FUDforum: comp.lang.php » Posting and redirecting to remote script

Home » Imported messages » comp.lang.php » Posting and redirecting to remote script

Show: Today's Messages :: Polls :: Message Navigator

Re: Posting and redirecting to remote script [message #173290 is a reply to message #173289]

Fri, 01 April 2011 19:54

Toxalot
Messages: 3
Registered: April 2011

Karma:

Junior Member

On Apr 1, 3:36 pm, Captain Paralytic <paul_laut...@yahoo.com> wrote:
> On Apr 1, 7:20 pm, Toxalot <toxa...@gmail.com> wrote:
>
>
>
>> My client has a subscribers only area which is written in PHP. Login
>> is through a form and sessions are tracked with cookies.
>
>> One of the client's subscribers has their own members only website.
>> The subscriber wants all their members to be able to access my
>> client's subscribers only area without having to provide a username
>> and password. The simplest way would be for the subscriber to put a
>> form button on their site that has the login info in hidden fields.
>> But that means any of their members could get the login details by
>> viewing the source. I don't know how savvy their members are, but I
>> don't like security through obscurity.
>
>> I had hoped to create a simple little script that the subscriber could
>> install that would post directly to my client's script and end up on
>> the client's site. But so far, it hasn't been as simple as I'd hoped.
>> All methods of posting to remote script keep the user on the same
>> site.
>
>> Any suggestions on how to handle this?
>
> The script could post the necessary login to your client's site and
> get a one time token returned. It could use this on a header location
> redirect to move the user to the other site. The other site would use
> the one time token to log them in and place the necessary cookie.

I think I understand what you're saying.

On client's site, I'd need
- new script/function to create token, store token in database, and
return token
- new script/function to check for valid tokens, delete token, and
then go on as per usual

On subscriber's site, I'd need
- script that posts login info using something like cURL, retrieves
token, then redirects with token in query string

Am I missing anything? Any tips or gotchas I should watch out for?

Report message to a moderator

[Message index]

		Posting and redirecting to remote script By: Toxalot on Fri, 01 April 2011 18:20
		Re: Posting and redirecting to remote script By: Captain Paralytic on Fri, 01 April 2011 18:36
		Re: Posting and redirecting to remote script By: Toxalot on Fri, 01 April 2011 19:54
		Re: Posting and redirecting to remote script By: Captain Paralytic on Fri, 01 April 2011 20:24
		Re: Posting and redirecting to remote script By: Twayne on Fri, 01 April 2011 23:02
		Re: Posting and redirecting to remote script By: Jerry Stuckle on Fri, 01 April 2011 23:30
		Re: Posting and redirecting to remote script By: Toxalot on Sat, 02 April 2011 12:35
		Re: Posting and redirecting to remote script By: Jerry Stuckle on Sat, 02 April 2011 12:44

Previous Topic:	writing php scripts for fastcgi environments
Next Topic:	mod_rewrite rule question

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Nov 22 05:52:55 GMT 2024

Total time taken to generate the page: 0.04783 seconds