0

I want to send data from one php file to other php file to authenticate a user . None of them can be html files . And I cant send it as header as it appears in the url . Plz give me some suggestions.

Dan Grossman
  • 51,866
  • 10
  • 112
  • 101
Nitish
  • 2,695
  • 9
  • 53
  • 88
  • 1
    I think you need to expand your question a little. Are these files on the same server? What's in the files? – 93196.93 Jul 27 '11 at 07:56
  • @Matt Files in the same server,same directory . One file contains authentication information(username,password etc ) and the other file will verify the information . And I can't embed the two files – Nitish Jul 27 '11 at 07:58
  • Is the authentication information (usernames, passwords) stored as an array? – 93196.93 Jul 27 '11 at 08:01
  • If the userz cant be html files, cant they use HTTP protocol, e.g. `$_POST` or `$_SESSION`? and redirectionz? :) – takeshin Jul 27 '11 at 08:10

3 Answers3

4

You can use CURL for this, to send a secure POST request, even if the receiver script is on another server. That will not expose anything in the URL, however Firebug may be able to see the request. To get around this, simply make sure that your auth key and the password that is being sent, are hashed.

Something like this (untested)

Here is the sender script

<?php

///// Sender.php ///////

//Set up some vars
$url = 'http://domain.com/Receiver.php';

$user = 'someusername';
$pw = 'somepassword';
$auth_key = 'YourSecretAuthKey';

$fields = array(
            'auth'=>urlencode($auth_key),
            'user'=>urlencode($user),
            'pw'=>urlencode($pw)
        );

// Init. string
$fields_string = '';
// URL-ify stuff
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string,'&');

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);

//execute post
$result = curl_exec($ch);

//close connection
curl_close($ch);


?>

And the receiver script:

<?php

////// Receiver.php //////

if(!isset($_POST['authkey']))die('Error: No Auth Key');
if(!isset($_POST['user']))die('Error: No Username!');
if(!isset($_POST['pw']))die('Error: No password!');

$auth_key = $_POST['auth'];
$correct_authkey = 'YourSecretKey';

if($auth_key!=$correct_authkey)die('WRONG AUTH KEY!!!!');

$user = $_POST['user'];
$pw = $_POST['pw'];

//// Here you can process your username and password

?>

A POST request is pretty secure, but if you are handling crucial information, you could always hash the auth key and password. Hope this helps.

Jeff
  • 12,085
  • 12
  • 82
  • 152
0

Encrypt or hash the authentication data and send as part of the POST body or in the URL. On the receiving end, look at $_POST or $_GET.

Dan Grossman
  • 51,866
  • 10
  • 112
  • 101
0

You need to include the auth information into the other file thusly:

<?php
require_once('authentication_infomation.php');
doTheAuthentication($authentication_information);
?>

See:

http://se.php.net/manual/en/function.require-once.php

For more information.

93196.93
  • 2,601
  • 1
  • 19
  • 17
  • `And I can't embed the two files` - OP's comment on his OP. :) – Jeff Jul 27 '11 at 08:17
  • @Jeff I may have misunderstood that comment. I assumed OP was unable to embed the files due to being unaware of how to do it. – 93196.93 Jul 27 '11 at 08:18