I have two files in two domain
http://example1.com/remote_login.php
and
http://example2.com/login.php
While user accessing http://example1.com/remote_login.php I want to do some validations in remote_login.php , after that I want to post the username and password to http://example2.com/login.php If the result is success, user should be redirect to http://example2.com/index.php ( Also I am checking session in http://example2.com/index.php )
Any Idea
Sorry for my bad english
I Have tried it using curl, but its not working it will login, but not setting session. so user can’t redirect to index.php
$cookie="cookie.txt";
$data = array();
$data['global_id'] = "raj";
$data['global_password'] = "raj";
foreach ($data as $key => $value){
$post_items[] = $key . '=' . $value;
}
//create the final string to be posted using implode()
$post_string = implode ('&', $post_items);
$curl_connection = curl_init('http://example2.com/login.php');
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT,"Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl_connection, CURLOPT_FAILONERROR, TRUE);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_REFERER, 'http://example2.com/login.php');
curl_setopt($curl_connection, CURLOPT_POST, true);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $data);
curl_setopt($curl_connection, CURLOPT_HEADER, FALSE);
curl_setopt($curl_connection, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($curl_connection, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($curl_connection, CURLOPT_SSLVERSION, 3); // OpenSSL issue
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, 0); // Wildcard certificate
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYHOST, 2);
$result = curl_exec($curl_connection);
if($result){
header("Location: http://example2.com/index.php");
}
else{
echo "Login failed";
}
This is quite a big task. The reason why the user is not being logged in is because the session will not be set on their machine, but instead, on the server (if it accepts cookies). So what you’re doing now is pretty useless.
With that said, you could setup some kind of system where every remote login will trigger some sort of “validation ID” to be produced which can then be returned to that specific user, and then the user gets redirected to a link (
validateSession.php?), passing the specific ID to confirm identity, and all the sessions get set there…That’s a huge task though.
Also note: This is not 100% secure unless you’re using SSL to prevent middle man attacks. A middle man attack is when some evil monster listens to what is being sent from client to server and vice versa. So if someone gets hold of that ID, you’re on trouble. Or even worse, if they get hold of the users username and pass….oh boy…