PHP - hide url (GET) parameters

Question

I have a link in my PHP/HTML like this:

Answer 1

Don't use $_GET to pass any personal, confidential or crucial data. Use $_POST instead.

I don't know what stops you from using $_POST but if you insist on using it anyway, try md5() to code these data and validate them when necessary. You can always use $_SESSION to pass $_POST login data for further use.

Answer 2

Agree on and encryption/hash approach (MD5 for example). Then have a reprocessing page that decrypts the message before calling the required script. I'm doing this in php... Just to show you the idea.

eg. www.mydomain.com/preporcessor.php?request=qouiapfiwe0i9qrr9qyy83r34rqejl

preprocessor.php (pseudo code)

$request = $_REQUEST["request"];
$decrypted = mydecryptfunction($request);
//$decrypted will now contain: targetpage=login.php?username=abc&password=34453js&location=ABJ...
//Now you can route the parameters to login.php. 

Note that mydecryptfunction($request) is a function you will create.

Answer 3

You can't do this using the GET method. It would be helpful if you gave us more information. Are you trying to get a user from your site to log into another website? In that case, they might have an API for that which you could check.

Answer 4

Your only option is to use a form and POST if the page your are logging into is controlled by a 3rd party:

<form action="http://search.mywebsite.com/login.aspx" method="post">
   <input type="hidden" name="checktype" value="uid" />
   <input type="hidden" name="user" value="adam" />
   <input type="hidden" name="password" value="pass1234" />
   <input type="hidden" name="profile" value="dart" />
   <input type="hidden" name="defaultdb" value="kts" />
   <input type="submit" value="Log me into this website" />
</form>

EDIT: If it must be a link and javascript can be required then you can use javascript to create and submit a form on the fly:

<a href="#" onclick="postLogin()">Log me into this website</a>

<script type="text/javascript">
function postLogin() {
    var form = document.createElement("form");
    form.setAttribute("method", "post");
    form.setAttribute("action", "http://search.mywebsite.com/login.aspx");

    var params = {checktype: 'uid', user: 'adam', password: 'pass1234', profile: 'dart', defaultdb: 'kts'};
    for(var key in params) {
        if(params.hasOwnProperty(key)) {
            var hiddenField = document.createElement("input");
            hiddenField.setAttribute("type", "hidden");
            hiddenField.setAttribute("name", key);
            hiddenField.setAttribute("value", params[key]);

            form.appendChild(hiddenField);
         }
    }

    document.body.appendChild(form);
    form.submit();
}
</script>

Answer 5

You can generate tokens for this functions: in your database generate an random string: This is an function which returns an random string

function gt_rnd_str($min=2,$max=9){
    $str="";
    while (strlen($str)<$max) 
        $str.=rtrim(base64_encode(md5(microtime())),"=");
    return substr($str, 0, rand($min, $max));
}

now save an token with username/id and using this you can easily generate more tokens for same user as well as cancel any token easily..

Answer 6

You can use iframe with URL of the page and style it to fill parent and remove border.

    <!DOCTYPE html>
<html>
    <body>
        <iframe id="win" src="bookmarks_3_22_20.html" frameborder="0">
        </iframe>
        <script>
            this.onload=function(){
                document.getElementById("win").style="width:"+window.innerWidth+"px;height:"+window.innerHeight+"px;";
            }
        </script>
</body>
</html>