Help with "form actions"

[CrossX]

Hi everybody!

 

I have a html script a simply actions form.

 

My request is: HOW to hide the input informations? like password and user? i want to convert in php file...

 

here is the code:

<form name=myorm>
    <form action="https://external_site.php?" method="GET">
    <input type="hidden" name="_charset_">
    <input type="hidden" name="username" value="globalusernameHERE">    
    <input type="hidden" name="password" value="mypassword_123">
.....

 

I want to hide the value="globalusernameHERE" and value="mypassword_123"

 

thanks all

[Schlo_50]

MD5 encrypt them?

 

Im not really sure what your after, and why your setting the value of a username and password field when the user will come along and enter their details anyway? Your system won't be very secure if you can just hit login and the details are already there.

[sasa]

change method from GET to POST

[GameYin]

Also why do you have 2 form tags? Just do this..

 

<form name="myorm" action="https://external_site.php?" method="POST">

 

Also why are you using an external site to process your PHP?

[CrossX]

Yes, I have to use a external site to proces. because is a external service, but can be accesed from my site. (a sms gateway form , for my users)

 

I want to hide the user and password also is someone see the html Code.

 

I tryed to make with some php $vars but that is showing again the user and passw

[CrossX]

can i use some encryption method?

[rhodesa]

What you should do is have the form submit without the hidden variables to a PHP script on your site. Then, add in the hidden stuff and use cURL to send that data to the external site.

[CrossX]

What you should do is have the form submit without the hidden variables to a PHP script on your site. Then, add in the hidden stuff and use cURL to send that data to the external site.

 

as you see I'm a very very n00bie, can you make an example with this cURL?

[CrossX]

like this mod?

 

<?php
    // a simple GET request:
    include('my_file_with_passw.php');
    $http = new cURL();
    $result = $http->get('htt://external_url.php');
?>

 

or not?

[cooldude832]

those all aren't Secure methods

 

POST and GET data is not encrypted by default, when its sent on a public computer it can be tracked via spyware and so forth. 

 

Using POST and proper measure such as encryption of passwords and not storing sensitive data like credit card numbers you are fine.

 

However the usefulness of GET and POST is not because POST "hides" the data and GET doesn't  POST Is for larger data volumes and stuff like file uploads.  GET allows a footprint of the query to be useful in bookmarking and other task.

[rhodesa]

What I assume you are trying to do is piggyback a service (you mention SMS) which requires a name/password to use. So you want to accept something (let's say a message) and then submit that message to an external site's form using your predetermined user/pass and the users submitted message. The script would look something like this:

 

<?php
  $url = 'https://external_site.php';
  $user = 'globalusernameHERE';
  $pass = 'mypassword_123';
  
  
  if($_SERVER['REQUEST_METHOD'] == 'POST'){
    $data = array(
      'message' => $_POST['message'],
      'username' => $user,
      'password' => $pass,
    );
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url); //set url
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);// allow redirects
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into variable
    curl_setopt($ch, CURLOPT_POST, 1); // set POST method
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); // add POST fields
    curl_exec($ch)  // run the whole process
      or die("Could not send message");
    
    header('Location: ?done=true');
    exit;
  }
  if($_GET['done'])
    print "Message sent";
?>
<form method="POST">
  <input type="text" name="message" />
</form>

[CrossX]

yes, thank you rhodesa