Jump to content

Archived

This topic is now archived and is closed to further replies.

420blaze

HELP!!!!! Passing Parameters in the URL from website to website!

Recommended Posts

Ok, I've been at this all day and I feel like  smashing my computer with a sledgehammer by now! PLEASE HELP!!!!!!!

It sounds simple: 

I am trying to log-in to a website by passing the  username and password through a URL parameter. The problem is that different people will have different user/pass so the login information is located on a database (mysql) and must be retrieved using php!

People will already be logged in to a session variable!
I am simply loading an external website through an iframe and trying to get it to log in automatically using this method:

> http://www.address.aspx?username=xxxx&password=yyyyy

I understand that the xxxx and the yyyyy must reference their corresponding fields in my database.

The problem is that MY database is on MY server and "address.aspx" is an external site.

How do I reference the external site AND my database AND the correct database field.

THANK YOU!!!!!

Share this post


Link to post
Share on other sites
Correct me if I'm wrong, but the following should work.

PHP would be something similar to this.
[code]
<?php
.....

$iframe_loc = $remote_url . "?user=" . $_SESSION['user'] . "&pass=" . $_SESSION['pass'];

.....
?>
[/code]

HTML should look something like this.
[code]
<iframe src="<?php echo($iframe_loc); ?>">
</iframe>
[/code]

Share this post


Link to post
Share on other sites
I am not using ASP. I am using PHP. The external website just happens to be an asp site.

So far, this is what I've come up with so far (but it doesnt include the database source website):

<iframe src="http://www.address.aspx?username=<?php echo $row_rshandicapping['GSID']; ?>&password=<?php echo $row_rshandicapping['password']; ?>"

Im not sure if this is correct...
Your help would be greatly appreciated!!!

Share this post


Link to post
Share on other sites
<iframe src="http://www.site.com/page.aspx?username=<?php echo $row_rshandicapping['GSID']; ?>&password=<?php echo $row_rshandicapping['password']; ?>

is what it should look like .aspx is not a domain thing... and also the site that youre tryin to do this with... does it scan the get variables for a username and password or use post?  Cause if its not GET then this isnt gonna work lol...

Share this post


Link to post
Share on other sites
[quote author=mewhocorrupts link=topic=103330.msg411392#msg411392 date=1154986946]
Correct me if I'm wrong, but the following should work.

PHP would be something similar to this.
[code]
<?php
.....

$iframe_loc = $remote_url . "?user=" . $_SESSION['user'] . "&pass=" . $_SESSION['pass'];

.....
?>
[/code]

HTML should look something like this.
[code]
<iframe src="<?php echo($iframe_loc); ?>">
</iframe>
[/code]

[/quote]

mewhocorrupts, i got very close to solving my problem using your code...can you please elaborate a bit more???? Im almost there but im doing something wrong... THANKS!!!

Share this post


Link to post
Share on other sites
well, im not sure what to make of the feilds in red...i understand that they are database feilds but  what exactly is the syntax to be used there???

Share this post


Link to post
Share on other sites
when you say the bits in red, do you mean ; "?user=" ?

If so, that is not a variable. That is plain text.

Share this post


Link to post
Share on other sites
after the = sign, am i supposed to type the actual username or password? because the whole point is so that it retrieves the user/pass from a database

Share this post


Link to post
Share on other sites
you have to write the code to retrieve the username and password from your database.  Then you create the URL


//get username and password from db, assign these values to $user and $pass

//create the URL
$iframe_loc = $remote_url . "?user=" . $user . "&pass=" . $pass;

//load the page into your iframe

Share this post


Link to post
Share on other sites
The problem im having, is writing the actual code that retrieves the user name and passwordin  in those "$user=" & "&pass=" fields... can anyone give an example code of what goes in there??? sorry...im a big noob :(

Share this post


Link to post
Share on other sites
You said that you're already getting the username and password from a database through PHP, right? All you really need to do now is assign those two things to $user and $pass variables. No need to change the code as it is, just need to clarify your own code a bit to connect what mewhocorrupts gave you to what you already have.

Share this post


Link to post
Share on other sites
I have the username and password stored in a database which has to be retrieved using php....

because there are different users with different passwords, entering a static value does me no good...

the point is  to retrieve the info dynamically... so i can't actually define a specific static value because then every users info is different.

Share this post


Link to post
Share on other sites
you must be getting some information from your user to determine their username/password. 

Share this post


Link to post
Share on other sites
If I understand what's going on, when these guys are telling you to use $_SESSION['user'] and $_SESSION['pass'], those variables user and pass are the variables stored in the session... which is unique to everyone. So you've already gotten the info out of the database and you are now just looking at the session itself.

Share this post


Link to post
Share on other sites
so what exactly is to be done?

this is what i have sofar:

[code]

<?php
$iframe_loc = $remote_url="http://www.remotesite.aspx" . "?username=" . $_SESSION['username'] . "&password=" . $_SESSION['password']; ?>
<iframe src="<?php echo($iframe_loc); ?>"

[/code]
is this code correct? Because for some reason it is not working....
anyone??? your help is greatly appreciated

Share this post


Link to post
Share on other sites
you forgot the > on your iframe tag... also the format of an iframe is
[code=php:0]<iframe>error messege for if the browser cant display it</iframe>[/code]

also uhhh why
[code]
iframe_loc = $remote_url=
[/code]
why not just
$iframe_loc="http://www.remotesite.aspx" . "?username=" . $_SESSION['username'] . "&password=" . $_SESSION['password'];

Also are you setting the SESSION variables?  Cause if not this is only gonna iframe http://remotesite.aspx?username=&password=

Share this post


Link to post
Share on other sites
The first thing you have to do is authenticate the user information on your end, so below is a basic form to do that:

[b]login.php[/b]
[code]
<?php

// Check if the login form was submitted
if($_POST['login']){
  // Get the username and password from the form submission
  $username = $_POST['username'];
  $password = $_POST['password'];

  // Query the database
  $sql = "SELECT * FROM 'users' WHERE 'username' = '$username' AND 'password' = '$password' LIMIT 1";
  $result = mysql_query($sql) or die("Error Retreiving Users: ".mysql_error());
  $row = mysql_fetch_array($result);

  // Check if any results were returned
  if($row > 0){
// If a match for the user information was found,
// start a session and register the username and password in the session
      session_start();
      $_SESSION['username'] = $username;
      $_SESSION['password'] = $password;
 
// Define the iframe
      $iframe_loc = "http://www.remotesite.aspx" . "?username=" . $_SESSION['username'] . "&password=" . $_SESSION['password'];

// Start showing the web page
      echo '<html>
    <body>';

/// Show the iframe
      echo '<iframe src="'.$iframe_loc.'">error messege for if the browser cant display it</iframe>';

        // Close the page
      echo '</body>
    </html>';

  } else {
// If no matches were found for the user information provided
// Go back to the login page with an error set
      Header("Location: login.php?error=1");
  }
} else {
  // Start the page
  echo '<html>
<body>';

  // Show any errors
  if($_GET['error'] = 1){
echo '<strong><font color="red">There was an error with your login information</font></strong>';

  // Show the login form:
  echo '<h1>Login</h1>
<form action="login.php" method="POST">
<input type="text" name="username"><br />
<input type="password" name="password"><br />
<input type="submit" name="login" value="Login!">
</form>';

  // Close the page
  echo "</body>
</html>";
}         

?>
[/code]

[b]NOTE: The code above is aimed to be a simple example only, I highly recommend you encrypt the password before you check it using md5() or similar[/b].

Once you've have the login information for the current user, then you can take that information and pass it to the remote site in the following line from above:

[code]
// Define the iframe
$iframe_loc = "http://www.remotesite.aspx" . "?username=" . $_SESSION['username'] . "&password=" . $_SESSION['password'];
[/code]

For this to work, the remote site has to accept login information through the $_GET variable array, and you will need to be sure that you're passing it variable names that it understands.

The only alternative would be to configure the remote site to query [b]YOUR[/b] database to check the login information.

Share this post


Link to post
Share on other sites
[quote author=420blaze link=topic=103330.msg411588#msg411588 date=1155030833]
[quote author=mewhocorrupts link=topic=103330.msg411392#msg411392 date=1154986946]
Correct me if I'm wrong, but the following should work.

PHP would be something similar to this.
[code]
<?php
.....

$iframe_loc = $remote_url . "?user=" . $_SESSION['user'] . "&pass=" . $_SESSION['pass'];

.....
?>
[/code]

HTML should look something like this.
[code]
<iframe src="<?php echo($iframe_loc); ?>">
</iframe>
[/code]

[/quote]

mewhocorrupts, i got very close to solving my problem using your code...can you please elaborate a bit more???? Im almost there but im doing something wrong... THANKS!!!
[/quote]

Your welcome.  And the bits in red, as far as the "?user=" are just portions of the parameter string.  They're posted to the remote script, exactly like a form would do, but manually here.  The bits of red that resemble "$_SESSION['user']" are variables being pulled from the user's session.  It's the same as $_POST or $_GET.  If you're pulling values out of a database, just plug in the corresponding variables in place of both mentions of "$_SESSION" and it'll be to the same end.

Like so:
[code]
<?php
.....

$iframe_loc = $remote_url . "?user=" . $var_that_holds_username . "&pass=" . $var_that_holds_user_password;

.....
?>
[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.