Re: [PHP] passing login paramters from php web application to asp web application. help.
Richard Lynch wrote: Can you get the usename/password from the other application? Yes, we have them. With it, you can then use http://php.net/curl to simulate the user logging in to the other site. Thanks. You simply have to convince the other site that your PHP script actually *IS* the user logging in, which is seldom very tricky, and is always *POSSIBLE* with enough effort. How can be that done? Do you know of any tutorial, example? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing login paramters from php web application to asp web application. help.
symbulos wrote: Richard Lynch wrote: Can you get the usename/password from the other application? Yes, we have them. With it, you can then use http://php.net/curl to simulate the user logging in to the other site. Thanks. You simply have to convince the other site that your PHP script actually *IS* the user logging in, which is seldom very tricky, and is always *POSSIBLE* with enough effort. How can be that done? Do you know of any tutorial, example? one way is to use the cURL extension. the concept is that your script pretends to be a browser, using cURL to initiate a HTTP connection (aka a request) to the ASP server - your request should send the same as your browser would if you had sumbitted a login attempt to the ASP site directly... come on, you too know how to type stuff into the google search box: http://www.google.nl/search?q=php+cURLstart=0 fourth hit: http://www.phpfreaks.com/quickcode/Curl_Abstraction_Class_v1.0/120.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing login paramters from php web application to asp web application. help.
Just out of curiousity, does your PHP/MySQL site share a domain name? By that I mean can your site be accessed by php.commondomain.com, and theirs asp.commondomain.com, where the commondomain.com part is the same on your side and theirs? If not, then your site will not be able to set cookies for their site, so for the login process you'll probably have to redirect the visitor to the other site(with login parameters(which may or may not be the uname/passwd) in the QueryString), for it to set the cookie, which can then redirect back to your site after the login is complete. This might be simpler than using cURL even if you're on the same domain. On 6/23/05, symbulos [EMAIL PROTECTED] wrote: Richard Lynch wrote: Can you get the usename/password from the other application? Yes, we have them. With it, you can then use http://php.net/curl to simulate the user logging in to the other site. Thanks. You simply have to convince the other site that your PHP script actually *IS* the user logging in, which is seldom very tricky, and is always *POSSIBLE* with enough effort. How can be that done? Do you know of any tutorial, example? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing login paramters from php web application to asp web application. help.
Rory Browne wrote: Just out of curiousity, does your PHP/MySQL site share a domain name? By that I mean can your site be accessed by php.commondomain.com, and theirs asp.commondomain.com, where the commondomain.com part is the same on your side and theirs? Unfortunately not. At the same time, we would rather not pass confidential information, like username / password using get methods (with variable appended to url). This is the main problem. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing login paramters from php web application to asp web application. help.
Jochem Maas wrote: come on, you too know how to type stuff into the google search box: gorgle? what is that? http://www.google.nl/search?q=php+cURLstart=0 fourth hit: http://www.phpfreaks.com/quickcode/Curl_Abstraction_Class_v1.0/120.php I am not sure about it. I did not understand it at all. It is not exactly well documented. :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing login paramters from php web application to asp web application. help.
symbulos wrote: Jochem Maas wrote: come on, you too know how to type stuff into the google search box: gorgle? what is that? oh just a little search engine some of us use now and again :-) http://www.google.nl/search?q=php+cURLstart=0 fourth hit: http://www.phpfreaks.com/quickcode/Curl_Abstraction_Class_v1.0/120.php I am not sure about it. I did not understand it at all. It is not exactly well documented. story of my life :-) you can always ask here if you have some specific code that's frying your brain. :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing login paramters from php web application to asp web application. help.
It looks like with curl you have to pass the parameters as external variables appended to the link. Is that the only way? Is it possible to simulate a POST behavior? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing login paramters from php web application to asp web application. help.
symbulos wrote: It looks like with curl you have to pass the parameters as external variables appended to the link. Is that the only way? Is it possible to simulate a POST behavior? yes. look here for an idea on how: http://curl.haxx.se/mail/curlphp-2004-09/0063.html bare in mind that POST is no more secure than GET - although obviously POST params don't (generally!) get copy/pasted around by people [mistakenly] ... although in your case I doubt anyone would accidently copy/paste a GET url from cURL addressbar ... mostly because cURL doesn't have an address bar ;-) assuming you have php/apache compiled with SSL support you could make an HTTPS connection with the ASP server to do the auto-login rather than plain HTTP. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing login paramters from php web application to asp web application. help.
On Thu, June 23, 2005 12:33 am, symbulos said: Richard Lynch wrote: You simply have to convince the other site that your PHP script actually *IS* the user logging in, which is seldom very tricky, and is always *POSSIBLE* with enough effort. How can be that done? Do you know of any tutorial, example? Just the examples in http://php.net/curl and following pages. It's a LOT easier than you think when you sit down to do it. You send the same crap to their web-server that a browser sends. They send back the same HTTP/HTML crap your browser gets. You use PHP to find the bits and pieces relevant to getting to the next URL, and you start over with sending the same crap your browser sends. Repeat all that as necessary, and you reach your goal. I posted a lot more detail already a few minutes ago, but wanted to stress that despite the finicky details, it's just not that tricky. I think EVERY web developer should do this, at least once, just to realize just how *NOT* tricky it is to fool a login if a determined Bad Guy wants to. It will make you appreciate so much more what Security really is, and why a simplistic login isn't really much of a barrier -- And you have a better understanding of what goes on during a login process that *is* good. If anybody teaches a PHP course of any length, this should be a required assignment: Using a known valid login for a site that requires username/password, write a PHP script that gets through that login to protected content. Let the students pick the site, and share their results. They'll all learn a whole lot more that way from each other's experience. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] passing login paramters from php web application to asp web application. help.
Dear friends, we have a peculiar problem here. Our customer log in in our customer relationship management application using a unique if, unique password. We use php with mysql. We have a partnership with a company which has a crm application developed in asp, sqlserver. The same customer log in in their crm using a different pair of unique login, unique password. We would like to allow the customer to log in our crm (php, mysql), then pass the parameter on automatically so that they can see also this part of the crm of the partner (asp, sqlserver) which is of common interest, without having to log in again. Do you have a solution for this problem? Thank you in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing login paramters from php web application to asp web application. help.
On Wed, June 22, 2005 8:45 am, symbulos said: we have a peculiar problem here. Our customer log in in our customer relationship management application using a unique if, unique password. We use php with mysql. We have a partnership with a company which has a crm application developed in asp, sqlserver. The same customer log in in their crm using a different pair of unique login, unique password. We would like to allow the customer to log in our crm (php, mysql), then pass the parameter on automatically so that they can see also this part of the crm of the partner (asp, sqlserver) which is of common interest, without having to log in again. Do you have a solution for this problem? Can you get the usename/password from the other application? Without that, you have no hope. With it, you can then use http://php.net/curl to simulate the user logging in to the other site. You simply have to convince the other site that your PHP script actually *IS* the user logging in, which is seldom very tricky, and is always *POSSIBLE* with enough effort. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php