tags:

views:

49

answers:

2
Q: 

php curl - sending form data to external website

Hello.

I have a login form set up on my domain (eg: www.example.com/login).

When the user enters their login information, I need those details to be passed through a login form on an external website and the user directed to the application that they are logging into.

So to add the user steps to this: 1. User enters login information on www.example.com/login 2. User is directed to and has access to application on www.external.com/application without having to re-enter login details at www.external.com/login

The problem is, I'm not sure how to go about doing this. I found some references to cURL which from what I could gather is the best approach to take.

Any help with this would be appreciated .. I'm a PHP novice! Also ... the application on the external website is ASP.NET (I'm not sure if this has any factor on getting this to work).

Thanks for your help, Mark.

A: 

Depending on how your application works, what could work is have your login form on example.com/login point to external.com/application

so your form tag would look like this:

<form action="external.com/application" method="post">

Now your external.com/application will have to be setup to accept the data from the login form. When the form is submitted the browser should direct itself to external.com/application.

Josh Pennington  2010-07-09 12:50:59
Thanks for that Josh. This is the approach that I have been trying out so at least it looks like I'm on the right road.The problem is that I don't have control over the external website ... do the guys at the external site need to set something up to allow for the login details entered on my website to pass through?
Mark Jones  2010-07-09 13:23:28
A: 

This is a possible approach :

  • On www.example.com/login, do a classic login form which is submitted on itself

  • On www.example.com/login, when a $_POST is detected :

    • check that the credentials are good
    • if yes, store within a table in you db server an hash dedicated to this user (by hashing his id/user/etc... whatever you wish)
    • redirect to www.external.com/login?hash=the_generated_hash

  • On www.example.com/verifyHash.php:

    • create a simple php file that take a hash in $_GET and echo "true" if this hash exists in your db

  • on www.external.com/login

    • check that a hash is passed in $_GET
    • if yes, do a simple $result = file_get_contents("www.example.com/verifyHash.php?hash=$_GET["hash"]");
    • if the result is true then you can assume that the user has valid credentials.

Of course, you can optimize this whole thing by passing a user id along your hash, by implementing some security when your asking remotly verifyHash, etc...

bPizzi  2010-07-09 14:03:14
Sorry I didn't saw that you can't control the external website...If they're smart, thay have surely implemted some security layer on their login form (like a CSRF secret)... Which would completely prevent you from doing what you want to do with a simple redirection.
bPizzi  2010-07-09 14:06:49
Hmm yeah you might be right about that. Ive managed to set it up so that I can connect to an external Wordpress and Drupal site but when I try connecting to the ASP.NET site, I can't get a connection ...
Mark Jones  2010-07-09 14:27:05
Yep, and in case you'd manage to get it work, your solution might be broken someday without warning, as soon as they'll implement some security...
bPizzi  2010-07-09 14:44:27

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases