Guest Posted February 18, 2006 Posted February 18, 2006 I am in need of a way to send the userid/password combo through a link to another login script on a different website in a secure manner. I want to have the script read the userid and password from the users cookie and pass it along like the way a form is sent. If anyone has the time to help me or at least get me in the right direction I would greatly appreciate it.
dave111 Posted February 18, 2006 Posted February 18, 2006 Is the other script hosted on the same server?
Guest Posted February 18, 2006 Posted February 18, 2006 no, and it is an asp login script. I was hoping that there was a way to just send the userid and password (encrypted) to it using POST or something...
Guest Posted February 18, 2006 Posted February 18, 2006 SO I have this code but I dont understand why it isnt posting to the other sites login box. I used $customers_id and it entered the number into the username box but I need it to enter the email address. Then I have to find a way to get the password to post to the form and submit it automatically ($password isnt working I guess) Any ideas? <input type="hidden" name="txtlogin" value="<?php echo ($HTTP_POST_VARS['email_address']) ?>" /> <input type="hidden" name="txtpword" value="<?php echo $password ?>" />
Guest Posted February 18, 2006 Posted February 18, 2006 I got it to submit it to the form but now need to figure out how secure it is, In the top of my page I have:: tep_session_register('email_address'); tep_session_register('password'); And then for the form I have: <form name="Form1" method="post" action="http://www.myserver.org/login.asp" id="Form1"> <input type="hidden" name="txtlogin" value="<?php echo $email_address ?>" /> <input type="hidden" name="txtpword" value="<?php echo $password ?>" /> <input type="submit" name="btnlogin" value="login" id="btnlogin" class="textbox" /> </form> Is it secure enough to do it this way? Are there more secure ways of passing the userid/password to a script on a seperate server?
dave111 Posted February 19, 2006 Posted February 19, 2006 There is no way to send the password like this, because the password is stored in MD5 encryption. Meaning in the Database all the passwords just look like 120940SL304812:42 (You get the idea). When someone enters there password it encrypts what they entered and compares it to the MD5 in the DB. So if you pull the users Password from the database it would be in MD5 format, and thus no good to you.
Guest Posted February 19, 2006 Posted February 19, 2006 Right, I just realized this.. Thought I had a solution. Anyway, do you have any idea how I can auto login to the other site? It is on another server and the login is written in ASP. They both use MySql databases, I just need to sync the login procedure. I really thought I could do it this way with cookies but I guess not. What if the other database stored the passwords using md5? Would they match?
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.