Hi everyone,

Is it possible to create a php file which forwards to another url, with username and password attached. e.g. http://username:password@www.domain.com/folder/index.php

The key thing is the username and password should not show up.

Could I use the include ('http://blah blah'); statement ?

thanks

:thumbsup:

Sorry I am a bit lost - if you could give more info I think I might have an idea.

Are you trying to create some sort of homepage system - where when a uaser logs in it goes direct to their webpages/url?

If i knew why you want this.

Without more info all i can say is that you will need to post the username password from a form, then prosess the details (serverside) and from this decide the url to be used.

You could have a table/list of username-urls and lookup the correct url to redirect to, this way the url itself does not need to contain the password or username.

like for ftp?



header("location:http://".$username.$password."@domain.com/folders/and/files.htm");

Hi

I will try to explain again.

Say I have a file such as http://www.domain.com/redirectme.php

Someone types this in and the php file is read.
In this php file there will be a redirection to another url e.g.

http://www.domain2.com/program.php

Say in this example the program.php is a file protected by .htaccess.

So what I need is a form of redirection in the 'redirectme.php' file which has the username and password needed to access the 'program.php'

But the catch is the username and password cannot show up in the url. So the example you gave missing-score would not work because the username and password would appear in the address bar.

That make any sense now !! :p

well, as far as I know, .htaccess wont be able to be accessed dymaically by PHP, but posting vars is the way to go.

The trouble is that you really need to click a button else run a program to do that...

try using a form with method="post"

I am using the below code, to access Neomail, that comes with Cpanel and web protected.

And my client is too dumb to remember :2095, so I made form on his homepage from where he can access his web mail.


<?
if(!$username || !$password)
{
header("Location: http://www.mydomain.com/");
exit;
}
$url = "http://" . $username . ":" . $password . "@www.mydomain.com:2095/";
?>
<html>
<head><title>:</title>
<meta http-equiv=REFRESH CONTENT="0; URL=<? print $url; ?>">
</head>
<body>
If you are not taken to your mail panel in the next few seconds please
<a href="<? print $url; ?>">click here</a>...
</body></html>


But the problem is that user name and password is not encoded, it means that user id and password can be seen on the url, so it becomes insecure if we use this code on public computer, any one using the same comp after we have used can use the url from the address bar and login to our account.


So can any one tell us how to resolve this problem.