- Posts: 115
- Thank you received: 19
Pass subscriber group name in http query
- John Willems
- Topic Author
- Offline
- Premium Member
Less
More
7 years 10 months ago #83681
by John Willems
Pass subscriber group name in http query was created by John Willems
I have an application linked on a Membership Pro restricted page. I would like only subscriber to be able to open the application. I have set up an http:// query string which works well but I would like to pass more controlling parameters . I am wondering if I can capture the my subscribers email and password. I want to place those parameters in my query string.
I hope this makes sense. I usually code in .Net, so php, javascript, etc. are outside my comfort zone. Any suggestions will be appreciated.
I hope this makes sense. I usually code in .Net, so php, javascript, etc. are outside my comfort zone. Any suggestions will be appreciated.
Please Log in or Create an account to join the conversation.
- Calum
- Offline
- Elite Member
Less
More
- Posts: 257
- Thank you received: 34
7 years 10 months ago #83685
by Calum
Replied by Calum on topic Pass subscriber group name in http query
Well... You aint gonna get much help if you want to intercept the password and send it anywhere. Thats a secuirty nightmare.
Grabbing the username is a different story.
Holding a API key against the member and passing that may be a solution.
Where is this application? Is it outside of the Joomla System?
You will need to describe how the http query is working. i.e. Is this a menu item, or something they click, or is this something that is called from the onSubcription function as a plugin...
Grabbing the username is a different story.
Holding a API key against the member and passing that may be a solution.
Where is this application? Is it outside of the Joomla System?
You will need to describe how the http query is working. i.e. Is this a menu item, or something they click, or is this something that is called from the onSubcription function as a plugin...
Please Log in or Create an account to join the conversation.
- John Willems
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 115
- Thank you received: 19
7 years 10 months ago #83686
by John Willems
Replied by John Willems on topic Pass subscriber group name in http query
Calum - Thanks for the response. I appreciate the lack of security with the http query. I don't need security as much simple access control and a single point of login if possible. I want members/subscribers to see this page of the application when they click on a link.
The query code right now is sitting in a simple html "aref" link on the members page. I could attach it to just about anything but right now its just the simple link. The link with the existing parameter when clicked passes the member/subscriber to a web app built in ASP.Net and allows them to open a particular page in that application. So yes it is outside of Joomla.
I have a link working but if I could tighten up the parameters more I would like that. There are lots of ways to approach this but if I could capture a value and pass it to the query string, then pass the query string to the external app it would be nice.
I wondered if Membership Pro had a simple way to do this.
The query code right now is sitting in a simple html "aref" link on the members page. I could attach it to just about anything but right now its just the simple link. The link with the existing parameter when clicked passes the member/subscriber to a web app built in ASP.Net and allows them to open a particular page in that application. So yes it is outside of Joomla.
I have a link working but if I could tighten up the parameters more I would like that. There are lots of ways to approach this but if I could capture a value and pass it to the query string, then pass the query string to the external app it would be nice.
I wondered if Membership Pro had a simple way to do this.
Please Log in or Create an account to join the conversation.
- Calum
- Offline
- Elite Member
Less
More
- Posts: 257
- Thank you received: 34
7 years 10 months ago - 7 years 10 months ago #83689
by Calum
Replied by Calum on topic Pass subscriber group name in http query
OK so if I understand this right you might have a joomla website called
www.myjoomlasite.com
and it needs to talk to
www.myaspsite.com/application?page=123
You are thinking of passing: www.myaspsite.com/application?page=123&u...omla123&pass=pass123
I know you say you aren't concerned about the security. I am. Apart from it being technically difficult to intercept the plain text password to add to the URL, it is on display to anyone who intercepts the URL. its a 100% no-no.
Far better would be to create a form that submits to the ASP site. like this:
Note the httpS:// - that means a man in the middle can't sniff the info. Its still far from perfect - someone who wants to can find the data on the form, share it and pass it through to non-subscribers. So - on the ASP side you'd read the POST values from the form submission but also the referral web address, if its not www.myjoomlasite.com it should fail. The ASP Page could hold the Joomla User Id and Secret Key to validate or if you want to get very fancy you'd pass those details back to joomla to validate and confirm.
To do this you would need a PHP code chunk either in a module or component or an article with PHP in it, that's possible through components like Fabrik
You'd need to decide where to store the SECRET key - and if thats unique to each user or generic to your site (less secure).
You are thinking of passing: www.myaspsite.com/application?page=123&u...omla123&pass=pass123
I know you say you aren't concerned about the security. I am. Apart from it being technically difficult to intercept the plain text password to add to the URL, it is on display to anyone who intercepts the URL. its a 100% no-no.
Far better would be to create a form that submits to the ASP site. like this:
Note the httpS:// - that means a man in the middle can't sniff the info. Its still far from perfect - someone who wants to can find the data on the form, share it and pass it through to non-subscribers. So - on the ASP side you'd read the POST values from the form submission but also the referral web address, if its not www.myjoomlasite.com it should fail. The ASP Page could hold the Joomla User Id and Secret Key to validate or if you want to get very fancy you'd pass those details back to joomla to validate and confirm.
To do this you would need a PHP code chunk either in a module or component or an article with PHP in it, that's possible through components like Fabrik
You'd need to decide where to store the SECRET key - and if thats unique to each user or generic to your site (less secure).
Last edit: 7 years 10 months ago by Calum. Reason: Silly security thing doesn't let me incldue code!
Please Log in or Create an account to join the conversation.
- Calum
- Offline
- Elite Member
Less
More
- Posts: 257
- Thank you received: 34
7 years 10 months ago #83690
by Calum
Replied by Calum on topic Pass subscriber group name in http query
The security thing stops me putting the php in correctly... before the echo it needs a < symbol and ?php and after the semicolon a ?>
Please Log in or Create an account to join the conversation.
- John Willems
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 115
- Thank you received: 19
7 years 10 months ago #83693
by John Willems
Replied by John Willems on topic Pass subscriber group name in http query
Thanks again for the response. I can keep what I have created. I was looking to see if there was way to easily pull information from php variables into my string. That does not appear to be the case.
That is okay, I will work out a different schem if I can or stay with what we I have.
That is okay, I will work out a different schem if I can or stay with what we I have.
Please Log in or Create an account to join the conversation.
Support
Documentation
Information
Copyright © 2024 Joomla Extensions by Joomdonation. All Rights Reserved.
joomdonation.com is not affiliated with or endorsed by the Joomla! Project or Open Source Matters.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.