Results 1 to 4 of 4
03-09-2003, 02:05 PM #1
Transferring Login Data to another script
My site uses a CGI script which requires input of a USER ID and a PASSWORD. These items are collected from an HTML login page using "INPUT TYPE" and sent to the CGI script on my server using "FORM ACTION" when the "Submit" button is clicked.
The FORM ACTION command sends the USER ID & PASSWORD to the CGI script allowing the user to access his/her custom catalog which the script generates.
My problem is this.... I also have another script which requires the input of the same USER ID & PASSWORD (this script resides on another server) and do not want the user to have to re-enter their info to login. How can I keep the data from the first submit and then send it to the second script when the user wishes to access it? Should I use a cookie or some type of CGI script to transfer the original login data to the second script?
Basically I'm wanting to bypass the second script login page but have the second script know the USER ID & PASSWORD from the data originally submitted on the first script login. My goal is seamless transfer from one script to the other without re-entry of ID and Password.
Any help will be greatly appreciated.
03-09-2003, 04:46 PM #2
Cookies are not a good idea, they are not secure at all.
I do not know an awful lot about CGI (Perl, I presume?) but it may be worth finding out if your cgi language has support for sessions, these are a secure way of persisting information across pages/scripts.If one of our members helps you, please click the icon to add to their reputation!
No support via email or private message - use the forums!
Before you ask, have you Searched?
04-22-2003, 09:16 PM #3
depending on your programming language you could maybe use something like this. say you have a form on www.site1.com and login with user=test and pwd=test2 you could send this to a module on the other server in the form of www.site2.com/verify.asp?hash=somevalue PHP can do this also. the hash=somevalue could be a combined encypted form of user and password. You can find simple encryption scripts on dynamicdrive.com. On www.site2.com create the page verify.asp and include a function to decrypt and split the user and password into two seperate values. I hope this made sense.
10-06-2003, 06:37 PM #4Originally Posted by paph
Assuming the first page submits USERNAME and PASSWORD, here's how I'd do it in PHP.
<form method=post action="script2.cgi">
<input type="Hidden" name="USERNAME" value="<?=HTTP_POST_VARS['USERNAME']?>">
<input type="Hidden" name="PASSWORD value="<?=HTTP_POST_VARS['PASSWORD']?>">
<input type=submit name=submit value="Got the the Catalog">
Last edited by HTML; 10-31-2003 at 05:11 PM.