Login to a messeneger from a site

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
subeeshkk
Forum Newbie
Posts: 3
Joined: Thu Jan 31, 2008 2:19 am

Login to a messeneger from a site

Post by subeeshkk »

Hi all,

I am almost new to PHP. I have stuck with an issue which is taking my hair off everyday.
Please help me.

I have a site, in which every user has a username and pasword. I need to integrate a messenger to this site.
Users can use the same user name and password of the site to login to the messenger also. ie, with single user name and password, users can login to the site and messenger as well.

In the site, there is a link "Messenger". When clinking this link, the users are supposed to be logged in to the
messenger(No more explicit login to this messenger) using the username and password that the user has already logged on the site.That is, the login to the messenger should be automatic, no external login to this messnger is allowed.

The site files and messenger files are in different server. I have access to both this files.

Because of the security problem, i cannot pass the username and pasoword as query string.
Summarizing the issue ,

User Login to the site(providin username and password) -> Clicking on Link 'Messenger' -> Messenger Popup appears ready to chat

If i am passing the user name and variable as folllows,

<a href = "www.xyzmessenger.com/login.php?user=tes ... ssenger</a>

the security issue arises.

Even if i pass it by encrypting, whoever sees the querystring in the address bar can easily use to login further.

How to do this with much security? How can i pass?What to pass?

I have access to re-write the code in messeneger/login.php............

PLEASE HELP ME.....
User avatar
Chalks
Forum Contributor
Posts: 447
Joined: Thu Jul 12, 2007 7:55 am
Location: Indiana

Re: Login to a messeneger from a site

Post by Chalks »

subeeshkk wrote:no external login to this messnger is allowed.
...
The site files and messenger files are in different server. I have access to both this files.
Um. If they are on different servers, how are you _not_ going to have an external login?

That said, Instead of this:
Use POST instead of GET to send that data. Since you're going cross server, I have no idea how well that works, but POST doesn't show up in the address bar. Hope this helps.
anto91
Forum Commoner
Posts: 58
Joined: Mon Mar 10, 2008 10:59 am
Location: Sweden

Re: Login to a messeneger from a site

Post by anto91 »

there are methods for doing this im pritty sure its called http_build_query or somthing simular
subeeshkk
Forum Newbie
Posts: 3
Joined: Thu Jan 31, 2008 2:19 am

Re: Login to a messeneger from a site

Post by subeeshkk »

Chalks wrote:
subeeshkk wrote:no external login to this messnger is allowed.
...
The site files and messenger files are in different server. I have access to both this files.
Um. If they are on different servers, how are you _not_ going to have an external login?

That said, Instead of this:
Use POST instead of GET to send that data. Since you're going cross server, I have no idea how well that works, but POST doesn't show up in the address bar. Hope this helps.
Hi..
Thanks for your time...but
Even if i use post, the query string will be there on the address bar..but in encrypted form..\
So..any guy who note this,a nd if copy and paste this..he can also log in without having any knowledge of user name and pasword..
So.how to make secure login?
Post Reply