My question should be simple - and I consider myself as an average programmer, and have done quite a few things with php. I have spent 7 hours looking for this on forums, but just can not see how to do it. I want to simply use the url http://www.mysite.com?password=abc&name=paul&age=25 etc. - something to do with http request or something. I know if I type it in the url it works, I also know I can send a form and pick it up with php. I can even do it myself by POSTing the form and using php to pick it all up using POST or GET and this is no problem. Everything is great except for this one thing. What I need to know is what command will ensure nobody ever sees certain parts of this http request thing. Ie password=abc needs to never be seen - as would cause security problems. I know using POST will hide from the url, but if I did in a html form, you could view source and it can all be seen before sending. Ideally you will tell me to simply POST form to a php script and php script will tag on certain extra things to the end. (ie so it is secure)
Or even better something like
<?php
HTTP POST 'http://www.url.com?a=password';
?>
would simply open http://www.url.com with the password thing as though it was hidden and because in php would not show in the view source. I could then add variables together and use
<?php
HTTP POST $variable;
?>
how easy would that be!
My php would be great, anybody could do it! But I'm sure it wont be this simple, never normally is. It would simply do the job of the javascript location.href but nobody would ever see the ?a=password.
Please answer as basic as possible. A reply like "simple use the http:request command" would go over my head - ideally I would appreciate a working few lines of code. I'm not being lazy, I have looked everywhere and got so many answers, they just dont work.
Thanks.
Should Be Simple And Quick - But I Just Cant Do It
Moderator: General Moderators
-
johnsmith153
- Forum Newbie
- Posts: 10
- Joined: Thu Feb 14, 2008 6:53 am
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Should Be Simple And Quick - But I Just Cant Do It
If you want the data sent in a request to be secure you need to use SSL and the HTTPS protocol. Your webserver needs to be configured properly and then all you need to do is specify URLs like: https://www.url.com?a=password
(#10850)
-
johnsmith153
- Forum Newbie
- Posts: 10
- Joined: Thu Feb 14, 2008 6:53 am
Re: Should Be Simple And Quick - But I Just Cant Do It
I know what you mean. But I mean a different kind of secure. I mean so the user can't view source and see the password details.
I know what you mean, if it was the logged in user's passwords, it wouldn't matter if he saw it, but this variable needs to be passed without the user seeing it.
I know what you mean, if it was the logged in user's passwords, it wouldn't matter if he saw it, but this variable needs to be passed without the user seeing it.
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Should Be Simple And Quick - But I Just Cant Do It
I'm not sure what you mean. The user can't view the source of a PHP script. I'm confused?
(#10850)
Re: Should Be Simple And Quick - But I Just Cant Do It
I think you need to look into using sessions for user authentication. That way the user logs in once and the password is only sent over the wire once.
-
johnsmith153
- Forum Newbie
- Posts: 10
- Joined: Thu Feb 14, 2008 6:53 am
Re: Should Be Simple And Quick - But I Just Cant Do It
Everyone has the wrong idea. Sorry, must be my fault. Nothing to do with sessions or secure login.
Imagine I wanted, for example, to send a http request:
http://www.mobileSMSprovider.com/sendSM ... 7900123456
http://www.mobileSMSprovider.com (not real) is a company I would use to provide me with SMS texting services
yourusername=mycompany is my username given to me by the http://www.mobileSMSprovider.com and obviously must only be known by me
yourpassword=elephant is my paassword given by http://www.mobilsSMSprovider.com
On my site, when someone has signed up, I then send a http request to the above url, which logs in to my secure account with the above company and sends the message.
Imagine just going into the url and typing above, it would send a message everytime, and anyone would be able to send free messages on my account.
What I want to do is do it so I can send a http request without the user ever seeing the important parts of the url. So obviously they can see the message bit, but not the password as they could log into my account anytime.
Obviously, you could do a html form and submit with your password as a hidden field, then POST the form, but users could view source and get it.
I have searched everything on the internet - something called cURL?, I even tried simply using the php header command but POSTing
A php form would do the trick if there is such a thing, because as mentioned in a forum reply, you can not view source on php.
I thought I made myself clear with this, but as I am only an average programmer it must be my fault. Sorry, but I hope this is now clear, and thanks a lot for the replies so far. Remember it is nothing to do with logging in, session cookies or sending secure https data to prevent hacking.
Thanks.
Imagine I wanted, for example, to send a http request:
http://www.mobileSMSprovider.com/sendSM ... 7900123456
http://www.mobileSMSprovider.com (not real) is a company I would use to provide me with SMS texting services
yourusername=mycompany is my username given to me by the http://www.mobileSMSprovider.com and obviously must only be known by me
yourpassword=elephant is my paassword given by http://www.mobilsSMSprovider.com
On my site, when someone has signed up, I then send a http request to the above url, which logs in to my secure account with the above company and sends the message.
Imagine just going into the url and typing above, it would send a message everytime, and anyone would be able to send free messages on my account.
What I want to do is do it so I can send a http request without the user ever seeing the important parts of the url. So obviously they can see the message bit, but not the password as they could log into my account anytime.
Obviously, you could do a html form and submit with your password as a hidden field, then POST the form, but users could view source and get it.
I have searched everything on the internet - something called cURL?, I even tried simply using the php header command but POSTing
A php form would do the trick if there is such a thing, because as mentioned in a forum reply, you can not view source on php.
I thought I made myself clear with this, but as I am only an average programmer it must be my fault. Sorry, but I hope this is now clear, and thanks a lot for the replies so far. Remember it is nothing to do with logging in, session cookies or sending secure https data to prevent hacking.
Thanks.
Re: Should Be Simple And Quick - But I Just Cant Do It
cURL is most likely what you are looking for.
You can POST data to the website like you are asking.
This is all going to happen on the server end, so if you get a cookie from the website it will be set on the server, and not on the client. (If the post logs you in or something)
You can POST data to the website like you are asking.
This is all going to happen on the server end, so if you get a cookie from the website it will be set on the server, and not on the client. (If the post logs you in or something)