send login information to remote php page using headers?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jihnd
Forum Newbie
Posts: 1
Joined: Sat Jul 05, 2008 7:03 am

send login information to remote php page using headers?

Post by jihnd »

hi,

I'm developing a cms using filemaker pro and a php plugin which allows me execute php code from within the database (scodigo - its great, check it out!). My problem is, i want to be able to update a mysql database on the webserver from within filemaker, ie, a local machine. the web hosts say basically the only way to get in is via ssh, or a web page hosted on teir servers. currently the cluent uses a web-based cms, with a basic login. so i was wondering if i could send login information as a header, along with the database update fields as headers across to the existing cms, or more likely, a custom one i write on the webserver, to update the database?

i've done this in java, but not very experienced in php, so was looking for some hints - or am i going about this assbackwards and is there a better way?

cheers for reading!

gina
crmalibu
Forum Newbie
Posts: 5
Joined: Sat Jul 05, 2008 12:53 am

Re: send login information to remote php page using headers?

Post by crmalibu »

You could write a script on the server which has access to the database, and send commands to it.

For example, let it accept arguments via http post, and then it runs the query on the database. You would want to protect this well though. Definately password protect it, and if your local computer has a static ip address, make this script reject any posts from different ip's for added protection. Consider making this script connect to the database with a different user which has the bare minimum privledges needed. While you could submit an entire sql query, you might consider some predefined querys, and only post the arguments to the query. This may limit the damage the script could do in the event it got compromised. eg

Code: Select all

 
// authenticate user/connection here...
 
 
// instead of
mysql_query($_POST['sql']);
 
// do something like this
switch ($_POST['action']) {
    case 'delete_record':
        $format = "delete from foo where id = %d";
        $sql = sprintf($format, (int) $_POST['id']);
        mysql_query($sql);
        break;
    case 'update_username':
        $format = "update foo set username = '%s' where id = %d";
        $sql = sprintf($format, mysql_real_escape_String($_POST['username']), (int) $_POST['id']);
        mysql_query($sql);
        break;
}
 
As for the script which runs locally and sends the commands to the server, you can construct http post requests pretty easily using a few ways. You can use curl, or fsockopen(), or even fopen() with stream_context_create().
Post Reply