FUDforum: comp.lang.php » Posting and redirecting to remote script

Home » Imported messages » comp.lang.php » Posting and redirecting to remote script

Show: Today's Messages :: Polls :: Message Navigator

Re: Posting and redirecting to remote script [message #173291 is a reply to message #173290]

Fri, 01 April 2011 20:24

Captain Paralytic
Messages: 204
Registered: September 2010

Karma:

Senior Member

On Apr 1, 8:54 pm, Toxalot <toxa...@gmail.com> wrote:
> On Apr 1, 3:36 pm, Captain Paralytic <paul_laut...@yahoo.com> wrote:
>
>
>
>
>
>> On Apr 1, 7:20 pm, Toxalot <toxa...@gmail.com> wrote:
>
>>> My client has a subscribers only area which is written in PHP. Login
>>> is through a form and sessions are tracked with cookies.
>
>>> One of the client's subscribers has their own members only website.
>>> The subscriber wants all their members to be able to access my
>>> client's subscribers only area without having to provide a username
>>> and password. The simplest way would be for the subscriber to put a
>>> form button on their site that has the login info in hidden fields.
>>> But that means any of their members could get the login details by
>>> viewing the source. I don't know how savvy their members are, but I
>>> don't like security through obscurity.
>
>>> I had hoped to create a simple little script that the subscriber could
>>> install that would post directly to my client's script and end up on
>>> the client's site. But so far, it hasn't been as simple as I'd hoped.
>>> All methods of posting to remote script keep the user on the same
>>> site.
>
>>> Any suggestions on how to handle this?
>
>> The script could post the necessary login to your client's site and
>> get a one time token returned. It could use this on a header location
>> redirect to move the user to the other site. The other site would use
>> the one time token to log them in and place the necessary cookie.
>
> I think I understand what you're saying.
>
> On client's site, I'd need
> - new script/function to create token, store token in database, and
> return token
> - new script/function to check for valid tokens, delete token, and
> then go on as per usual
>
> On subscriber's site, I'd need
> - script that posts login info using something like cURL, retrieves
> token, then redirects with token in query string
>
> Am I missing anything? Any tips or gotchas I should watch out for?

That's pretty much it.

You could also have a time limit on the token.

I'm sure that there are lots of other ways, for instance using an
openid, but this sounds like it fits with the ideas you were already
thinking of.

Report message to a moderator

[Message index]

		Posting and redirecting to remote script By: Toxalot on Fri, 01 April 2011 18:20
		Re: Posting and redirecting to remote script By: Captain Paralytic on Fri, 01 April 2011 18:36
		Re: Posting and redirecting to remote script By: Toxalot on Fri, 01 April 2011 19:54
		Re: Posting and redirecting to remote script By: Captain Paralytic on Fri, 01 April 2011 20:24
		Re: Posting and redirecting to remote script By: Twayne on Fri, 01 April 2011 23:02
		Re: Posting and redirecting to remote script By: Jerry Stuckle on Fri, 01 April 2011 23:30
		Re: Posting and redirecting to remote script By: Toxalot on Sat, 02 April 2011 12:35
		Re: Posting and redirecting to remote script By: Jerry Stuckle on Sat, 02 April 2011 12:44

Previous Topic:	writing php scripts for fastcgi environments
Next Topic:	mod_rewrite rule question

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Wed Nov 27 03:45:45 GMT 2024

Total time taken to generate the page: 0.05121 seconds