a little challenge

agent47

ok, I need some help with a problem. I asked a question earlier, but I need help with a more general case.

I am trying to make an auto-login system, where users enter their private username/password, and if it's ok, they need to be logged in and redirected to an external website - using a master username/password, which should be unknown to the private users.
So basically a script that will submit a form and log in to a website, and redirect a user there. Would this be possible? I think it should - to a certain level. The key here is that the master login info has to stay hidden.

Any advise?

Thanks.

jib0

Maybe creating a stream with "stream_context_create" and sending an HTTP POST request when username and password are correctly filled. Is the username and password of the second site the same for every user? For more security it should be function of the first username and/or password.

agent47

hi,

Thanks for the reply. So far I've tried using curl to post to the external login website.
I have found out (it was pretty obvious tough) how the external website logs people in. Basically the login form is submitted to a file, .jsp in this case, which verifies everything and sets a cookie with a session ID. Then it redirects you to another page (this redirection is done through another hidden form for some reason, with username/password already filled in). The cookie expires at the end of the session, and there is no logout button..

With what i tried so far, using curl, I can successfully submit the form... but the cookie doesn't get set to the user.

Your idea of a stream seems interesting. I'll read some more about that. In the meantime any more suggestion, and maybe an example of stream_context_create?

Edit: stream_context_create seems pretty much same as cUrl..?
I need to somehow redirect the user to a page, while posting a form for him.

Thanks a lot
Cheers 🙂

and I changed my first post a bit.. hopefully clearer