Quote:
Originally Posted by rednuht
Are you saying that instead of logging into the big companys website directly from a login form shown on your site you are going to setup a form that looks like that login but submits to your site which then forwards the request onto big company ?
It might be considered fraud if you did not make it clear you were acting as a middle man.
|
*We will have a login form in our site.
*When user enters username/password, thous two variables are passed to C Socket client, that acts as an browser, and sends out HTTP POST:
Code:
POST /login.asp HTTP/1.1
Host: ourshoppingcart.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://ourshoppingcart.com/login.asp
Content-Type: application/x-www-form-urlencoded
Content-Length: 50
USER=SOME_USERNAME&PASS=SOME_PASSWORD&Submit=Login
SOME_USERNAME and
SOME_PASSWORD is variables, witch user entered into our login form. My application acts like a browser and tries to login into the shopping cart using username and password, provided by user from our loggin form.
*My application waits for reply:
if loggin is successfull return 0
else return -1
*I check the return value with php:
if loggin is successfull, I create a PHP session for the user
if loggin was now successful, error is returned.
Basicly, I'm using my their loggin form to test if username/password exists, because I don't have an access to their database.