#19 Remote login with GET request

open
nobody
5
2009-04-23
2009-04-23
Nicolas Liaudat
No

To interface quixplorer with existing web site, it could be great to have a secured remote login solution, with GET http request instead of POST.
It's not so evident to make a redirection with POST params.

I propose you to have a remote login url like : .../index.php?user=user&passmd5=[md5(psw)]&checker=[md5(date & ip)]

I've modified login.php a bit :

-------------------------- login.php
function login() {

//start addition
// - activation of user from $_GET param (psw is direct in md5)
if(isset($GLOBALS['__GET']["user"]) && isset($GLOBALS['__GET']["passmd5"]) && isset($GLOBALS['__GET']["checker"])) {
if( $GLOBALS['__GET']["checker"] === md5(date("Ymd") .$_SERVER['REMOTE_ADDR'])){//request valid only today
activate_user(stripslashes($GLOBALS['__GET']["user"]), stripslashes($GLOBALS['__GET']["passmd5"]));
}else {
logout();
}

}//isset

//end addition
....
-------------------------- login.php

Regards
Nicolas Liaudat

Discussion