Hi all,
I am almost new to PHP. I have stuck with an issue which is taking my hair off everyday.
Please help me.
I have a site, in which every user has a username and pasword. I need to integrate a messenger to this site.
Users can use the same user name and password of the site to login to the messenger also. ie, with single user name and password, users can login to the site and messenger as well.
In the site, there is a link “Messenger”. When clinking this link, the users are supposed to be logged in to the
messenger(No more explicit login to this messenger) using the username and password that the user has already logged on the site.That is, the login to the messenger should be automatic, no external login to this messnger is allowed.
The site files and messenger files are in different server. I have access to both this files.
Because of the security problem, i cannot pass the username and pasoword as query string.
Summarizing the issue ,
User Login to the site(providin username and password) -> Clicking on Link ‘Messenger’ -> Messenger Popup appears ready to chat
If i am passing the user name and variable as folllows,
<a href = “www.xyzmessenger.com/login.php?user=test&password=testpas”>Messenger</a>
the security issue arises.
Even if i pass it by encrypting, whoever sees the querystring in the address bar can easily use to login further.
How to do this with much security? How can i pass?What to pass?
I have access to re-write the code in messeneger/login.php…………
PLEASE HELP ME…..