TalkPHP
Home Forums Articles Glossary Awards Register Rules Members Search Today's Posts Mark Forums Read
 
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
by awuehr on 11-10-2008 in Tips & Tricks
» Vulnerable methods and the areas they are commonly trusted in.
by Village Idiot on 11-04-2008 in Classes & Objects
» Simple way to protect a form from bot
by codefreek on 10-23-2008 in Basic
» The Basics On: How Session Stealing Works
by wiifanatic on 09-12-2008 in Security & Permissions
» How to keep your forms from double posting data
by drewbee on 07-03-2008 in Tips & Tricks
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
TalkPHP > Developer Forums > Absolute Beginners » writing field data into the url?
Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 09-25-2008, 12:36 AM   #1 (permalink)
The Addict
 
sarmenhb's Avatar
 
Join Date: Jan 2008
Location: los angeles
Posts: 309
Thanks: 44
sarmenhb is on a distinguished road
Help writing field data into the url?
hi, im trying to figure how i can put a forms field data into the url to have it process rather than putting the data into each field one by one.

for example

talkphps login page

its action is login.php?do=login

username field is called: vb_login_username
password field is called: vb_login_password
submit button has no name but by default it should be called query and its value is "Log in"

so instead of manually logging in

wouldnt i do something like this?

Code:
http://www.talkphp.com/login.php?do=login&vb_login_username=myusername&vb_login_password&query=Log in
i've tried this here and it didnt work. how is this possible??

thanks in advance
__________________
no signature set
sarmenhb is offline   		Reply With Quote
Old 09-25-2008, 07:25 AM   #2 (permalink)
The Wanderer
Good Samaritan 
 
martins256's Avatar
 
Join Date: Mar 2008
Posts: 18
Thanks: 0
martins256 is on a distinguished road
Default
The <form> element have a method attribute, where you can put "get" or "post". When you submit a form with "get" there the variables will appear in url but with "post" attributes will be sent to server in header as attachment.

In serverside php is making two arrays one is $_POST and the other is $_GET. There is also $_REQUEST which is combined from $_POST, $_GET and $_COOKIE. If vbulletin gets login data from $_REQUEST your url should work, but if it uses $_POST you just can't do that.

Try FF addon `live HTTP headers` to see what data are you really sending to the server.
martins256 is offline   		Reply With Quote
Old 09-25-2008, 10:23 AM   #3 (permalink)
Moderateur
RegEx Guru PHP Guru Top Contributor Advanced Programmer 
 
Salathe's Avatar
 
Join Date: Apr 2007
Posts: 1,393
Thanks: 5
Salathe is on a distinguished road
Default
The data that vBulletin sends along when logging in is (comments in parentheses):

vb_login_username = salathe
vb_login_password = (yes, empty!)
cookieuser = 1 (remember me)
s =
do = login
vb_login_md5password = 7d71fd91d770d166141b7bf730b425ca (your password MD5 hashed)
vb_login_md5password_utf = 7d71fd91d770d166141b7bf730b425ca


As far as I'm aware, vB looks at the POST data only for logging in (so an equivalent GET won't work).
Salathe is offline   		Reply With Quote
Old 09-25-2008, 10:44 PM   #4 (permalink)
how quixotic are you?
 
ETbyrne's Avatar
 
Join Date: Dec 2007
Location: Lapeer, MI
Posts: 445
Thanks: 37
ETbyrne is on a distinguished road
Default
You should NEVER pass information like passwords over $_GET because it is insecure. All someone has to do is look at your browsing history to figure out your password. Use cURL to submit $_POST data.
__________________
Dingo Web Systems > http://www.dingocode.com
My Website > http://www.evanbot.com
ETbyrne is offline   		Reply With Quote
Old 09-26-2008, 03:01 AM   #5 (permalink)
The Addict
 
sarmenhb's Avatar
 
Join Date: Jan 2008
Location: los angeles
Posts: 309
Thanks: 44
sarmenhb is on a distinguished road
Default
Quote:
Originally Posted by ETbyrne View Post
You should NEVER pass information like passwords over $_GET because it is insecure. All someone has to do is look at your browsing history to figure out your password. Use cURL to submit $_POST data.
lol, why is it that the older i get new knowledge just doesnt want to go into my brain such as curl.. even though its so easy to do.
__________________
no signature set
sarmenhb is offline   		Reply With Quote
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 07:12 PM.

 
     
Contact Us - TalkPHP - PHP Community - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design