Page 1 of 1

taking Values from Query String (CRITICAL)

Posted: Thu Jul 03, 2008 4:17 am
by dumlee
There is a website designed in .net and in Between After clicking on one link

we are using PHP Pages to be shown under IFRAME

Now the problem is User logs in using Dot Net Login Page
and when he clicks on the ifram link then he is again asked to login as both the systems are having
different login system

I have the solution for this :

that we will pass userid and pwd as query string but how to accept that data in php.

Please help.

Its urgent

If there is any other soln pls suggest.

Re: taking Values from Query String (CRITICAL)

Posted: Thu Jul 03, 2008 4:26 am
by kilermedia
Your solution is basically XML. You send/receive the data to and from using XML and pull it in and out using your dynamic flavor. What you will then need to do is find a way to authenticate both identically. That is pretty much the only way to use two different dynamic languages like PHP and ASP together without seriously bumping heads.

Re: taking Values from Query String (CRITICAL)

Posted: Thu Jul 03, 2008 4:43 am
by onion2k
kilermedia wrote:Your solution is basically XML. You send/receive the data to and from using XML and pull it in and out using your dynamic flavor. What you will then need to do is find a way to authenticate both identically. That is pretty much the only way to use two different dynamic languages like PHP and ASP together without seriously bumping heads.
Did you actually read your post? It's completely meaningless. Why the hell would you need XML for this? :crazy:

What I would do is have the .NET login update a one time authentication key in the database, then pass the key to the user in the src for the iframe, and then have the PHP script log the user in with it and delete it. Eg

.NET login updates 'authkey' in the user's record to "1234"
.NET creates iframe page with src of 'iframe.php?auth=1234'
User receives page
Their browser requests iframe.php?auth=1234
iframe.php runs, looks for user with 'authkey' of 1234 in the data (eg $_GET['authkey']).
If the key is found log the user in as normal and update their authkey to blank
If the key is not found send the user to a login page

It might also be a good idea to store a timestamp with the authkey and only let the user in if the timestamp is less than 10 seconds old (or whatever time limit works for your users).

(This assumes that the .NET system and the PHP share a database..)

Re: taking Values from Query String (CRITICAL)

Posted: Thu Jul 03, 2008 5:05 am
by dumlee
Database being used is different for both login Systems.

Pls Suggest What I can do ?

Re: taking Values from Query String (CRITICAL)

Posted: Thu Jul 03, 2008 6:29 am
by onion2k
In that case rather than setting some sort of authkey you'll need to pass the user details across using the URL. Encrypt them in a way that lets you encrypt the data in .NET and decrypt it again in PHP.

Just out of curiosity .. why are you maintaining two databases with the same user data in each? That's silly.

Re: taking Values from Query String (CRITICAL)

Posted: Thu Jul 03, 2008 6:55 am
by kilermedia
onion2k wrote:
kilermedia wrote:Your solution is basically XML. You send/receive the data to and from using XML and pull it in and out using your dynamic flavor. What you will then need to do is find a way to authenticate both identically. That is pretty much the only way to use two different dynamic languages like PHP and ASP together without seriously bumping heads.
Did you actually read your post? It's completely meaningless. Why the hell would you need XML for this? :crazy:

What I would do is have the .NET login update a one time authentication key in the database, then pass the key to the user in the src for the iframe, and then have the PHP script log the user in with it and delete it. Eg

.NET login updates 'authkey' in the user's record to "1234"
.NET creates iframe page with src of 'iframe.php?auth=1234'
User receives page
Their browser requests iframe.php?auth=1234
iframe.php runs, looks for user with 'authkey' of 1234 in the data (eg $_GET['authkey']).
If the key is found log the user in as normal and update their authkey to blank
If the key is not found send the user to a login page

It might also be a good idea to store a timestamp with the authkey and only let the user in if the timestamp is less than 10 seconds old (or whatever time limit works for your users).

(This assumes that the .NET system and the PHP share a database..)
Hmmm, meaningless...why? IT WORKS...and for a fact is one of the exact reasons why XML was developed in the first place! And with less (no) security and design flaws than your big method here. And thanks for flaming a new guy here Mr. Mod. Have fun.

Re: taking Values from Query String (CRITICAL)

Posted: Thu Jul 03, 2008 9:04 am
by onion2k
kilermedia wrote:Hmmm, meaningless...why? IT WORKS...and for a fact is one of the exact reasons why XML was developed in the first place! And with less (no) security and design flaws than your big method here. And thanks for flaming a new guy here Mr. Mod. Have fun.
It wouldn't work in this instance because the OP isn't in a position to pass an XML file anywhere. I guess he could save it to the server and then have the PHP script grab it ... but what benefit would XML have in doing that? He could use a normal text file and avoid the overhead of firing up an XML parser.

If you think you're right then explain your solution in a bit more detail than "use xml".