Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Opening URL and automatically login.  Pass username, password, and trigger login button.

Posted on 2006-11-06
7
Medium Priority
?
405 Views
Last Modified: 2011-09-20
Is there a way to create a link on my website that would allow me to redirect a user to a different website and automatically login them in by sending the username and password needed and then triggering the login button for them?  Thanks!
0
Comment
Question by:Quetysis
7 Comments
 
LVL 19

Accepted Solution

by:
VoteyDisciple earned 500 total points
ID: 17882085
This depends entirely on how that site is structure.  If it's htaccess authentication then you can get away with just redirecting to:

https://username:password@www.example.com/


If the other website's login form uses the "get" method then you can just reconstruct the URL the same way their form does:

https://www.example.com/login?option=value&username=scott&password=tiger


If the otehr website's login form uses the "post" method (which of these three possibilities is most likely) then you have it a little worse off.  You could
1.  Create a similar "post" form on your own site (with the same action as the other site's form, of course) and just fill in the username and password in hidden fields
2.  Programatically issue a POST to the other server (harder, but definitely possible, especially with the help of some existing library code).
0
 
LVL 4

Expert Comment

by:noam_dz
ID: 17882165
You can use https://www.example.com/login?option=value&username=scott&password=tiger even if the form is orignaly in "post" it will recive "get" as well.
0
 
LVL 13

Assisted Solution

by:AngryBinary
AngryBinary earned 500 total points
ID: 17882168
You could create a form which stores the login and password as hidden values and posts these values to the login page on the other site. What is most important is how the site processes it's logins. Most likely, they have a page with a login form that posts back to a page that validates and performs the login. The latter page is the one you will have to post to, using the names of the form fields on the former page.

If the site uses file access security, which usually manifests as a modal window popup with textbox inputs for login and password, I believe some older browsers support the syntax http://username:password@somesite.com/securedcontent.html to auto-login, however in some newer browsers this capability has been disabled.

It should be noted that no matter what, the site that owns the login page will have the capability to prevent logins from coming elsewhere by checking the referer. Also, this kind of activity might not comply with their intended usage, so it may cause some annoyance on their end.

Cheers,
--Randall
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 19

Expert Comment

by:VoteyDisciple
ID: 17882241
noam_dz, that's not necessarily true.  Some sites are indeed poorly configured, and will treat "get" data the same as "post" data.  It's certainly worth trying  (if it works, hey, problem solved), but it's definitely not a guarantee.  A site designed with a little more attention to detail will consider only posted data for logging in.

In PHP, for example, the login page may look directly at $_POST, and not at $_REQUEST.  
0
 
LVL 18

Assisted Solution

by:Morcalavin
Morcalavin earned 500 total points
ID: 17882260
"You can use https://www.example.com/login?option=value&username=scott&password=tiger even if the form is orignaly in "post" it will recive "get" as well."

Not necessarily.  You can script explicitly to accept get, post, or both.  If the login script is designed to look at post data only, putting it in the querystring isn't going to do any good.
0
 

Author Comment

by:Quetysis
ID: 17882424
thanks everyone!  I'll give those a try and see what happens...
0
 
LVL 1

Assisted Solution

by:jacckk
jacckk earned 500 total points
ID: 17885578
If you want to generalize the action you need the form username field name, password field name, the username and password and the submit URL. You can write an asp/php page, that you pass these values to either by a post to that page or querystring and generate the form dynamically and at the end of the page write an submit acton using javascript.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
The first step to building an amazing About page is to figure out what you want the page to say about your company. You then must grab the attention of the reader, boast a bit, tell a story and let others brag about you. With a little bit of thought…
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.
Suggested Courses
Course of the Month11 days, 2 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question