Retrieving contact from yahoo, gmail, msn, hotmail, aol, etc

Hi there,

I have seen some site started using this wonderful technology for invitation purpose..

What it does it to prompt user who wanted to send invitation link to his / her contact of friend to enter their yahoo/gmail/hotmail/aol ID and password..

Once done the system able to retrieve contact / address book for the particular account provided IMMEDIATELY!!!!

This shouldn't be done manually as the password entered shall not be stored in any form and shall not be fwd to anyone for manually retrieving purpose..

Anyone familiar with such technology? I tried to look around the web but couldn't find any info so I turn up here...

Thanks!!
LVL 1
SooAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

WilliamFrantzCommented:
This is a dangerous practice since you are essentially giving away your yahoo/gmail/hotmail/aol ID and password to a third party.

Don't hold any illusions that it's some kind of 'pass-through' technology or that your account information isn't really stored anywhere.  You gave away your password and you have to trust that third party to not act maliciously.

This is like when people use the same username/password for Yahoo and Hotmail.  You are essentially giving your Hotmail credentials to Yahoo employees.  While it's a very bad thing to do, the fact is that lots of people use the same password everywhere.

In theory, I could create a system that leeches off Yahoo's authentication.  For example, I'd setup foobar.com with a login screen and tell users to enter their Yahoo ID & password.  Once they submit the form, my server attempts to log in to Yahoo using their credentials.  If it works, they are granted access to foobar.com.  If it fails, they are denied.  This saves me the trouble to creating my own signup system and means that my users don't have to remember yet another password.  When people do this maliciously, it's called 'phishing'.

Don't do it!  For a better 'single-login' system, check into the OpenID initiative:
http://openid.net/
0
SooAuthor Commented:
That is why Im planning to have both... as an option for user to pick whether or not to use and pratice this pass-through technology or to use the traditional manual method...

Still hoping for an answer to the pass-through method though... and thank for reply too william...
0
WilliamFrantzCommented:
Can you restate your question?  The only thing you asked was if anyone was familiar with the technology.  Where you just curious how they did it or were you looking for an algorithm to parse an address book from Yahoo?  or Hotmail?

Roughly they use an application on the server to apply your login credentials to yahoo.com.  For example, it's not difficult to use PHP to submit a form to another server, capture the output, and parse it.
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

SooAuthor Commented:
Ok.. basically I need the script which is capable of doing what I meantioned earlier which is to allow user to enter their ID and password and with that am able to retrieve contact or address book from that particular given account provided the login information given is the correct set.

In brief the working script should be able to:
- Authenticate yahoo/gmail/aol/hotmail ID and Password provided
- Retrieve the contact list or address book once authenticated into a list of notepad or list those contact directly on webpage
- Password preferred to be encrypted

0
WilliamFrantzCommented:
Developing a script for a specific service would take a long time.  Each site would have a different set of hurdles to overcome.  The script for Yahoo would look completely different than the script for GMail.  Although, in general, it would look like this:

Retrieve the login form Yahoo
Scrape the form for any hidden fields with random numbers, etc. (Yahoo uses these to deter hackers)
Fill in somebody's username/password
Post the form back to Yahoo
Save any cookies that Yahoo sets
Retrieve the address book (one page at a time) using the cookies from Yahoo
Scrape the returned pages for names and addresses

The specific algorithms for scraping pages and which pages to request will obviously vary from one service to the next.

I can provide example PHP code for performing an HTTP POST.

function http($host, $write)
{
    $response = '';
    if ($fp = fsockopen($host, 80))  
    {
        fwrite($fp, $write);
        while (! feof($fp)) $response .= fgets($fp, 1024);
        fclose($fp);
    }
    return($response);
}
   
function http_post($host, $page, $post)
{
    $write = "POST $page HTTP/1.1\r\n" .
       "User-Agent: unknown\r\n" .
       "Connection: Close\r\n" .
       "Host: $host\r\n" .  
       "Content-Length: " . strlen($post) . "\r\n" .
       "Content-Type: application/x-www-form-urlencoded\r\n" .
       "\r\n" . $post . "\r\n\r\n";
    return(http($host, $write));
}

/* Example usage */
$username = 'someuser';
$password = 'theirpass';
$host = 'www.server.com';
$page = '/foo/bar';
$post = 'username='.$username.'&password='.$password;
$response = http_post($host, $page, $post);

Now parse through the response string and extract the data you need.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
WilliamFrantzCommented:
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.