i have this code

<?
/* Download google.com pretending to be refered by yahoo.com */
$hc        = new eHttpClient();
$hc->setReferer("http://www.x1.com/");
$html        = $hc->get("http://www.x2.com/?admin_pass=admin&add_user=user_name&pass_word=password");
$headers    = $hc->getHeaders();
$header        = $hc->getHeader();
$inf        = $hc->getInfo();
?>

how can i make php to do something like this

if on x2.com html source php finds: 88_user_avaible_88
i want to php to show : Now you are registered ( and if i'm not asking to much , if it's posible in AJAX )
and it's a security breech if the user can see the url ( i mean http://www.x2.com/?admin_pass=admin&add_user=user_name&pass_word=password )


thank you for reading this question :)

Why should the user see the password when you access the data via PHP? Do you want to thank thet website by writing "Data from ...&password=unknown"? If not then the user doesn't see anything at all.

The PHP-Script on x2.com only needs to say "okay" or "incorrect". When accessing "okay" on your first server, then you know that the userdata where okay. Save it with Session of Cookie.

thank you for your reply
but i forgot to say that i'm noob (dumie,beginner) in php
so can you write a code for me ?:twisted:

wow, talking about asking for a handout .... I'll pass

There are security breeches all over the place here as you are wanting to send a password through an insecure connection (http NOT https). So not showing the url is not helping or hurting.

@jstorz: Every normal forum uses an insecure HTTP-connection when loggin in. Often the password is even saved uncrypted in a cookie. So when sending the password via HTTP it's not insecurer than any other website.

@cybernet: Of course you can use https. There should be an openSSL-module for PHP that you can use to crypt your request.
The problem with SSL is you need a certificate that costs you some bucks. What I do to get around is to crypt usernames and passwords with RSA or MD5. RSA can be written easily (see wikipedia for details) and MD5 is already included in PHP.

So what you do:
Page one (requester) crypts the data and sends it via HTTP to page 2. Page 2 decrypts data and looks if data are correct. If yes it just have to echo "correct". You 1st page reads "correct" and knows that the user is logged-in.

This article has been dead for over six months. Start a new discussion instead.