URL Redirect cw/ username and password


#1

Hi,

I am trying to do something new on my webpage that i have not seen done before, i am trying to use a dropdown box to pick one of three different pages on my site to login to. there are 2 different “Name” 's to configure to go with the username and password data.

<form name=form2 method=POST action=login.php>
<input name=UR type=text size=10 />
<input name=PS type=password size=10 />
<select name=LI>
<option value="">Choose a Destination...
<option value=FR>Forums
<option value=FL >File Navigator
<option value=WM >Webmail
</select>
<input type=submit value=Login  />
<input type=reset value=Reset>
</form>

that is the code for the form. each of the options is a different destination. UR is for the username, and PS for the password.

[php] <?php

 /* username and password "Name" */

$UR = $_post[‘UR’];
$PS = $_post[‘PS’];
/* Dropdown box name*/
$LI = $_post[‘LI’];
/* dropdown box options */
$FR = $_post[‘FR’];
$FL = $_post[‘FL’];
$WM = $_post[‘WM’];

if ($LI = $FR) {
      $_SERVER[/forums];
	  $UR = ['username'];
	  $PS = ['password'];

} elseif ($LI = $FL) {
 $_SERVER[/admin];
 $UR = ['login_usuario'];
 $PS = ['login_contrasinal'];
}
 } elseif ($LI = $WM) {
 $_SERVER[/email];
 $UR = ['login_usuario'];
 $PS = ['login_contrasinal'];
}

?>[/php]

this is the code for the login page. i know its not right, and i’m not asking anyone to do this for me, all i want to know is:

  1. is what i’m trying to do possible?

  2. am i on the right track?

  3. do you understand what i am trying to do?

P.S if you want a better idea of what i am trying to do the form is on my page @ http://www.lordsnow.com at the bottom.


#2
  1. Yes.
  2. Yes.
  3. Yes.

To be honest, I don’t think there are many things you cannot do with PHP (as long as it’s webbased of course). But you’re definately on the right track for what you want.


#3

[php]<?php

 /* username and password "Name" */
  $UR = $_POST['UR'];
  $PS = $_POST['PS'];
/* Dropdown box name */
   $LI = $_POST['LI'];

/* the following line is for testing.
echo "username is “.$UR.”. Password is “.$PS.”. you want to go to the ".$LI;
*/

	 if ($LI == "FR") {
  header ("location: http://www.lordsnow.com/forums/login.ph ... gin=Log+in");
  }
   else if ($LI == "FL") {
   header ("location: http://www.lordsnow.com/admin/comprobar ... asinal=$PS") ;

  }
   else if ($LI == "WM") {
   header ("location: http://www.lordsnow.com/email/src/redir ... asinal=$PS");
  }

?>
[/php]

ok i’ve made some progress, with the code like this i can get directed to the right page, and the bottom page will actually login, but i get username/password errors on the first 2.

the first one i am trying to login to is phpbb. the secomd one is PHP File Navigator.

PHPBB has a target:_top in the form i believe that is the reason i have had to add &redirect=login=Log+in

havent gone to their webpages to ask for help yet. just wanted to post some progress here.


#4

I think you’re making a fundamental mistake here: it’s a serious security flaw to include a password in the URL query, let alone including it unencrypted/unhashed. I’d suggest sending it as a session variable, which isn’t completely safe either, but would seriously make it harder to hijack.