This is what i am doing:
I have an "Internet caffe", and i want to give to my client a limited sms gratis. I have an account at
www.smsdiscount.com and they let user to use service with url: https://myaccount.smsdiscount.com/clx/sendsms.php?username=xxx&password=xxx&from=xxx&per =xxx&text=xxx";
I have created a simple html form and I am working with php. In html form I have this:
[HTML]<form action="sms.php" onMouseOver="window.status='aRTx center'; return true;" onMouseOut="window.status=''; return true method="post" >
<label for="to">Numri</label><br/>
<input type="text" name="to" value="+37744xxxxxx" size="20" >
<p>
<label for="from">Sender</label><br/>
<input type="text" name="from" value="<?echo $_SESSION['user']; ?>" size="20" ><br/>
</p>
<label for="text">Message</label><br/>
<textarea size="50" rows="8" name="text" cols="40" onKeyDown="limitText(this.form.text,this.form.coun tdown,160);"
onKeyUp="limitText(this.form.text,this.form.countd own,160);" > </textarea>
</p>
<table>
<td valign="top"> </td>
<td><input name="submit" type="submit" id="submit" value="submit" onSubmit=mbylle() />
When i post this at "sms.php", there I put my username and password of my account at the service, but to have the url that accept the service I used header like this:
$url = "https://myaccount.smsdiscount.com/clx/sendsms.php?username=".$username."&password=".$pas sword."&from=".$from."&to=".$to."&text=".$text;
header('Location: '.$url);[/HTML]
But my clients steal my password in the URL. I have hide it with the frameset but It was a siple trick to hack it. So what should I do to prevent the hacking my account.
Thanks for support!