Grow your CSS skills. Land your dream job.

Last updated on:

Append Login Credentials to URL

The example here is if you had a form on a website that when submitted, needed to use that information to go to a special URL where the login information was all appeneded to the URL. You could have the form post with method GET, but that is limited to the typical ?variable=foo&variable2=bar format.

HTML Form

Typical form with three bits of information that submits to a file called ftp.php

<form action="../processing/ftp.php" method="post">
<p><label for="ftp-company-name">Company</label><input type="text" name="ftp-company-name" id="ftp-company-name" /></p>
<p><label for="ftp-user-name">User Name</label><input type="text" name="ftp-user-name" id="ftp-user-name" /></p>
<p><label for="ftp-password">Password</label><input type="password" name="ftp-password" id="ftp-password" /></p>
<p><input type="submit" id="ftp-submit" class="button" value="submit" /></p>
</form>

PHP file

This file reads in the POST variables (if they are set), builds the URL from them, and redirects to it. You'd probably want to clean up the POST variables for security purposes.

<?php

    if (isset($_POST["ftp-company-name"])) {
    
        $company = $_POST["ftp-company-name"];
        $username = $_POST["ftp-user-name"];
        $password = $_POST["ftp-password"];
        
        $url = "ftp://$username:$password@ftp2.edgeconsult.com/$company";
        
        header( "Location: $url" ) ;
        
    } else {
    
        // do nothing
        
    }

?>

Comments

  1. will
    Permalink to comment#

    Seems a little insecure

    • It is absolutely secure. PHP is a very secure server scripting language. In this a good snippet and you can use it as your FTP login form. It’s work is simple, to just replace the sent username, password and and company name to those variables provided in the url.

  2. em gi
    Permalink to comment#

    Thanks for the tutorial!
    How can you avoid “phishing” or “fraudulent site” warnings in some browsers like Safari when submitting the form?

  3. Allan Nienhuis
    Permalink to comment#

    I have to agree with Will – this is terribly insecure. The redirect will perform a ‘GET’ request with the password right in the URL, which will leave passwords in plain text in server logs, including 3rd party proxy servers. Also, anytime you are sending a password across the wire you should restrict the communication to https. Just because PHP _can_ be secure, doesn’t mean that you don’t need to be aware of basic secure coding practices – the tools won’t protect you from incorrect use.

    • Permalink to comment#

      Yes Mr.Allan I tried the script in my server and checked the server log it do leave the password open .

  4. Permalink to comment#

    Kinda insecure i agree with Allan . I tried this code with my server , this do leave trace in logs :(

Leave a Comment

Current day month ye@r *

*May or may not contain any actual "CSS" or "Tricks".