cURL question

Question

cybernet 0 Newbie Poster

16 Years Ago

i have this code

<?
/* Download google.com pretending to be refered by yahoo.com */
$hc        = new eHttpClient();
$hc->setReferer("http://www.x1.com/");
$html        = $hc->get("http://www.x2.com/?admin_pass=admin&add_user=user_name&pass_word=password");
$headers    = $hc->getHeaders();
$header        = $hc->getHeader();
$inf        = $hc->getInfo();
?>

how can i make php to do something like this

if on x2.com html source php finds: 88_user_avaible_88
i want to php to show : Now you are registered ( and if i'm not asking to much , if it's posible in AJAX )
and it's a security breech if the user can see the url ( i mean http://www.x2.com/?admin_pass=admin&add_user=user_name&pass_word=password )

thank you for reading this question :)

php

3 Contributors
5 Replies
131 Views
1 Week Discussion Span
Latest Post 16 Years Ago Latest Post by sDJh

sDJh 39 Posting Whiz in Training

16 Years Ago

Why should the user see the password when you access the data via PHP? Do you want to thank thet website by writing "Data from ...&password=unknown"? If not then the user doesn't see anything at all.

The PHP-Script on x2.com only needs to say "okay" or "incorrect". When accessing "okay" on your first server, then you know that the userdata where okay. Save it with Session of Cookie.

jstorz 0 Newbie Poster

16 Years Ago

wow, talking about asking for a handout .... I'll pass

There are security breeches all over the place here as you are wanting to send a password through an insecure connection (http NOT https). So not showing the url is not helping or hurting.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

cybernet 0 Newbie Poster · Answer 1 · 2008-05-04T01:34:56+00:00

thank you for your reply
but i forgot to say that i'm noob (dumie,beginner) in php
so can you write a code for me ?:twisted:

cybernet 0 Newbie Poster · Answer 2 · 2008-05-12T02:40:10+00:00

it can be made by https to

does it change something ?

sDJh 39 Posting Whiz in Training · Answer 3 · 2008-05-12T18:01:53+00:00

@jstorz: Every normal forum uses an insecure HTTP-connection when loggin in. Often the password is even saved uncrypted in a cookie. So when sending the password via HTTP it's not insecurer than any other website.

@cybernet: Of course you can use https. There should be an openSSL-module for PHP that you can use to crypt your request.
The problem with SSL is you need a certificate that costs you some bucks. What I do to get around is to crypt usernames and passwords with RSA or MD5. RSA can be written easily (see wikipedia for details) and MD5 is already included in PHP.

So what you do:
Page one (requester) crypts the data and sends it via HTTP to page 2. Page 2 decrypts data and looks if data are correct. If yes it just have to echo "correct". You 1st page reads "correct" and knows that the user is logged-in.