Pass subscriber group name in http query

I have an application linked on a Membership Pro restricted page. I would like only subscriber to be able to open the application. I have set up an http:// query string which works well but I would like to pass more controlling parameters . I am wondering if I can capture the my subscribers email and password. I want to place those parameters in my query string.

I hope this makes sense. I usually code in .Net, so php, javascript, etc. are outside my comfort zone. Any suggestions will be appreciated.

Well... You aint gonna get much help if you want to intercept the password and send it anywhere. Thats a secuirty nightmare.

Grabbing the username is a different story.
Holding a API key against the member and passing that may be a solution.

Where is this application? Is it outside of the Joomla System?

You will need to describe how the http query is working. i.e. Is this a menu item, or something they click, or is this something that is called from the onSubcription function as a plugin...

Calum - Thanks for the response. I appreciate the lack of security with the http query. I don't need security as much simple access control and a single point of login if possible. I want members/subscribers to see this page of the application when they click on a link.

The query code right now is sitting in a simple html "aref" link on the members page. I could attach it to just about anything but right now its just the simple link. The link with the existing parameter when clicked passes the member/subscriber to a web app built in ASP.Net and allows them to open a particular page in that application. So yes it is outside of Joomla.

I have a link working but if I could tighten up the parameters more I would like that. There are lots of ways to approach this but if I could capture a value and pass it to the query string, then pass the query string to the external app it would be nice.

I wondered if Membership Pro had a simple way to do this.

OK so if I understand this right you might have a joomla website called www.myjoomlasite.com and it needs to talk to www.myaspsite.com/application?page=123

You are thinking of passing: www.myaspsite.com/application?page=123&u...omla123&pass=pass123

I know you say you aren't concerned about the security. I am. Apart from it being technically difficult to intercept the plain text password to add to the URL, it is on display to anyone who intercepts the URL. its a 100% no-no.

Far better would be to create a form that submits to the ASP site. like this:


Note the httpS:// - that means a man in the middle can't sniff the info. Its still far from perfect - someone who wants to can find the data on the form, share it and pass it through to non-subscribers. So - on the ASP side you'd read the POST values from the form submission but also the referral web address, if its not www.myjoomlasite.com it should fail. The ASP Page could hold the Joomla User Id and Secret Key to validate or if you want to get very fancy you'd pass those details back to joomla to validate and confirm.

To do this you would need a PHP code chunk either in a module or component or an article with PHP in it, that's possible through components like Fabrik



You'd need to decide where to store the SECRET key - and if thats unique to each user or generic to your site (less secure).

The security thing stops me putting the php in correctly... before the echo it needs a < symbol and ?php and after the semicolon a ?>

Thanks again for the response. I can keep what I have created. I was looking to see if there was way to easily pull information from php variables into my string. That does not appear to be the case.

That is okay, I will work out a different schem if I can or stay with what we I have.