Skip to content
Advertisement

PHP – hide url (GET) parameters

I have a link in my PHP/HTML like this:

<a href="http://search.mywebsite.com/login.aspx?checktype=uid&user=adam&password=pass1234&profile=dart&defaultdb=kts"> Log me into this website </a>

When users click on the link, the parameters are handled by a 3rd party website which log the users in seamlessly.

Is it possible to hide/mask/camouflage the url so that users don’t see the parameters while still passing them over to the designated site?

If no, how would you guys go about this? I’m mainly worried about the user and password params and need those hidden. (user=adam&password=pass1234)

The only way i know how to hide params is when using a form post method but in this case it is not an option because im working with a direct link.

EDIT: To those who keep suggesting using a POST method, this is not an option because I’m not using a form and the receiving website is out of my control. I’m logging in from one site to another (3rd party) website

Advertisement

Answer

Your only option is to use a form and POST if the page your are logging into is controlled by a 3rd party:

<form action="http://search.mywebsite.com/login.aspx" method="post">
   <input type="hidden" name="checktype" value="uid" />
   <input type="hidden" name="user" value="adam" />
   <input type="hidden" name="password" value="pass1234" />
   <input type="hidden" name="profile" value="dart" />
   <input type="hidden" name="defaultdb" value="kts" />
   <input type="submit" value="Log me into this website" />
</form>

EDIT: If it must be a link and javascript can be required then you can use javascript to create and submit a form on the fly:

<a href="#" onclick="postLogin()">Log me into this website</a>

<script type="text/javascript">
function postLogin() {
    var form = document.createElement("form");
    form.setAttribute("method", "post");
    form.setAttribute("action", "http://search.mywebsite.com/login.aspx");

    var params = {checktype: 'uid', user: 'adam', password: 'pass1234', profile: 'dart', defaultdb: 'kts'};
    for(var key in params) {
        if(params.hasOwnProperty(key)) {
            var hiddenField = document.createElement("input");
            hiddenField.setAttribute("type", "hidden");
            hiddenField.setAttribute("name", key);
            hiddenField.setAttribute("value", params[key]);

            form.appendChild(hiddenField);
         }
    }

    document.body.appendChild(form);
    form.submit();
}
</script>
User contributions licensed under: CC BY-SA
3 People found this is helpful
Advertisement