0

i want to check login information for remote website. i can do it with curl, but curl uses server's ip (i dont want my script to use server's ip, i want script to use client's ip).

for example: client will use my form (username and password) and my php script will check out his account details are correct or not. script will control that his account credentials are true or not.

i can not use curl (server ip),file get contents (server ip), jquery+json+ajax(cross domain problem).

any advice?

taffarel
  • 15
  • 3
  • Why the requirement that you can't use the server's IP? It sounds like you might be getting close to violating someone's terms of use... – David Souther Sep 01 '11 at 22:16
  • because i am developing an application. people will use my script to login their php scripts. if someone use wrong passwords for 5 times, script blocks ip for 5 minutes. because of this reason i gotta use client's ip instead of server ip. server ip must be stay as clean – taffarel Sep 01 '11 at 22:19
  • That actually makes a lot of sense. If you have the authority in the matter, you might look into setting up OAuth or some similar federated authentication service, but you'll have to have both your server and the remote service configured correctly. – David Souther Sep 01 '11 at 22:24
  • sir, people will use my script in their websites. so i cant connect their websites. my script will connect to my server to validate users. i am not doing bad thing, im just a developer. – taffarel Sep 01 '11 at 22:28
  • Yeah, your use case makes a lot of sense now that I think about it. I think hidden iframes will be your best bet. – David Souther Sep 02 '11 at 00:02

1 Answers1

0

It is impossible for you to not use the server's IP address if the server is making the request. You are correct that the ajax solution won't work for xss reasons.

You could open the remote page in a hidden iframe, and control that iframe with jquery.

David Souther
  • 8,125
  • 2
  • 36
  • 53
  • thanks. your idea is great. i can open remote page in a hidden iframe. thats okay. but how can i control it? i need to control http status. if status is 200 or 401.. i gotta check out http status. – taffarel Sep 01 '11 at 22:21
  • http://stackoverflow.com/questions/35240/retrieving-http-status-code-from-loaded-iframe-with-javascript – David Souther Sep 01 '11 at 22:22