PHP - hide url (GET) parameters

Question

I have a link in my PHP/HTML like this:

<a href="http://search.mywebsite.com/login.aspx?checktype=uid&user=adam&password=pass1234&profile=dart&defaultdb=kts"> Log me into this website </a>

When users click on the link, the parameters are handled by a 3rd party website which log the users in seamlessly.

Is it possible to hide/mask/camouflage the url so that users don't see the parameters while still passing them over to the designated site?

If no, how would you guys go about this? I'm mainly worried about the user and password params and need those hidden. (user=adam&password=pass1234)

The only way i know how to hide params is when using a form post method but in this case it is not an option because im working with a direct link.

EDIT: To those who keep suggesting using a POST method, this is not an option because I'm not using a form and the receiving website is out of my control. I'm logging in from one site to another (3rd party) website

Answer 1

Your only option is to use a form and POST if the page your are logging into is controlled by a 3rd party:

<form action="http://search.mywebsite.com/login.aspx" method="post">
   <input type="hidden" name="checktype" value="uid" />
   <input type="hidden" name="user" value="adam" />
   <input type="hidden" name="password" value="pass1234" />
   <input type="hidden" name="profile" value="dart" />
   <input type="hidden" name="defaultdb" value="kts" />
   <input type="submit" value="Log me into this website" />
</form>

EDIT: If it must be a link and javascript can be required then you can use javascript to create and submit a form on the fly:

<a href="#" onclick="postLogin()">Log me into this website</a>

<script type="text/javascript">
function postLogin() {
    var form = document.createElement("form");
    form.setAttribute("method", "post");
    form.setAttribute("action", "http://search.mywebsite.com/login.aspx");

    var params = {checktype: 'uid', user: 'adam', password: 'pass1234', profile: 'dart', defaultdb: 'kts'};
    for(var key in params) {
        if(params.hasOwnProperty(key)) {
            var hiddenField = document.createElement("input");
            hiddenField.setAttribute("type", "hidden");
            hiddenField.setAttribute("name", key);
            hiddenField.setAttribute("value", params[key]);

            form.appendChild(hiddenField);
         }
    }

    document.body.appendChild(form);
    form.submit();
}
</script>

Answer 2

Don't use $_GET to pass any personal, confidential or crucial data. Use $_POST instead.

I don't know what stops you from using $_POST but if you insist on using it anyway, try md5() to code these data and validate them when necessary. You can always use $_SESSION to pass $_POST login data for further use.