passing the passwords through hyperlinks

Anon

i m using phplib for authentication.
and i need the user password on other pages.
after authentication i am passing that password to other pages through hyperlinks.
they are visible.i want that they should be encrypted or invisible. i tried them to pass through session variables but failed.
please if anybody has solution help me.
jojo

Anon

dear jojo

i'd the same problem

let me know
if you could find the solution

or i would if i got it first

mine email is niraj.dave@globalwebwise.com

niraj

Anon

Use cookies to setup a variable if the user has logged in. Or if you want the username and password then just set a cookie with the username and password in it.

Anon

I'm not sure if this will help: Pass your password with HIDDEN type and POST method via FORM.

If this is not secured, please advice.

Anon

but hidden type is still visible on HTML source, if someone views it. right?

Anon

i assume that you need password on other pages bcz you want to verify that user is authorized to access stuff on those other pages. if so then, in PHPLIB, it's probably better to use PHPLIB $auth & $perm instead of shuffling a password string around. $auth & $perm are very fine-grained allowing page-level or even line-by-line access control.

Anon

Passing a php3 script the username and password through a post operation is very insecure (It transmits in plain text).. You might want to try authenticating using simple http authentication and the $PHP_AUTH_USER and PHP_AUTH_PW parameters. This method is much more secure because it uses a base64 encoded header tag (the user/pass would look like a bunch of jibberish to a rogue network sniffer).. This method also eliminates a LOT of extra coding because the web browser will remember the username and password until the user exits..

example:
function auth() {
Header("WWW-Authenticate: Basic realm=\"My Realm\"");
Header("HTTP/1.0 401 Unauthorized");
echo "Put text or html to send if user hits Cancel button here\n";
exit;
}
if (($PHP_AUTH_USER == "username") && ($PHP_AUTH_PW == "password")) {
//put whatever code you want here for something that was authenticated successfully..
}
else {
auth();
}

If you have any additional questions e-mail me..

Anon

thanks for your suggestions,
but i am not able to solve my problem.
it is like this that when i authenticate login and password through phplib, i need these passwords on further pages to access information through database and to show to user. these passwords are userids for registered users . To access information from multiple tables i need this. and want to pass through hyperlinks.

i want a logrithim that can encrypt and
decrypt my passwords. there is mycript libraries for that. but as i am working on
windows i don't know how how to configure them in php3.ini file.
i used md5() but it is one way

i want to make my site very secure .
i have used phplib extensibly but could not able to pass my username and passwords through sessions.
jojo