Defining multiple encrypted parameters

Question

I have encrypted parameters in my url, for example:

Encrypted

example.com/?auth= *****"encrypted data here including other parameters like &username=helloworld&date=today"*****
example.com/?auth=*****WlJWm3+Sbv6P326v8L59gJyrCmnsjMUOa0sUw0WSPEA=*****

Decrypted

example.com/?auth=*****succes&username=helloworld&date=today*****

I would like to do is define those usernames without showing the decrypted version on the client side. If the parameters would not be decrypted i know i can use

$username=$_GET['username'];

but now since the parameter + variable is encrypted i think i can not use it. What would be the best way to define a decrypted parameter without showing it in the url? I thought it myself and it might be possible with recognizing the & and = and have some script that recognizes, for example, the username because its between & and = and the hello world because its between the = and &, however I am not familiar with this type of coding.

Answer 1

I will suggest you use a POST request to send authentication information. POST request will still send the parameter you need without showing it to the user.

I assume you are trying to create a login function and obtain the user's username and password.

so your login form will probably look like this

<form method="POST">
    <input type="text" name="username"/>
    <input type="password" name="password"/>
    <button type="submit">Submit</button>
</form>

so after the form submit, you can get the username and password parameter in PHP like so:

$username = $_POST['username'];
$password = $_POST['password'];