hide url with logindata from user

Spida

I am working on a client-server project which requires me to open a php-page in a browser from a delphi-program. Since that page requires a login, I am calling it like

www.example.com/login.php?user=name&password=secrect&GotoURL=xyz

where xyz is the base64encoded url where I want to go.
How can I hide the first url from the user?

login.php stores username/password in a session, so I have to require the real page into login.php, instead of using headers(location: ...).

Weedpacket

If the URL is all you're sending, then the password is going to have to be in the URL...
Instead, if you can, have the Delphi program put together a complete http POST request, and send that to PHP. With those, the submitted data is in the body, not in the URL

Something looking a bit like

POST http://www.example.com/login.php HTTP/1.0
User-Agent: Flash 5
Host: www.example.com
Content-type: Mozilla/5.0 (Windows; U; Win95; en-GB; rv:1.1) Gecko/20020826
application/x-www-form-urlencoded
Content-length: 37

user=name&password=secret&GotoURL=xyz

Note that those line breaks should be Internet- (and Windows-) convention linebreaks: \r\n. The blank line signals the end of the header and the start of the body.

Spida

Thats what I am doing at another place in that same app, too... but here I want to display the response I am getting in the users preferred browser.

Weedpacket

To be honest I don't see how that would make a difference - an http response is an http response whether it's in response to a GET or a POST.