#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    7
    Rep Power
    0

    Adding a username/password to a URL or passing username/password to another URL


    Edit - This is for a non-production site. This is not going to be used by the general public. (Sorry... I should have noted this first)

    Hi All...

    I want the following logic to happen.

    1. ButtonClick
    2. New window opens
    3. Username/Password are already entered
    4. User clicks 'Login'
    5. User is logged in

    I'm at a loss... I've seen this occur before (Yes... after IE fixed the issue with IE6+), but I can't figure it out on my own... Need some help.

    I've tried this...

    Code:
    Username:PassWord1@university.edu/portal/server.pt
    and this... (using query parameters)

    Code:
    https://university.edu/portal/server.pt?userName=SomeUser&password=somePassword
    I just tried the following based on the id's of each field...

    Code:
    https://university.edu/portal/server.pt?in_tx_username=SomeUser&in_pw_userpass=somePassword
    It also didn't work...


    Wondering if there's a JS for this that would work in IE8?

    Regards,

    Jared
  2. #2
  3. A Not To Shabby Code Smurf
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Aug 2008
    Posts
    1,165
    Rep Power
    184
    I wouldn't send a username/password in a query string; that's not very security savoy; as a matter of fact..., that just defeats the purpose of having a login validation. All some one would have to do; is view a browser's history and they would have your end user's login credentials. You need to pass it with server-side sessions or cookies or... if security is not real concern; you could do this with HTML5 Web Storage using localStorage or sessionStorage.
  4. #3
  5. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,114
    Rep Power
    9398
    The username:password@ syntax only works for HTTP authentication, where your browser will probably present a pop-up login dialog (not something embedded in the page).

    Assuming the login stuff is on a different site,
    1. Since you have the credentials, why not just make the form on your side and have the user submit it that way? No need to go to the login page.
    2. If you have to go to the login page after all, you could only fill in the boxes like that if the page itself supports that. If not then you're out of luck. Best chance would be putting the information in the URL using the same field names as in the form, but (a) now you're putting the credentials in the URL and that's a very big no-no and (b) if the login page is written at all well then it wouldn't work.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    7
    Rep Power
    0
    See my edit above... I should have noted that from the beginning.
  8. #5
  9. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    You could do it from a browser extension, but not from normal JavaScript.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    7
    Rep Power
    0
    Originally Posted by E-Oreo
    You could do it from a browser extension, but not from normal JavaScript.
    @E-Oreo - How could I do it with a browser extension?

    This is for a school website. Our advisors use the website to guide students through the site. The issue is that if the username/password are entered in incorrectly, then the site locks up for 15 minutes. We have a lot of Advisors and about 100,000 students. We bed the site open at all times. I figured with the credentials already in, the user would only have to click login, and we could avoid that mess.

    Additionally, I can't place a script on the site itself because its also our public facing site that students use to log in. This is why I want to somehow script it so that if the site is accessed from another Intranet site (on our internal network), then the advisor can be logged in without messing with the credentials and locking up a valuable website...

    What if I were to contain the schhol login site on our intranet site, inside an iframe? Would that make any difference?
  12. #7
  13. CSS & JS/DOM Adept
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jul 2004
    Location
    USA (verifiably)
    Posts
    20,127
    Rep Power
    4304
    Welcome to DevShed Forums, webfrogs.

    I'd suggest making a special page with a pre-filled-in login form that can only be accessed from your intranet.

    Originally Posted by webfrogs
    The issue is that if the username/password are entered in incorrectly, then the site locks up for 15 minutes.
    After a single failure? That's quite excessive. (And not very much protection if someone writes a program to do a "brute force attack".) People mistype things all of the time. Also using complex passwords makes it easy to misremember slightly. Though most people use exceedingly simple passwords.
    Spreading knowledge, one newbie at a time.

    Check out my blog. | Learn CSS. | PHP includes | X/HTML Validator | CSS validator | Common CSS Mistakes | Common JS Mistakes

    Remember people spend most of their time on other people's sites (so don't violate web design conventions).
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    7
    Rep Power
    0
    How would I do that and have it connect to the actual site, validating the credentials to sign in?

    Originally Posted by Kravvitz
    Welcome to DevShed Forums, webfrogs.

    I'd suggest making a special page with a pre-filled-in login form that can only be accessed from your intranet.


    After a single failure? That's quite excessive. (And not very much protection if someone writes a program to do a "brute force attack".) People mistype things all of the time. Also using complex passwords makes it easy to misremember slightly. Though most people use exceedingly simple passwords.
  16. #9
  17. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    Set the form's action attribute to the same URL that the real login form's action attribute points at.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around

IMN logo majestic logo threadwatch logo seochat tools logo