FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Posting and redirecting to remote script
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Posting and redirecting to remote script [message #173290 is a reply to message #173289] Fri, 01 April 2011 19:54 Go to previous messageGo to previous message
Toxalot is currently offline  Toxalot
Messages: 3
Registered: April 2011
Karma:
Junior Member
On Apr 1, 3:36 pm, Captain Paralytic <paul_laut...@yahoo.com> wrote:
> On Apr 1, 7:20 pm, Toxalot <toxa...@gmail.com> wrote:
>
>
>
>> My client has a subscribers only area which is written in PHP. Login
>> is through a form and sessions are tracked with cookies.
>
>> One of the client's subscribers has their own members only website.
>> The subscriber wants all their members to be able to access my
>> client's subscribers only area without having to provide a username
>> and password. The simplest way would be for the subscriber to put a
>> form button on their site that has the login info in hidden fields.
>> But that means any of their members could get the login details by
>> viewing the source. I don't know how savvy their members are, but I
>> don't like security through obscurity.
>
>> I had hoped to create a simple little script that the subscriber could
>> install that would post directly to my client's script and end up on
>> the client's site. But so far, it hasn't been as simple as I'd hoped.
>> All methods of posting to remote script keep the user on the same
>> site.
>
>> Any suggestions on how to handle this?
>
> The script could post the necessary login to your client's site and
> get a one time token returned. It could use this on a header location
> redirect to move the user to the other site. The other site would use
> the one time token to log them in and place the necessary cookie.

I think I understand what you're saying.

On client's site, I'd need
- new script/function to create token, store token in database, and
return token
- new script/function to check for valid tokens, delete token, and
then go on as per usual

On subscriber's site, I'd need
- script that posts login info using something like cURL, retrieves
token, then redirects with token in query string

Am I missing anything? Any tips or gotchas I should watch out for?
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: writing php scripts for fastcgi environments
Next Topic: mod_rewrite rule question
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 05:53:29 GMT 2024

Total time taken to generate the page: 0.04360 seconds