/    Sign up×
Community /Pin to ProfileBookmark

Need to Pass Variable from one site to another

Copy linkTweet thisAlerts:
Dec 06.2006

I have 2 sites: [url]www.site1.com[/url] and [url]www.site2.com[/url]. The user signs on to [url]www.site1.com[/url], does whatever needs to be done, then goes to site2.com. I want to keep the userid from site1 to prevent them from having to sign in to site2.

Seems like session variables wont work here since going to another site, plus I tried, and I dont want to pass the user id allong the URL or through a cookie.

Any thoughts on to the best way to do this?

Thanks,

DPK

to post a comment
PHP

9 Comments(s)

Copy linkTweet thisAlerts:
@ShrineDesignsDec 06.2006 — pass it via POST then, i don't remeber quite how to do it but it involves the header() function, there was a post made the other day about how to do it

http://www.webdeveloper.com/forum/showpost.php?p=677374&postcount=7
Copy linkTweet thisAlerts:
@sitehatcheryDec 06.2006 — I tested this on 2 websites on the same server and it works. Just do like you would do any form. Set the action to the url of the other site. Then echo the post value from the other site and you'll see that it works!
Copy linkTweet thisAlerts:
@sitehatcheryDec 06.2006 — Ah, and I did it on sites on 2 different servers and it works as well.
Copy linkTweet thisAlerts:
@pcthugDec 06.2006 — You could set a cookie on site 1 and make it available to site 2 via the domain parameter:
[code=php]
$key = 'secret'; // this is a secret key used for encoding/decoding
$data = $user_id . '-' . $username;
$time = time();
$hash = sha1($key . $time . $data);
$userdata = base64_encode("$hash-$time-$data")
setcookie('userdata', $userdata, time()+3600, "/", ".site2.com");
[/code]
And then retrieve and decode the cookie on site2:
[code=php]
$key = 'secret'; // the same secret key

if ( isset($_COOKIE['userdata']) ) // cookie exists
{
$userdata = base64_decode($_COOKIE['userdata']);
$args = explode($userdata);

$hash = $args[0];
$time = $args[1];
$data = $args[2];

$args = explode($data);

$user_id = $args[0];
$username = $args[1];

if ( $hash == sha1($key . $time . $data) ) // valid data
{
// user_id: $user_id
// username: $username
}
else
{
setcookie('userdata', false, time()-3600, "/", ".site2.com"); // delete invalid cookie
}
[/code]
Copy linkTweet thisAlerts:
@dpkyteauthorDec 07.2006 — The thing is I am not using a FORM so the POST or GET are not going to work. The link is transfered via the <a href='http://www.site2.com'>click here to go to the link</a>.

There I was planning on doing the session_start() command to the the session variable.
Copy linkTweet thisAlerts:
@dpkyteauthorDec 07.2006 — For some reason it is not reading the cookie. I tried print_r($_COOKIE['userdata']); but it did not display anything. I made sure the domain is the site2.com domain.

I am transfering controll to a https: secure site but looking @ the defaults it should be OK. The only thing is I am directing to site2.com/subdir1. I changed to that and still had the issue.
Copy linkTweet thisAlerts:
@pcthugDec 08.2006 — When you say you are [I]transfering controll to a https: secure site[/I], does this mean that;

only site1.com is using a secure HTTPS connection or that

only site2.com is using a secure HTTPS connection or that

both site1.com and site2.com are using a secure HTTPS connection?
Copy linkTweet thisAlerts:
@dpkyteauthorDec 08.2006 — Site 1 is Not secure http://www.site1.com

Site 2 is secure https://www.site2.com

So script would be like:

SITE 1

<html>

$key = 'secret'; // this is a secret key used for encoding/decoding

$data = $user_id . '-' . $username;

$time = time();

$hash = sha1($key . $time . $data);

$userdata = base64_encode("$hash-$time-$data")

setcookie('userdata', $userdata, time()+3600, "/", ".site2.com");

.

.

.

To Log on to your account <a href='https://www.site2.com/subdirectory/index.php'>Click Here</a>

.

.

</html>


The Site 2 would be:

<html>

$key = 'secret'; // the same secret key

if ( isset($_COOKIE['userdata']) ) // cookie exists

{

$userdata = base64_decode($_COOKIE['userdata']);

$args = explode($userdata);

.

.

} else {

echo "Cookie not found";

}

</html>

//////

In Site 2 I put in the below

print_r($_COOKIE['userdata']); // results were blank

print_r($_COOKIE); // results were array[]

Thanks,

DPK
Copy linkTweet thisAlerts:
@pcthugDec 08.2006 — Cookies to be used within a secure environment are to be set with a TRUE secure parameter:<i>
</i>setcookie('userdata', $userdata, time()+3600, "/", ".site2.com", [color=red]true[/color]);
Unfortunately, a cookie will only be accepted with a TRUE secure parameter when the site setting the cookie is secure itself. Therefore, as site1 is not secure, such a cookie cannot be set.

An alternative to the cookie would be to use the same method of encryption that I suggested for the cookie, just transfer it through the query string instead:

[B]Site1:[/B]
[code=php]$key = 'secret'; // this is a secret key used for encoding/decoding
$data = $user_id . '-' . $username;
$time = time();
$hash = sha1($key . $time . $data);
$userdata = base64_encode("$hash-$time-$data")
//
echo "To Log on to your account <a href='https://www.site2.com/subdirectory/index.php?userdata=$userdata'>Click Here</a>";
[/code]
Then on site2:
[code=php]
 $key = 'secret'; // the same secret key

if ( isset($_GET['userdata']) ) // userdata exists within the query-string
{
$userdata = base64_decode($_GET['userdata']);
$args = explode($userdata);

$hash = $args[0];
$time = $args[1];
$data = $args[2];

$args = explode($data);

$user_id = $args[0];
$username = $args[1];

if ( $hash == sha1($key . $time . $data) ) // valid data
{
// user_id: $user_id
// username: $username
}
else
{
// bad userdata passed, prompt login, trigger error, or whatever
} [/code]
×

Success!

Help @dpkyte spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.23,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...