•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 375,229 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,266 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 524 | Replies: 5
 |
•
•
Join Date: May 2008
Posts: 3
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
i have this code
how can i make php to do something like this
if on x2.com html source php finds: 88_user_avaible_88
i want to php to show : Now you are registered ( and if i'm not asking to much , if it's posible in AJAX )
and it's a security breech if the user can see the url ( i mean http://www.x2.com/?admin_pass=admin&..._word=password )
thank you for reading this question
<?
/* Download google.com pretending to be refered by yahoo.com */
$hc = new eHttpClient();
$hc->setReferer("http://www.x1.com/");
$html = $hc->get("http://www.x2.com/?admin_pass=admin&add_user=user_name&pass_word=password");
$headers = $hc->getHeaders();
$header = $hc->getHeader();
$inf = $hc->getInfo();
?> how can i make php to do something like this
if on x2.com html source php finds: 88_user_avaible_88
i want to php to show : Now you are registered ( and if i'm not asking to much , if it's posible in AJAX )
and it's a security breech if the user can see the url ( i mean http://www.x2.com/?admin_pass=admin&..._word=password )
thank you for reading this question
Last edited by cybernet : May 2nd, 2008 at 2:48 pm.
•
•
Join Date: Aug 2005
Location: Cologne, Germany
Posts: 93
Reputation:
Rep Power: 3
Solved Threads: 8
Junior Poster in Training
Why should the user see the password when you access the data via PHP? Do you want to thank thet website by writing "Data from ...&password=unknown"? If not then the user doesn't see anything at all.
The PHP-Script on x2.com only needs to say "okay" or "incorrect". When accessing "okay" on your first server, then you know that the userdata where okay. Save it with Session of Cookie.
The PHP-Script on x2.com only needs to say "okay" or "incorrect". When accessing "okay" on your first server, then you know that the userdata where okay. Save it with Session of Cookie.
•
•
Join Date: May 2008
Posts: 3
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
thank you for your reply
but i forgot to say that i'm noob (dumie,beginner) in php
so can you write a code for me ?
but i forgot to say that i'm noob (dumie,beginner) in php
so can you write a code for me ?
•
•
Join Date: May 2008
Posts: 6
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
wow, talking about asking for a handout .... I'll pass
There are security breeches all over the place here as you are wanting to send a password through an insecure connection (http NOT https). So not showing the url is not helping or hurting.
There are security breeches all over the place here as you are wanting to send a password through an insecure connection (http NOT https). So not showing the url is not helping or hurting.
•
•
Join Date: May 2008
Posts: 3
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
it can be made by https to
does it change something ?
does it change something ?
•
•
Join Date: Aug 2005
Location: Cologne, Germany
Posts: 93
Reputation:
Rep Power: 3
Solved Threads: 8
Junior Poster in Training
@jstorz: Every normal forum uses an insecure HTTP-connection when loggin in. Often the password is even saved uncrypted in a cookie. So when sending the password via HTTP it's not insecurer than any other website.
@cybernet: Of course you can use https. There should be an openSSL-module for PHP that you can use to crypt your request.
The problem with SSL is you need a certificate that costs you some bucks. What I do to get around is to crypt usernames and passwords with RSA or MD5. RSA can be written easily (see wikipedia for details) and MD5 is already included in PHP.
So what you do:
Page one (requester) crypts the data and sends it via HTTP to page 2. Page 2 decrypts data and looks if data are correct. If yes it just have to echo "correct". You 1st page reads "correct" and knows that the user is logged-in.
@cybernet: Of course you can use https. There should be an openSSL-module for PHP that you can use to crypt your request.
The problem with SSL is you need a certificate that costs you some bucks. What I do to get around is to crypt usernames and passwords with RSA or MD5. RSA can be written easily (see wikipedia for details) and MD5 is already included in PHP.
So what you do:
Page one (requester) crypts the data and sends it via HTTP to page 2. Page 2 decrypts data and looks if data are correct. If yes it just have to echo "correct". You 1st page reads "correct" and knows that the user is logged-in.
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb PHP Marketplace
Linear Mode
Similar Threads
- Wireless Desktop Card has Great strength, but won't connect!!!!! (Networking Hardware Configuration)
- Installing CURL - Error (*nix Software)
- Introducing EchoQuiet (Community Introductions)
- DLL problem (C++)
- RegEx Error Help (PHP)
- Help needed to integrate outlook calendar (PHP)
- I need a CURL Book (PHP)
- Where we can use curl ? (PHP)
- Dynamic Include (PHP)
- Please help with email form script (PHP)
Other Threads in the PHP Forum
- Previous Thread: Error: Data truncated for column 'COLUMN' at row X
- Next Thread: php safe_mode = off
