asked on

Hotmail (+ others) login script for web pages - Can someone check this code please?

Hi guys, this is my first question on here, although I have been lurking for some time (never been quick enough to answer any questions, although I have found a lot of help here).

My question is this; I found some code in one of the (old) threads on here (https://www.experts-exchange.com/questions/10305434/What's-the-POP3-address-for-hotmail.html) asking for the POP address for Hotmail, and one of the replies, someone (dittymeister2) posted a reply giving code which could be used on a webpage to enable the user to login to his/her Hotmail (+ other) accounts from within that webpage.

I'd like to know how secure this code is, and I don't unfortunately have the ability to check it thoroughly, dur to my limited knowledge.

One of my concerns is that the Hotmail login (I tried the code in FP, but didn't complete the login) goes to a webpage with the following address:
https://lc1.law5.hotmail.passport.com/cgi-bin/dologin - This is not an address I'd recognise as a Hotmail address.

This page then generates an invalid security licence message: "The name on the security certificate is invalid or does not match the name of the site"

This code looks to be a pretty good in theory, and I'd like to use it (with some amendments - i.e. colour, accounts listed etc.) but Ineed to know that it is legitimate, and secure for all to use.

I hope someone out there has the answers I'm looking for, and Thanks in advance.

Carl.

Hope I've given enough (but not too much) detail, here is the code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="369369">
<p align="center"><font color="#000033" size="5"><strong>Login to various e-mail
accounts:))</strong></font></p>
<p align="center">====================================================
<script launguage=javascript>
function send_form()
{
var user=window.document.genlogin.login.value;
var pw=window.document.genlogin.passwd.value;


if(window.document.genlogin.mailaccount.selectedIndex == "0")

{

window.document.passwordform.login.value=user;

window.document.passwordform.passwd.value=pw;

window.document.passwordform.svc.value="mail";

window.document.passwordform.RemoteDAPost.value="https://login.msnia.passport.com/ppsecure/post.asp";
window.document.passwordform.action="https://lc1.law5.hotmail.passport.com/cgi-bin/dologin";
window.document.passwordform.target="_blank";
window.document.passwordform.submit()
return (true);

}

if(window.document.genlogin.mailaccount.selectedIndex == "1")

{

window.document.a.login.value=user;

window.document.a.passwd.value=pw;

window.document.a.action="http://login.yahoo.com/config/login?f9p32lgm8eokn";

window.document.a.target="_blank";

window.document.a.submit()

return (true);

}



if(window.document.genlogin.mailaccount.selectedIndex == "2")

{

window.document.loginform.UserID.value=user;

window.document.loginform.passwd.value=pw;

window.document.loginform.LoginState.value=2;

window.document.loginform.SuccessfulLogin.value="/tpl";

window.document.loginform.NewServerName.value="www.netaddress.com";

window.document.loginform.JavaScript.value="JScript1.0";

window.document.loginform.DomainID.value=4;

window.document.loginform.Domain.value="usa.net";

window.document.loginform.NA31site.value="classic.netaddress.com";

window.document.loginform.NA31port.value=80 ;

window.document.loginform.action="http://www.netaddress.com/tpl/Door/LoginPost";

window.document.loginform.target="_blank";

window.document.loginform.submit()

return (true);

}



if(window.document.genlogin.mailaccount.selectedIndex == "3")

{

window.document.loginform.login.value=user;

window.document.loginform.passwd.value=pw;

window.document.loginform.action="http://www.rediffmail.com/cgi-bin/login.cgi";

window.document.loginform.target="_blank";

window.document.loginform.submit()

return (true);

}



if(window.document.genlogin.mailaccount.selectedIndex == "4")

{

window.document.mailform.username.value=user;

window.document.mailform.Password.value=pw;

window.document.mailform.action="http://mail.indiainfo.com/default.html";

window.document.mailform.target="_blank";

window.document.mailform.submit()

return (true);

}



if(window.document.genlogin.mailaccount.selectedIndex == "5")

{

window.document.fn.uname.value=user;

window.document.fn.pwd.value=pw;

window.document.fn.action="http://login2.123india.com/config/login";

window.document.fn.target="_blank";

window.document.fn.submit()

return (true);

}



if(window.document.genlogin.mailaccount.selectedIndex == "6")

{

window.document.TheForm.username.value=user;

window.document.TheForm.password.value=pw;

window.document.TheForm.action="http://www.onebox.com/inbox.html";

window.document.TheForm.target="_blank";

window.document.TheForm.submit()

return (true);

}



if(window.document.genlogin.mailaccount.selectedIndex == "7")

{

window.document.login_form.callback.value="http://mail.lycos.com";

window.document.login_form.partner_key.value="mailcity";

window.document.login_form.user_name.value=user;

window.document.login_form.user_passwd.value=pw;

window.document.login_form.action="http://login.mail.lycos.com/login.shtml";

window.document.login_form.target="_blank";

window.document.login_form.submit()

return (true);

}



if(window.document.genlogin.mailaccount.selectedIndex == "8")

{

window.document.frm.username.value=user;

window.document.frm.passcode.value=pw;

window.document.frm.action="http://www2.chequemail.com/cgi-bin/chequemail.cgi";

window.document.frm.target="_blank";

window.document.frm.submit()

return (true);

}



if(window.document.genlogin.mailaccount.selectedIndex == "9")

{

window.document.login.user_login.value=user;

window.document.login.user_pwd.value=pw;

window.document.login.action="http://www.epatra.com/cgi-bin/epatrams/login1.cgi";

window.document.login.target="_blank";

window.document.login.submit()

return (true);

}

}

</script>


</p>
<form name="passwordform" action="https://lc1.law5.hotmail.passport.com/cgi-bin/dologin" method="POST" target="_top" >

<input type="hidden" name="login" >

<input type="hidden" name="passwd" >

<input type="hidden" name="svc" value="mail">

<input type="hidden" name="RemoteDAPost" value="https://login.msnia.passport.com/ppsecure/post.asp">

</form>



<FORM action="http://login.yahoo.com/config/login?f9p32lgm8eokn" method="post" name="a" autocomplete="off">

<input type="hidden" name="login" >

<input type="hidden" name="passwd" >

<INPUT name=".tries" type="hidden">

<INPUT name=".src" type=hidden value="ym">

<INPUT name=".last" type="hidden">

<INPUT name="promo" type="hidden">

<INPUT name=".intl" type="hidden">

<INPUT name=".bypass" type="hidden">

<INPUT name=".partner" type="hidden">

<INPUT name=".chkP" type="hidden" value="Y">

<INPUT name=".done" type="hidden"> </form>



<FORM name=loginform action=http://www.netaddress.com/tpl/Door/LoginPost method=post>

<INPUT type=hidden value=2 name=LoginState>

<INPUT type=hidden value=/tpl name=SuccessfulLogin>

<INPUT type=hidden value=www.netaddress.com name=NewServerName>

<INPUT type=hidden value=None name=JavaScript>

<INPUT type=hidden value=4 name=DomainID>

<INPUT type=hidden value=usa.net name=Domain>

<INPUT type=hidden value=classic.netaddress.com name=NA31site>

<INPUT type=hidden value=80 name=NA31port>

<INPUT type=hidden name=UserID>

<INPUT type=hidden name=passwd>

<INPUT type=hidden value=existing name=FormName>

<INPUT type=hidden name=login>

</form>



<FORM name=mailform method=post>

<INPUT type=hidden name=username>

<INPUT type=hidden name=Password></form>



<FORM name=fn action=http://login2.123india.com/config/login method=post>

<INPUT type=hidden name=uname>

<INPUT type=hidden name=pwd>

<INPUT type=hidden value=www name=eref>

<INPUT type=hidden value=mail name=iref>

<INPUT type=hidden value=mail name=srv>

</form>



<FORM name=TheForm action=http://www.onebox.com/inbox.html method=post>

<INPUT type=hidden name=username>

<INPUT type=hidden name=password>

</form>



<FORM name=login_form action=http://login.mail.lycos.com/login.shtml method=post target=_top>

<INPUT type=hidden value=http://mail.lycos.com name=callback>

<INPUT type=hidden value=mailcity name=partner_key>

<INPUT type=hidden name=user_name>

<INPUT type=hidden name=user_passwd>

</form>



<FORM name=frm action=http://www2.chequemail.com/cgi-bin/chequemail.cgi method=post>

<INPUT type=hidden name=username>

<INPUT type=hidden name=passcode>

</form>



<FORM action=http://www.epatra.com/cgi-bin/epatrams/login1.cgi method=post name=login>

<INPUT type=hidden name=user_login>

<INPUT name=user_pwd type=hidden>

</form>



<form name=genlogin method=post action="javascript:send_form()">

<table border=0>

<tr>

<td><font face="times" color="black"> User Name: </font></td>

<td><input TYPE="text" NAME="login" SIZE="16" MAXLENGTH="50" onFocus="this.select();" style="background-color:#00FF00;"></td>

<td><font face="times" color="black">@</font><select name="mailaccount" style="background-color:#00FF00;">
<option value="Hotmail.com" selected> Hotmail.com</option>
<option value="yahoo.com"> yahoo.com</option>
<option value="usa.net">usa.net</option>
<option value="rediff.com"> rediff.com</option>
<option value="indiainfo.com"> indiainfo.com</option>
<option value="123india.com"> 123india.com</option>
<option value="Onebox.com"> OneBox.com</option>
<option value="mailcity.com">mailcity.com/LycosMail</option>
<option value="Chequemail.com">Chequemail</option>
<option value="Epatra.com">Epatra.com</option>
</select></td></tr>

<tr>

<td><font face="times" color="black">Password:</font></td>

<td><input TYPE="password" NAME="passwd" SIZE="16" MAXLENGTH="16" style="background-color:#00FF00;"></td>

<td> <input type="button" value="Sign In" name="B1"onclick="javascript:send_form()" style="background-color:#00FF00;"></form></td></tr></table>

</body>
</html>

TimYates

>> This is not an address I'd recognise as a Hotmail address.

passport.com is owned by microsoft, and is the website that maintains your hotmail/msdn/microsoft login, so that's fine...

And over the 5 years since thet other question, it looks like microsoft has changed the site required for the login, and so the licence for that https location has expired...

Try:

https://login.passport.com/ppsecure/post.srf

instead? That's the action on the login form when I got to http://www.hotmail.com

Tim

carlos0371

ASKER

Hi Tim, and thanks for your reply.

I take it you mean replace the link in line 30 (window.document.passwordform.action="https://lc1.law5.hotmail.passport.com/cgi-bin/dologin";
) with your code?

I tried this, I just get the Hotmail website opening saying my username or password is incorrect (which, obviously, it isn't).

Any more ideas Tim (or anyone else)?

Also, has anyone been able to check the code in its entirety yet to assure me that it is secure? The last thing I need is to put this code on my site then get everyone who accesses their accounts through my site to have their accounts hacked!!!

Thaks again in advance.....

ASKER CERTIFIED SOLUTION

TimYates

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

carlos0371

ASKER

Thanks Tim, Good points, I hadn't really though that one through, had I?

Accepted answer, points allocated.

TimYates

No worries :-) I was just thinking about this question last night (whilst trying to get to sleep) and those were the two points that concerned me :-)

Good luck with it all :-)

And thanks!

Tim