?
Solved

Opening URL and automatically login.  Pass username, password, and trigger login button.

Posted on 2006-11-06
7
Medium Priority
?
394 Views
Last Modified: 2011-09-20
Is there a way to create a link on my website that would allow me to redirect a user to a different website and automatically login them in by sending the username and password needed and then triggering the login button for them?  Thanks!
0
Comment
Question by:Quetysis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 19

Accepted Solution

by:
VoteyDisciple earned 500 total points
ID: 17882085
This depends entirely on how that site is structure.  If it's htaccess authentication then you can get away with just redirecting to:

https://username:password@www.example.com/


If the other website's login form uses the "get" method then you can just reconstruct the URL the same way their form does:

https://www.example.com/login?option=value&username=scott&password=tiger


If the otehr website's login form uses the "post" method (which of these three possibilities is most likely) then you have it a little worse off.  You could
1.  Create a similar "post" form on your own site (with the same action as the other site's form, of course) and just fill in the username and password in hidden fields
2.  Programatically issue a POST to the other server (harder, but definitely possible, especially with the help of some existing library code).
0
 
LVL 4

Expert Comment

by:noam_dz
ID: 17882165
You can use https://www.example.com/login?option=value&username=scott&password=tiger even if the form is orignaly in "post" it will recive "get" as well.
0
 
LVL 13

Assisted Solution

by:AngryBinary
AngryBinary earned 500 total points
ID: 17882168
You could create a form which stores the login and password as hidden values and posts these values to the login page on the other site. What is most important is how the site processes it's logins. Most likely, they have a page with a login form that posts back to a page that validates and performs the login. The latter page is the one you will have to post to, using the names of the form fields on the former page.

If the site uses file access security, which usually manifests as a modal window popup with textbox inputs for login and password, I believe some older browsers support the syntax http://username:password@somesite.com/securedcontent.html to auto-login, however in some newer browsers this capability has been disabled.

It should be noted that no matter what, the site that owns the login page will have the capability to prevent logins from coming elsewhere by checking the referer. Also, this kind of activity might not comply with their intended usage, so it may cause some annoyance on their end.

Cheers,
--Randall
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 19

Expert Comment

by:VoteyDisciple
ID: 17882241
noam_dz, that's not necessarily true.  Some sites are indeed poorly configured, and will treat "get" data the same as "post" data.  It's certainly worth trying  (if it works, hey, problem solved), but it's definitely not a guarantee.  A site designed with a little more attention to detail will consider only posted data for logging in.

In PHP, for example, the login page may look directly at $_POST, and not at $_REQUEST.  
0
 
LVL 18

Assisted Solution

by:Morcalavin
Morcalavin earned 500 total points
ID: 17882260
"You can use https://www.example.com/login?option=value&username=scott&password=tiger even if the form is orignaly in "post" it will recive "get" as well."

Not necessarily.  You can script explicitly to accept get, post, or both.  If the login script is designed to look at post data only, putting it in the querystring isn't going to do any good.
0
 

Author Comment

by:Quetysis
ID: 17882424
thanks everyone!  I'll give those a try and see what happens...
0
 
LVL 1

Assisted Solution

by:jacckk
jacckk earned 500 total points
ID: 17885578
If you want to generalize the action you need the form username field name, password field name, the username and password and the submit URL. You can write an asp/php page, that you pass these values to either by a post to that page or querystring and generate the form dynamically and at the end of the page write an submit acton using javascript.
0

Featured Post

WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
Q&A with Course Creator, Mark Lassoff, on the importance of HTML5 in the career of a modern-day developer.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question