Home/ Questions/Q 8278215
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T08:56:03+00:00

I have a fixed username password and one variable text. this is first method

  • 0

I have a fixed username password and one variable text.

this is first method but it’s not safe: 

<form action="http://site.com/foo.php" method="post">
  <input type="hidden" name="username" value="user123" />
  <input type="hidden" name="password" value="pass123" />
<input type="text" name="text" />
<input type="submit" />

</form>

this is secound method Please complete this:

index.html

<form action="foo.php" method="post">
<input type="text" name="text" />
<input type="submit" />
</form>

foo.php

$username = "user123";
$password = "pass123";

$text = $_POST["text"];

$url  = "http://site.com/foo.php?text=".$text."&password=".$password."&username=".$username;

HOW TO post $url safe? (without HTTPS)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    UPDATE:

    You can’t securely log in without HTTPS.
    This is terribly insecure, and doesn’t prevent people from logging in
    if they intercept the hash.
    Just use HTTPS.

    Use the MD5 function.

    e.g.

    $url = "http://example.com/foo.php?text=".$text."&password=".md5($password)."&username=".$username;

    Then on the receiving site (http://example.com/foo.php?...), check the received password with a hash (MD5) of the actual password.

    Example:

    sending file:

    $username = "user123";
$password = "pass123";

$text = $_POST["text"];

$url = "http://example.com/foo.php";
$data = "text=".$text."&password=".md5($password)."&username=".$username;

$handle = curl_init($url);
curl_setopt($handle, CURLOPT_POST, true);
curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
$result = curl_exec($handle);
curl_close($handle);
if($result) {
    // Success
} else {
    // Failed
}

    receiving file:

    $username = $_POST["username"];
$password = $_POST["password"];

// Insert code here to escape the username with mysqli_real_escape_string,
// then retrieve data from database with MySQLi.

if($password == md5($db_password)) {
    // Correct password
} else {
    echo 'Incorrect password.';
}
unset($username, $password, $db_password); // For security, remove variables from memory
    • 0