Hi, I have a client who would like me to build a site for 3rd party they work with. One of the requirements is that any user visiting the new site must first log into the private section of my clients current web site and click a link found there. This is not meant to be a super secure site. Only to keep out competitors. Here are a list of things they will not do:
1) do not want to 2 logins. one for the current site and one for the new site. 2) will not give access to the current site's user list for new site to auth against. So I was thinking of creating a cipher script. One that script that is placed on the current web site that will create a 32 or 64 character string maybe just a MD5 has of some programmable source string, like the date plus some text. Then post that via GET to the new site and test. If they match you set a cookie if not display an error page. I was wondering if anyone had a better idea. I was wondering if checking the refer url would work too? Maybe that would be in addition to the hash test. Another challenge is that this system is meant to be duplicated for many new clients and some may not have php on their servers. Do you think just checking the refer URL is enough? Sincerely, Mike -- Mike Brandonisio * IT Planning & Support Tech One Illustration * Database Applications tel (630) 759-9283 * e-Commerce [EMAIL PROTECTED] * www.techoneillustration.com
