Hi all,
I am almost new to PHP. I have stuck with an issue which is taking my hair off everyday.
Please help me.
I have a site, in which every user has a username and pasword. I need to integrate a messenger to this site.
Users can use the same user name and password of the site to login to the messenger also. ie, with single user name and password, users can login to the site and messenger as well.
In the site, there is a link "Messenger". When clinking this link, the users are supposed to be logged in to the
messenger(No more explicit login to this messenger) using the username and password that the user has already logged on the site.That is, the login to the messenger should be automatic, no external login to this messnger is allowed.
The site files and messenger files are in different server. I have access to both this files.
Because of the security problem, i cannot pass the username and pasoword as query string.
Summarizing the issue ,
User Login to the site(providin username and password) -> Clicking on Link 'Messenger' -> Messenger Popup appears ready to chat
If i am passing the user name and variable as folllows,
<a href = "www.xyzmessenger.com/login.php?user=tes ... ssenger</a>
the security issue arises.
Even if i pass it by encrypting, whoever sees the querystring in the address bar can easily use to login further.
How to do this with much security? How can i pass?What to pass?
I have access to re-write the code in messeneger/login.php............
PLEASE HELP ME.....
Login to a messeneger from a site
Moderator: General Moderators
Re: Login to a messeneger from a site
Um. If they are on different servers, how are you _not_ going to have an external login?subeeshkk wrote:no external login to this messnger is allowed.
...
The site files and messenger files are in different server. I have access to both this files.
That said, Instead of this:
Use POST instead of GET to send that data. Since you're going cross server, I have no idea how well that works, but POST doesn't show up in the address bar. Hope this helps.subeeshkk wrote:<a href = "www.xyzmessenger.com/login.php?user=tes ... ssenger</a>
Re: Login to a messeneger from a site
there are methods for doing this im pritty sure its called http_build_query or somthing simular
Re: Login to a messeneger from a site
Hi..Chalks wrote:Um. If they are on different servers, how are you _not_ going to have an external login?subeeshkk wrote:no external login to this messnger is allowed.
...
The site files and messenger files are in different server. I have access to both this files.
That said, Instead of this:Use POST instead of GET to send that data. Since you're going cross server, I have no idea how well that works, but POST doesn't show up in the address bar. Hope this helps.subeeshkk wrote:<a href = "www.xyzmessenger.com/login.php?user=tes ... ssenger</a>
Thanks for your time...but
Even if i use post, the query string will be there on the address bar..but in encrypted form..\
So..any guy who note this,a nd if copy and paste this..he can also log in without having any knowledge of user name and pasword..
So.how to make secure login?