Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 970
  • Last Modified:

Retrieving contact from yahoo, gmail, msn, hotmail, aol, etc

Hi there,

I have seen some site started using this wonderful technology for invitation purpose..

What it does it to prompt user who wanted to send invitation link to his / her contact of friend to enter their yahoo/gmail/hotmail/aol ID and password..

Once done the system able to retrieve contact / address book for the particular account provided IMMEDIATELY!!!!

This shouldn't be done manually as the password entered shall not be stored in any form and shall not be fwd to anyone for manually retrieving purpose..

Anyone familiar with such technology? I tried to look around the web but couldn't find any info so I turn up here...

Thanks!!
0
Soo
Asked:
Soo
  • 4
  • 2
1 Solution
 
WilliamFrantzCommented:
This is a dangerous practice since you are essentially giving away your yahoo/gmail/hotmail/aol ID and password to a third party.

Don't hold any illusions that it's some kind of 'pass-through' technology or that your account information isn't really stored anywhere.  You gave away your password and you have to trust that third party to not act maliciously.

This is like when people use the same username/password for Yahoo and Hotmail.  You are essentially giving your Hotmail credentials to Yahoo employees.  While it's a very bad thing to do, the fact is that lots of people use the same password everywhere.

In theory, I could create a system that leeches off Yahoo's authentication.  For example, I'd setup foobar.com with a login screen and tell users to enter their Yahoo ID & password.  Once they submit the form, my server attempts to log in to Yahoo using their credentials.  If it works, they are granted access to foobar.com.  If it fails, they are denied.  This saves me the trouble to creating my own signup system and means that my users don't have to remember yet another password.  When people do this maliciously, it's called 'phishing'.

Don't do it!  For a better 'single-login' system, check into the OpenID initiative:
http://openid.net/
0
 
SooAuthor Commented:
That is why Im planning to have both... as an option for user to pick whether or not to use and pratice this pass-through technology or to use the traditional manual method...

Still hoping for an answer to the pass-through method though... and thank for reply too william...
0
 
WilliamFrantzCommented:
Can you restate your question?  The only thing you asked was if anyone was familiar with the technology.  Where you just curious how they did it or were you looking for an algorithm to parse an address book from Yahoo?  or Hotmail?

Roughly they use an application on the server to apply your login credentials to yahoo.com.  For example, it's not difficult to use PHP to submit a form to another server, capture the output, and parse it.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
SooAuthor Commented:
Ok.. basically I need the script which is capable of doing what I meantioned earlier which is to allow user to enter their ID and password and with that am able to retrieve contact or address book from that particular given account provided the login information given is the correct set.

In brief the working script should be able to:
- Authenticate yahoo/gmail/aol/hotmail ID and Password provided
- Retrieve the contact list or address book once authenticated into a list of notepad or list those contact directly on webpage
- Password preferred to be encrypted

0
 
WilliamFrantzCommented:
Developing a script for a specific service would take a long time.  Each site would have a different set of hurdles to overcome.  The script for Yahoo would look completely different than the script for GMail.  Although, in general, it would look like this:

Retrieve the login form Yahoo
Scrape the form for any hidden fields with random numbers, etc. (Yahoo uses these to deter hackers)
Fill in somebody's username/password
Post the form back to Yahoo
Save any cookies that Yahoo sets
Retrieve the address book (one page at a time) using the cookies from Yahoo
Scrape the returned pages for names and addresses

The specific algorithms for scraping pages and which pages to request will obviously vary from one service to the next.

I can provide example PHP code for performing an HTTP POST.

function http($host, $write)
{
    $response = '';
    if ($fp = fsockopen($host, 80))  
    {
        fwrite($fp, $write);
        while (! feof($fp)) $response .= fgets($fp, 1024);
        fclose($fp);
    }
    return($response);
}
   
function http_post($host, $page, $post)
{
    $write = "POST $page HTTP/1.1\r\n" .
       "User-Agent: unknown\r\n" .
       "Connection: Close\r\n" .
       "Host: $host\r\n" .  
       "Content-Length: " . strlen($post) . "\r\n" .
       "Content-Type: application/x-www-form-urlencoded\r\n" .
       "\r\n" . $post . "\r\n\r\n";
    return(http($host, $write));
}

/* Example usage */
$username = 'someuser';
$password = 'theirpass';
$host = 'www.server.com';
$page = '/foo/bar';
$post = 'username='.$username.'&password='.$password;
$response = http_post($host, $page, $post);

Now parse through the response string and extract the data you need.
0
 
WilliamFrantzCommented:
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now