remote authentication

[es131245]

I'm trying to separate my main site from authentication scriptso its a 2 virtual hosts www.site.com && login.site.comMain site checks if $_POST login & password isset and then it sends it to a login.site.com/?login=HINT&password=GUESS host by $_GET requestand login.site.com respond the same way (BY $_GET) and the i get BAD LOGIN/PASSWORD ORSETCOOKIE FUNCTIONTwo questions:I don't trust GET REQUESTS. Is there a way to replace it?

[End User]

Two questions:I don't trust GET REQUESTS. Is there a way to replace it?

1) Replace it with a POST request.2) What's the 2nd question.

[es131245]

the is aform action="?act=login" method="post"but how can i replaceheader('location: http://login.site.com/?login=HINT&password=QUESS');into POST???or send post data to other host???

[es131245]

second oneso this is a 4 step login1 post send to LOGIN.host2 check if exists or fake3 reply to mail site4 setcookesbut every time user serfs site i have to do almost the same thing with cookies values exept4th stepwhat do i do ?$user=$_GET['post']???

[justsomeguy]

If you want to make the client send a post request you need to print a form and have it submit automatically with Javascript, but post requests don't really provide any more security than get requests. It sounds more like you want the server to send the request and do the authentication though, not the client. That would be a SOAP web service, you can create an authentication service on your authentication server and then have other servers use that service to do authentication. All of that communication would happen on the server, you wouldn't be redirecting the client around. PHP has pretty good support for creating and using web services, there are classes for creating a SOAP server and SOAP client, for example.http://www.php.net/manual/en/refs.webservice.php