es131245 Posted September 27, 2010 Share Posted September 27, 2010 I'm trying to separate my main site from authentication scriptso its a 2 virtual hosts www.site.com && login.site.comMain site checks if $_POST login & password isset and then it sends it to a login.site.com/?login=HINT&password=GUESS host by $_GET requestand login.site.com respond the same way (BY $_GET) and the i get BAD LOGIN/PASSWORD ORSETCOOKIE FUNCTIONTwo questions:I don't trust GET REQUESTS. Is there a way to replace it? Link to comment Share on other sites More sharing options...
End User Posted September 27, 2010 Share Posted September 27, 2010 Two questions:I don't trust GET REQUESTS. Is there a way to replace it?1) Replace it with a POST request.2) What's the 2nd question. Link to comment Share on other sites More sharing options...
es131245 Posted September 27, 2010 Author Share Posted September 27, 2010 the is aform action="?act=login" method="post"but how can i replaceheader('location: http://login.site.com/?login=HINT&password=QUESS');into POST???or send post data to other host??? Link to comment Share on other sites More sharing options...
es131245 Posted September 27, 2010 Author Share Posted September 27, 2010 second oneso this is a 4 step login1 post send to LOGIN.host2 check if exists or fake3 reply to mail site4 setcookesbut every time user serfs site i have to do almost the same thing with cookies values exept4th stepwhat do i do ?$user=$_GET['post']??? Link to comment Share on other sites More sharing options...
justsomeguy Posted September 27, 2010 Share Posted September 27, 2010 If you want to make the client send a post request you need to print a form and have it submit automatically with Javascript, but post requests don't really provide any more security than get requests. It sounds more like you want the server to send the request and do the authentication though, not the client. That would be a SOAP web service, you can create an authentication service on your authentication server and then have other servers use that service to do authentication. All of that communication would happen on the server, you wouldn't be redirecting the client around. PHP has pretty good support for creating and using web services, there are classes for creating a SOAP server and SOAP client, for example.http://www.php.net/manual/en/refs.webservice.php Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.