Home/ Questions/Q 8295789
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T14:44:01+00:00

I am looking for a secure solution for this particular scenario : I have

  • 0

I am looking for a secure solution for this particular scenario :

  1. I have an index.php file (let’s say http://www.my-app.com/index.php)
  2. I have to HTTP Post the authentication details to http://www.domain.com/login
  3. When login is verified, I have to load the response in an iframe within the index.php

while researching I found the following solutions,

Solution #1: Use javascript(jquery) / simple html form to submit
username & password to http://www.domain.com and mention the target as id of
that particular iframe. Thus the application loads in that iframe.

My take : This may not be secure as username and password may be sniffed, session may be hijacked. I have no idea how, but it seems to be possible. ( Even hidden variables can be seen in source )

Solution #2:

Use php curl to submit the username & password and load the url in the
iframe.

(Not very clear how to implement this. )

Limitations : Not an expert in php (obvious I suppose ). A code snippet would help.

Is there another way to implement the same technique in a secure way?

I have seen facebook do the same with their Page Tab Applications. I am sure most of the payment frameworks do the same. But how are they doing it ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I dont have much knowledge on CURL.It may help you for your second solution (PHP – CURL )

    <?php
 $ch = curl_init('http://mysite.com/index.php');
 curl_setopt ($ch, CURLOPT_POST, 1);
 curl_setopt ($ch, CURLOPT_POSTFIELDS,"username=xyz&pwd=123");
 $result = curl_exec ($ch);
 curl_close ($ch);
?>

    As per php manual :

      curl_exec() returns TRUE on success or FALSE on failure. 
  However, if the CURLOPT_RETURNTRANSFER option is set, it will return the result on success, FALSE on failure.

    So you have the result from the other site which you can display in iframe

    • 0