with the page contents in here
header('Content-type: text/html'); //this assumes that what was fetched was actually an HTML page and not something else
echo $page;
?>

Alternatively if you just want to pass the page through untouched:

<?php
$username= 'experts';
$pass = 'exchange';
$url = "https://{$username}:{$pass}aus.unlimited-space.com/~onlineac/test/";
readfile($url);
?>

Note that while you've retrieved this page over SSL, the link back to the client may not be secure.
0
 

Author Comment

by:lnwright
ID: 11992179
Thanks Squinky,

With the first one I get this error:

Warning: file_get_contents(https://experts:exchangeaus.unlimited-space.com/~onlineac/test/): failed to open stream: Invalid argument in C:\Inetpub\wwwroot\reports\PassUserAndPassword.php on line 5

Warning: Cannot modify header information - headers already sent by (output started at C:\Inetpub\wwwroot\reports\PassUserAndPassword.php:1) in C:\Inetpub\wwwroot\reports\PassUserAndPassword.php on line 7

I tried adding @ after the pass but still error

For the second I get this:

Warning: readfile(https://...@aus.unlimited-space.com/~onlineac/test/index.htm): failed to open stream: Invalid argument in C:\Inetpub\wwwroot\reports\PassUserAndPassword.php on line 5

Can you please advise.

0
 
LVL 5

Expert Comment

by:basiclife
ID: 11993251
As far as I can tell. everyone agrees with me. Post additional comments if you have any problems
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 11995020
It is just missing the @ - I don't know why putting it in didn't work for you. This script works fine for me (I get an MYOB page back?):

<?php
$username= 'experts';
$pass = 'exchange';
$url = "https://{$username}:{$pass}@aus.unlimited-space.com/~onlineac/test/";
$page = file_get_contents($url);
//You can do what you like with the page contents in here
header('Content-type: text/html'); //this assumes that what was fetched was actually an HTML page and not something else
echo $page;
?>

The second script had the same problem, I added an @, and it now works too:

<?php
$username= 'experts';
$pass = 'exchange';
$url = "https://{$username}:{$pass}@aus.unlimited-space.com/~onlineac/test/";
readfile($url);
?>

basiclife, this isn't what you suggested - there's no redirect happening here at all, nor should there be; It's really being a kind of dumb proxy.
0
 
LVL 5

Expert Comment

by:basiclife
ID: 12010154
Sorry, you're quite right - I`was in a rush last night and just scanned the 1st few answers. Please excuse my overbearing asshole attitude :D
0
 
LVL 5

Expert Comment

by:basiclife
ID: 12530411
Seems to me Squinky should get the points for this one
0
 

Author Comment

by:lnwright
ID: 12549633
Sorry forgot about this one.  Thanks for your comments guys.    I ended up not using this type of arrangement so I don't know which actually is the best but I will pick what I thought seemed the best answers.

Regards,


Lee.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question