taking Values from Query String (CRITICAL)

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dumlee
Forum Commoner
Posts: 33
Joined: Mon Jun 30, 2008 12:06 am

taking Values from Query String (CRITICAL)

Post by dumlee »

There is a website designed in .net and in Between After clicking on one link

we are using PHP Pages to be shown under IFRAME

Now the problem is User logs in using Dot Net Login Page
and when he clicks on the ifram link then he is again asked to login as both the systems are having
different login system

I have the solution for this :

that we will pass userid and pwd as query string but how to accept that data in php.

Please help.

Its urgent

If there is any other soln pls suggest.
kilermedia
Forum Newbie
Posts: 7
Joined: Wed Jul 02, 2008 11:00 pm
Location: California, USA

Re: taking Values from Query String (CRITICAL)

Post by kilermedia »

Your solution is basically XML. You send/receive the data to and from using XML and pull it in and out using your dynamic flavor. What you will then need to do is find a way to authenticate both identically. That is pretty much the only way to use two different dynamic languages like PHP and ASP together without seriously bumping heads.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: taking Values from Query String (CRITICAL)

Post by onion2k »

kilermedia wrote:Your solution is basically XML. You send/receive the data to and from using XML and pull it in and out using your dynamic flavor. What you will then need to do is find a way to authenticate both identically. That is pretty much the only way to use two different dynamic languages like PHP and ASP together without seriously bumping heads.
Did you actually read your post? It's completely meaningless. Why the hell would you need XML for this? :crazy:

What I would do is have the .NET login update a one time authentication key in the database, then pass the key to the user in the src for the iframe, and then have the PHP script log the user in with it and delete it. Eg

.NET login updates 'authkey' in the user's record to "1234"
.NET creates iframe page with src of 'iframe.php?auth=1234'
User receives page
Their browser requests iframe.php?auth=1234
iframe.php runs, looks for user with 'authkey' of 1234 in the data (eg $_GET['authkey']).
If the key is found log the user in as normal and update their authkey to blank
If the key is not found send the user to a login page

It might also be a good idea to store a timestamp with the authkey and only let the user in if the timestamp is less than 10 seconds old (or whatever time limit works for your users).

(This assumes that the .NET system and the PHP share a database..)
dumlee
Forum Commoner
Posts: 33
Joined: Mon Jun 30, 2008 12:06 am

Re: taking Values from Query String (CRITICAL)

Post by dumlee »

Database being used is different for both login Systems.

Pls Suggest What I can do ?
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: taking Values from Query String (CRITICAL)

Post by onion2k »

In that case rather than setting some sort of authkey you'll need to pass the user details across using the URL. Encrypt them in a way that lets you encrypt the data in .NET and decrypt it again in PHP.

Just out of curiosity .. why are you maintaining two databases with the same user data in each? That's silly.
kilermedia
Forum Newbie
Posts: 7
Joined: Wed Jul 02, 2008 11:00 pm
Location: California, USA

Re: taking Values from Query String (CRITICAL)

Post by kilermedia »

onion2k wrote:
kilermedia wrote:Your solution is basically XML. You send/receive the data to and from using XML and pull it in and out using your dynamic flavor. What you will then need to do is find a way to authenticate both identically. That is pretty much the only way to use two different dynamic languages like PHP and ASP together without seriously bumping heads.
Did you actually read your post? It's completely meaningless. Why the hell would you need XML for this? :crazy:

What I would do is have the .NET login update a one time authentication key in the database, then pass the key to the user in the src for the iframe, and then have the PHP script log the user in with it and delete it. Eg

.NET login updates 'authkey' in the user's record to "1234"
.NET creates iframe page with src of 'iframe.php?auth=1234'
User receives page
Their browser requests iframe.php?auth=1234
iframe.php runs, looks for user with 'authkey' of 1234 in the data (eg $_GET['authkey']).
If the key is found log the user in as normal and update their authkey to blank
If the key is not found send the user to a login page

It might also be a good idea to store a timestamp with the authkey and only let the user in if the timestamp is less than 10 seconds old (or whatever time limit works for your users).

(This assumes that the .NET system and the PHP share a database..)
Hmmm, meaningless...why? IT WORKS...and for a fact is one of the exact reasons why XML was developed in the first place! And with less (no) security and design flaws than your big method here. And thanks for flaming a new guy here Mr. Mod. Have fun.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: taking Values from Query String (CRITICAL)

Post by onion2k »

kilermedia wrote:Hmmm, meaningless...why? IT WORKS...and for a fact is one of the exact reasons why XML was developed in the first place! And with less (no) security and design flaws than your big method here. And thanks for flaming a new guy here Mr. Mod. Have fun.
It wouldn't work in this instance because the OP isn't in a position to pass an XML file anywhere. I guess he could save it to the server and then have the PHP script grab it ... but what benefit would XML have in doing that? He could use a normal text file and avoid the overhead of firing up an XML parser.

If you think you're right then explain your solution in a bit more detail than "use xml".
Post Reply