Hiding / Masking URL

Forum Moderators: open

Message Too Old, No Replies

Hiding / Masking URL

Help with masking a URL

GrahamM

5:28 pm on Dec 4, 2005 (gmt 0)

I have a web based application that I would like to allow "some" of my customers to use. I have used html & php to create a simple server side user/password log-in & monitoring system which works fine. So I know when they're using it - my goal.
However when they get into the application I don't really want them to see the URL of the target program in the address bar, otherwise they could go straight there rather than through my login/monitoring procedure - and I can't monitor usage.
My web based application is started by navigating to an address HTTP://123.45.56.78/app.html. To function correctly the app needs to reside somewhere under the C:Inetpub/wwwroot of my server.
Can anyone help please?

[edited by: tedster at 11:46 pm (utc) on Dec. 4, 2005]
[edit reason] remove hotlink on the IP example [/edit]

Amicus Careo

7:00 pm on Dec 4, 2005 (gmt 0)

If I were you, I would put the php login on the page that you were trying to protect, instead of trying to mask the url.

When the page that has the program on it is accessed it prompts for a login.

I don't know how exactly you are working with usernames and passwords but something like this may be what you need.

$username = "admin";
$password = "admin";

if ($_POST['txtUsername']!= $username ¦¦ $_POST['txtPassword']!= $password) {

?>
<p>
<b>Login</b>
</p>
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
<div align="center">
<center>
<table border="0" cellpadding="5" cellspacing="0">
<tr>
<td><label for="txtUsername">Username</label>
</td>
<td><input type="text" title="Enter your Username" name="txtUsername" /></td>
</tr>
<tr>
<td><label for="txtpassword">Password</label>
</td>
<td><input type="password" title="Enter your password" name="txtPassword" /></td>
</tr>
</table>
</center>
</div>
<p align="center"><input type="submit" name="Submit" value="Login" /></p>
</form>

<?php
}
else {
?>

INSERT BODY OF THE PAGE BELOW THE PHP

If you are using a database to store usernames and password you will have to mod this to check the db for names and passwords.

GrahamM

10:00 pm on Dec 4, 2005 (gmt 0)

Hi Amicus Careo, thanks for the fast response.
I was using this method, but what I didn't mention earlier was that I now have numerous applications to allow my customers to access, and they are updated regularly, so I wanted a modular method, seperate from the app, so I don't need to keep editing them. Hence the ability to mask the url.

topsites

8:07 am on Dec 6, 2005 (gmt 0)

The cleanest method I can think of which masks the url without it looking like a Haxor's site is to use frames.
Load your page via an empty (zero space) top frame and the bottom frame contains your login, then when the user logs in, the bottom frame targets your new url but the url in the visitor's browser does not change as the empty top frame keeps the browser at your place, so to speak.