carlos0371
asked on
Hotmail (+ others) login script for web pages - Can someone check this code please?
Hi guys, this is my first question on here, although I have been lurking for some time (never been quick enough to answer any questions, although I have found a lot of help here).
My question is this; I found some code in one of the (old) threads on here (https://www.experts-exchange.com/questions/10305434/What's-the-POP3-address-for-hotmail.html) asking for the POP address for Hotmail, and one of the replies, someone (dittymeister2) posted a reply giving code which could be used on a webpage to enable the user to login to his/her Hotmail (+ other) accounts from within that webpage.
I'd like to know how secure this code is, and I don't unfortunately have the ability to check it thoroughly, dur to my limited knowledge.
One of my concerns is that the Hotmail login (I tried the code in FP, but didn't complete the login) goes to a webpage with the following address:
https://lc1.law5.hotmail.passport.com/cgi-bin/dologin - This is not an address I'd recognise as a Hotmail address.
This page then generates an invalid security licence message: "The name on the security certificate is invalid or does not match the name of the site"
This code looks to be a pretty good in theory, and I'd like to use it (with some amendments - i.e. colour, accounts listed etc.) but Ineed to know that it is legitimate, and secure for all to use.
I hope someone out there has the answers I'm looking for, and Thanks in advance.
Carl.
Hope I've given enough (but not too much) detail, here is the code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="369369">
<p align="center"><font color="#000033" size="5"><strong>Login to various e-mail
accounts:))</strong></font ></p>
<p align="center">=========== ========== ========== ========== ========== =
<script launguage=javascript>
function send_form()
{
var user=window.document.genlo gin.login. value;
var pw=window.document.genlogi n.passwd.v alue;
<!--Hotmail goes from here-->
if(window.document.genlogi n.mailacco unt.select edIndex == "0")
{
window.document.passwordfo rm.login.v alue=user;
window.document.passwordfo rm.passwd. value=pw;
window.document.passwordfo rm.svc.val ue="mail";
window.document.passwordfo rm.RemoteD APost.valu e="https://login.msnia.passport.com/ppsecure/post.asp";
window.document.passwordfo rm.action= "https://lc1.law5.hotmail.passport.com/cgi-bin/dologin";
window.document.passwordfo rm.target= "_blank";
window.document.passwordfo rm.submit( )
return (true);
}<!--Hotmail ends here-->
<!--Yahoo starts here-->
if(window.document.genlogi n.mailacco unt.select edIndex == "1")
{
window.document.a.login.va lue=user;
window.document.a.passwd.v alue=pw;
window.document.a.action=" http://login.yahoo.com/config/login?f9p32lgm8eokn";
window.document.a.target=" _blank";
window.document.a.submit()
return (true);
}<!--Yahoo ends here-->
<!--NetAddress starts here-->
if(window.document.genlogi n.mailacco unt.select edIndex == "2")
{
window.document.loginform. UserID.val ue=user;
window.document.loginform. passwd.val ue=pw;
window.document.loginform. LoginState .value=2;
window.document.loginform. Successful Login.valu e="/tpl";
window.document.loginform. NewServerN ame.value= "www.netaddress.com";
window.document.loginform. JavaScript .value="JS cript1.0";
window.document.loginform. DomainID.v alue=4;
window.document.loginform. Domain.val ue="usa.ne t";
window.document.loginform. NA31site.v alue="clas sic.netadd ress.com";
window.document.loginform. NA31port.v alue=80 ;
window.document.loginform. action="http://www.netaddress.com/tpl/Door/LoginPost";
window.document.loginform. target="_b lank";
window.document.loginform. submit()
return (true);
}<!--NetAddress ends here-->
<!--Rediff Mail starts here-->
if(window.document.genlogi n.mailacco unt.select edIndex == "3")
{
window.document.loginform. login.valu e=user;
window.document.loginform. passwd.val ue=pw;
window.document.loginform. action="http://www.rediffmail.com/cgi-bin/login.cgi";
window.document.loginform. target="_b lank";
window.document.loginform. submit()
return (true);
}<!-- RediffMail Ends here-->
<!-- IndiaInfo starts Here-->
if(window.document.genlogi n.mailacco unt.select edIndex == "4")
{
window.document.mailform.u sername.va lue=user;
window.document.mailform.P assword.va lue=pw;
window.document.mailform.a ction="http://mail.indiainfo.com/default.html";
window.document.mailform.t arget="_bl ank";
window.document.mailform.s ubmit()
return (true);
}<!--IndiaInfo Ends here-->
<!--123India starts here-->
if(window.document.genlogi n.mailacco unt.select edIndex == "5")
{
window.document.fn.uname.v alue=user;
window.document.fn.pwd.val ue=pw;
window.document.fn.action= "http://login2.123india.com/config/login";
window.document.fn.target= "_blank";
window.document.fn.submit( )
return (true);
}<!--123India Ends here-->
<!--OneBox starts here-->
if(window.document.genlogi n.mailacco unt.select edIndex == "6")
{
window.document.TheForm.us ername.val ue=user;
window.document.TheForm.pa ssword.val ue=pw;
window.document.TheForm.ac tion="http://www.onebox.com/inbox.html";
window.document.TheForm.ta rget="_bla nk";
window.document.TheForm.su bmit()
return (true);
}<!--OneBox Ends here-->
<!--MailCity starts here-->
if(window.document.genlogi n.mailacco unt.select edIndex == "7")
{
window.document.login_form .callback. value="http://mail.lycos.com";
window.document.login_form .partner_k ey.value=" mailcity";
window.document.login_form .user_name .value=use r;
window.document.login_form .user_pass wd.value=p w;
window.document.login_form .action="http://login.mail.lycos.com/login.shtml" ;
window.document.login_form .target="_ blank";
window.document.login_form .submit()
return (true);
}<!--Mailcity Ends here-->
<!--Chequemail starts here-->
if(window.document.genlogi n.mailacco unt.select edIndex == "8")
{
window.document.frm.userna me.value=u ser;
window.document.frm.passco de.value=p w;
window.document.frm.action ="http://www2.chequemail.com/cgi-bin/chequemail.cgi";
window.document.frm.target ="_blank";
window.document.frm.submit ()
return (true);
}<!--Chequemail Ends here-->
<!--Epatra mail starts here-->
if(window.document.genlogi n.mailacco unt.select edIndex == "9")
{
window.document.login.user _login.val ue=user;
window.document.login.user _pwd.value =pw;
window.document.login.acti on="http://www.epatra.com/cgi-bin/epatrams/login1.cgi";
window.document.login.targ et="_blank ";
window.document.login.subm it()
return (true);
}<!--Epatramail Ends here-->
}
</script>
<!-- This starts the Login Page -->
<!--Hotmail form-->
</p>
<form name="passwordform" action="https://lc1.law5.hotmail.passport.com/cgi-bin/dologin" method="POST" target="_top" >
<input type="hidden" name="login" >
<input type="hidden" name="passwd" >
<input type="hidden" name="svc" value="mail">
<input type="hidden" name="RemoteDAPost" value="https://login.msnia.passport.com/ppsecure/post.asp">
</form>
<!--YahooMail form-->
<FORM action="http://login.yahoo.com/config/login?f9p32lgm8eokn" method="post" name="a" autocomplete="off">
<input type="hidden" name="login" >
<input type="hidden" name="passwd" >
<INPUT name=".tries" type="hidden">
<INPUT name=".src" type=hidden value="ym">
<INPUT name=".last" type="hidden">
<INPUT name="promo" type="hidden">
<INPUT name=".intl" type="hidden">
<INPUT name=".bypass" type="hidden">
<INPUT name=".partner" type="hidden">
<INPUT name=".chkP" type="hidden" value="Y">
<INPUT name=".done" type="hidden"> </form>
<!--Net address form-->
<FORM name=loginform action=http://www.netaddress.com/tpl/Door/LoginPost method=post>
<INPUT type=hidden value=2 name=LoginState>
<INPUT type=hidden value=/tpl name=SuccessfulLogin>
<INPUT type=hidden value=www.netaddress.com name=NewServerName>
<INPUT type=hidden value=None name=JavaScript>
<INPUT type=hidden value=4 name=DomainID>
<INPUT type=hidden value=usa.net name=Domain>
<INPUT type=hidden value=classic.netaddress.c om name=NA31site>
<INPUT type=hidden value=80 name=NA31port>
<INPUT type=hidden name=UserID>
<INPUT type=hidden name=passwd>
<INPUT type=hidden value=existing name=FormName>
<INPUT type=hidden name=login>
</form>
<!--IndiInfo Mail Starts here-->
<FORM name=mailform method=post>
<INPUT type=hidden name=username>
<INPUT type=hidden name=Password></form>
<!--123India mail-->
<FORM name=fn action=http://login2.123india.com/config/login method=post>
<INPUT type=hidden name=uname>
<INPUT type=hidden name=pwd>
<INPUT type=hidden value=www name=eref>
<INPUT type=hidden value=mail name=iref>
<INPUT type=hidden value=mail name=srv>
</form>
<!--Onebox -->
<FORM name=TheForm action=http://www.onebox.com/inbox.html method=post>
<INPUT type=hidden name=username>
<INPUT type=hidden name=password>
</form>
<!--Mailcity-->
<FORM name=login_form action=http://login.mail.lycos.com/login.shtml method=post target=_top>
<INPUT type=hidden value=http://mail.lycos.com name=callback>
<INPUT type=hidden value=mailcity name=partner_key>
<INPUT type=hidden name=user_name>
<INPUT type=hidden name=user_passwd>
</form>
<!--chequemail-->
<FORM name=frm action=http://www2.chequemail.com/cgi-bin/chequemail.cgi method=post>
<INPUT type=hidden name=username>
<INPUT type=hidden name=passcode>
</form>
<!--epatra-->
<FORM action=http://www.epatra.com/cgi-bin/epatrams/login1.cgi method=post name=login>
<INPUT type=hidden name=user_login>
<INPUT name=user_pwd type=hidden>
</form>
<!-- This starts thwe actuall script -->
<form name=genlogin method=post action="javascript:send_fo rm()">
<table border=0>
<tr>
<td><font face="times" color="black"> User Name: </font></td>
<td><input TYPE="text" NAME="login" SIZE="16" MAXLENGTH="50" onFocus="this.select();" style="background-color:#0 0FF00;"></ td>
<td><font face="times" color="black">@</font><sel ect name="mailaccount" style="background-color:#0 0FF00;">
<option value="Hotmail.com" selected> Hotmail.com</option>
<option value="yahoo.com"> yahoo.com</option>
<option value="usa.net">usa.net</o ption>
<option value="rediff.com"> rediff.com</option>
<option value="indiainfo.com"> indiainfo.com</option>
<option value="123india.com"> 123india.com</option>
<option value="Onebox.com"> OneBox.com</option>
<option value="mailcity.com">mailc ity.com/Ly cosMail</o ption>
<option value="Chequemail.com">Che quemail</o ption>
<option value="Epatra.com">Epatra. com</optio n>
</select></td></tr>
<tr>
<td><font face="times" color="black">Password:</f ont></td>
<td><input TYPE="password" NAME="passwd" SIZE="16" MAXLENGTH="16" style="background-color:#0 0FF00;"></ td>
<td> <input type="button" value="Sign In" name="B1"onclick="javascri pt:send_fo rm()" style="background-color:#0 0FF00;"></ form></td> </tr></tab le>
</body>
</html>
My question is this; I found some code in one of the (old) threads on here (https://www.experts-exchange.com/questions/10305434/What's-the-POP3-address-for-hotmail.html) asking for the POP address for Hotmail, and one of the replies, someone (dittymeister2) posted a reply giving code which could be used on a webpage to enable the user to login to his/her Hotmail (+ other) accounts from within that webpage.
I'd like to know how secure this code is, and I don't unfortunately have the ability to check it thoroughly, dur to my limited knowledge.
One of my concerns is that the Hotmail login (I tried the code in FP, but didn't complete the login) goes to a webpage with the following address:
https://lc1.law5.hotmail.passport.com/cgi-bin/dologin - This is not an address I'd recognise as a Hotmail address.
This page then generates an invalid security licence message: "The name on the security certificate is invalid or does not match the name of the site"
This code looks to be a pretty good in theory, and I'd like to use it (with some amendments - i.e. colour, accounts listed etc.) but Ineed to know that it is legitimate, and secure for all to use.
I hope someone out there has the answers I'm looking for, and Thanks in advance.
Carl.
Hope I've given enough (but not too much) detail, here is the code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="369369">
<p align="center"><font color="#000033" size="5"><strong>Login to various e-mail
accounts:))</strong></font
<p align="center">===========
<script launguage=javascript>
function send_form()
{
var user=window.document.genlo
var pw=window.document.genlogi
<!--Hotmail goes from here-->
if(window.document.genlogi
{
window.document.passwordfo
window.document.passwordfo
window.document.passwordfo
window.document.passwordfo
window.document.passwordfo
window.document.passwordfo
window.document.passwordfo
return (true);
}<!--Hotmail ends here-->
<!--Yahoo starts here-->
if(window.document.genlogi
{
window.document.a.login.va
window.document.a.passwd.v
window.document.a.action="
window.document.a.target="
window.document.a.submit()
return (true);
}<!--Yahoo ends here-->
<!--NetAddress starts here-->
if(window.document.genlogi
{
window.document.loginform.
window.document.loginform.
window.document.loginform.
window.document.loginform.
window.document.loginform.
window.document.loginform.
window.document.loginform.
window.document.loginform.
window.document.loginform.
window.document.loginform.
window.document.loginform.
window.document.loginform.
window.document.loginform.
return (true);
}<!--NetAddress ends here-->
<!--Rediff Mail starts here-->
if(window.document.genlogi
{
window.document.loginform.
window.document.loginform.
window.document.loginform.
window.document.loginform.
window.document.loginform.
return (true);
}<!-- RediffMail Ends here-->
<!-- IndiaInfo starts Here-->
if(window.document.genlogi
{
window.document.mailform.u
window.document.mailform.P
window.document.mailform.a
window.document.mailform.t
window.document.mailform.s
return (true);
}<!--IndiaInfo Ends here-->
<!--123India starts here-->
if(window.document.genlogi
{
window.document.fn.uname.v
window.document.fn.pwd.val
window.document.fn.action=
window.document.fn.target=
window.document.fn.submit(
return (true);
}<!--123India Ends here-->
<!--OneBox starts here-->
if(window.document.genlogi
{
window.document.TheForm.us
window.document.TheForm.pa
window.document.TheForm.ac
window.document.TheForm.ta
window.document.TheForm.su
return (true);
}<!--OneBox Ends here-->
<!--MailCity starts here-->
if(window.document.genlogi
{
window.document.login_form
window.document.login_form
window.document.login_form
window.document.login_form
window.document.login_form
window.document.login_form
window.document.login_form
return (true);
}<!--Mailcity Ends here-->
<!--Chequemail starts here-->
if(window.document.genlogi
{
window.document.frm.userna
window.document.frm.passco
window.document.frm.action
window.document.frm.target
window.document.frm.submit
return (true);
}<!--Chequemail Ends here-->
<!--Epatra mail starts here-->
if(window.document.genlogi
{
window.document.login.user
window.document.login.user
window.document.login.acti
window.document.login.targ
window.document.login.subm
return (true);
}<!--Epatramail Ends here-->
}
</script>
<!-- This starts the Login Page -->
<!--Hotmail form-->
</p>
<form name="passwordform" action="https://lc1.law5.hotmail.passport.com/cgi-bin/dologin" method="POST" target="_top" >
<input type="hidden" name="login" >
<input type="hidden" name="passwd" >
<input type="hidden" name="svc" value="mail">
<input type="hidden" name="RemoteDAPost" value="https://login.msnia.passport.com/ppsecure/post.asp">
</form>
<!--YahooMail form-->
<FORM action="http://login.yahoo.com/config/login?f9p32lgm8eokn" method="post" name="a" autocomplete="off">
<input type="hidden" name="login" >
<input type="hidden" name="passwd" >
<INPUT name=".tries" type="hidden">
<INPUT name=".src" type=hidden value="ym">
<INPUT name=".last" type="hidden">
<INPUT name="promo" type="hidden">
<INPUT name=".intl" type="hidden">
<INPUT name=".bypass" type="hidden">
<INPUT name=".partner" type="hidden">
<INPUT name=".chkP" type="hidden" value="Y">
<INPUT name=".done" type="hidden"> </form>
<!--Net address form-->
<FORM name=loginform action=http://www.netaddress.com/tpl/Door/LoginPost method=post>
<INPUT type=hidden value=2 name=LoginState>
<INPUT type=hidden value=/tpl name=SuccessfulLogin>
<INPUT type=hidden value=www.netaddress.com name=NewServerName>
<INPUT type=hidden value=None name=JavaScript>
<INPUT type=hidden value=4 name=DomainID>
<INPUT type=hidden value=usa.net name=Domain>
<INPUT type=hidden value=classic.netaddress.c
<INPUT type=hidden value=80 name=NA31port>
<INPUT type=hidden name=UserID>
<INPUT type=hidden name=passwd>
<INPUT type=hidden value=existing name=FormName>
<INPUT type=hidden name=login>
</form>
<!--IndiInfo Mail Starts here-->
<FORM name=mailform method=post>
<INPUT type=hidden name=username>
<INPUT type=hidden name=Password></form>
<!--123India mail-->
<FORM name=fn action=http://login2.123india.com/config/login method=post>
<INPUT type=hidden name=uname>
<INPUT type=hidden name=pwd>
<INPUT type=hidden value=www name=eref>
<INPUT type=hidden value=mail name=iref>
<INPUT type=hidden value=mail name=srv>
</form>
<!--Onebox -->
<FORM name=TheForm action=http://www.onebox.com/inbox.html method=post>
<INPUT type=hidden name=username>
<INPUT type=hidden name=password>
</form>
<!--Mailcity-->
<FORM name=login_form action=http://login.mail.lycos.com/login.shtml method=post target=_top>
<INPUT type=hidden value=http://mail.lycos.com name=callback>
<INPUT type=hidden value=mailcity name=partner_key>
<INPUT type=hidden name=user_name>
<INPUT type=hidden name=user_passwd>
</form>
<!--chequemail-->
<FORM name=frm action=http://www2.chequemail.com/cgi-bin/chequemail.cgi method=post>
<INPUT type=hidden name=username>
<INPUT type=hidden name=passcode>
</form>
<!--epatra-->
<FORM action=http://www.epatra.com/cgi-bin/epatrams/login1.cgi method=post name=login>
<INPUT type=hidden name=user_login>
<INPUT name=user_pwd type=hidden>
</form>
<!-- This starts thwe actuall script -->
<form name=genlogin method=post action="javascript:send_fo
<table border=0>
<tr>
<td><font face="times" color="black"> User Name: </font></td>
<td><input TYPE="text" NAME="login" SIZE="16" MAXLENGTH="50" onFocus="this.select();" style="background-color:#0
<td><font face="times" color="black">@</font><sel
<option value="Hotmail.com" selected> Hotmail.com</option>
<option value="yahoo.com"> yahoo.com</option>
<option value="usa.net">usa.net</o
<option value="rediff.com"> rediff.com</option>
<option value="indiainfo.com"> indiainfo.com</option>
<option value="123india.com"> 123india.com</option>
<option value="Onebox.com"> OneBox.com</option>
<option value="mailcity.com">mailc
<option value="Chequemail.com">Che
<option value="Epatra.com">Epatra.
</select></td></tr>
<tr>
<td><font face="times" color="black">Password:</f
<td><input TYPE="password" NAME="passwd" SIZE="16" MAXLENGTH="16" style="background-color:#0
<td> <input type="button" value="Sign In" name="B1"onclick="javascri
</body>
</html>
ASKER
Hi Tim, and thanks for your reply.
I take it you mean replace the link in line 30 (window.document.passwordf orm.action ="https://lc1.law5.hotmail.passport.com/cgi-bin/dologin";
) with your code?
I tried this, I just get the Hotmail website opening saying my username or password is incorrect (which, obviously, it isn't).
Any more ideas Tim (or anyone else)?
Also, has anyone been able to check the code in its entirety yet to assure me that it is secure? The last thing I need is to put this code on my site then get everyone who accesses their accounts through my site to have their accounts hacked!!!
Thaks again in advance.....
I take it you mean replace the link in line 30 (window.document.passwordf
) with your code?
I tried this, I just get the Hotmail website opening saying my username or password is incorrect (which, obviously, it isn't).
Any more ideas Tim (or anyone else)?
Also, has anyone been able to check the code in its entirety yet to assure me that it is secure? The last thing I need is to put this code on my site then get everyone who accesses their accounts through my site to have their accounts hacked!!!
Thaks again in advance.....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Tim, Good points, I hadn't really though that one through, had I?
Accepted answer, points allocated.
Accepted answer, points allocated.
No worries :-) I was just thinking about this question last night (whilst trying to get to sleep) and those were the two points that concerned me :-)
Good luck with it all :-)
And thanks!
Tim
Good luck with it all :-)
And thanks!
Tim
passport.com is owned by microsoft, and is the website that maintains your hotmail/msdn/microsoft login, so that's fine...
And over the 5 years since thet other question, it looks like microsoft has changed the site required for the login, and so the licence for that https location has expired...
Try:
https://login.passport.com/ppsecure/post.srf
instead? That's the action on the login form when I got to http://www.hotmail.com
Tim