Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Passing Variables to an external login page
Options
-
23-09-2010 3:42pm#1Folks im trying to access an external website from within my own. I'd like to be able to by pass the login phase of the external website to give the effect of a single sign on etc.
The external websites login page is pretty straight forward, ie https//externalsite/login.jsf.
I've looked at doing things along the lines of https//externalsite/login.jsf?j_username=username&j_password=password, although its trial and error etc.
I know I need to call the action login, with the appropriate parameters filled although im currently not getting anywhere.
Any help appreciated, thanks.0
Comments
-
It mostly depends on how the logon page on the external site works - what does the page use to decide whether it should try a logon or not?
Some pages check to see if the HTTP_METHOD is a POST. You would then need to see if you can initiate a POST request to that site, passing in the credentials of the user. If they check to see if the POST request originated only from the same site, then that wouldn't work.
Some just check to see if the value of the submit button is not null, in which case something like this would probably work:
https//externalsite/login.jsf?j_username=username&j_password=password&cmdsubmit=Logon0 -
Here's the source from the login page
<form action="j_security_check" method="post"> <center> <div id="LoginBoxBorder" align="center"> <div id="LoginHeadText">Login Page</div> <div id="LoginAll"> <table> <tbody> <tr><td colspan="2" class="loginErrorMsg"><div id="errorMsgPlaceHolder"></div></td></tr> <tr> <td> <label for="username">Username:</label> </td> <td width="200px"> <input type="text" size="30" name="j_username" id="username"/> </td> </tr> <tr> <td> <label for="password">Password:</label> </td> <td> <input type="password" size="30" name="j_password" id="password"/> </td> </tr> <tr> <td> </td> <td> <input type="submit" value="Login" onClick="javascript:return validateForm();"/> <input type="reset" value="Reset"/> </td> </tr> <tr> <td colspan="2" align="left"> <img src="./img/bglogo.png" align="left" alt=""/> </td> </tr> </tbody> </table> </div> </div> </center> </form>
Ive looked at trying the following,
https//externalsite/login.jsf?j_username=username&j_password=password&cmdsubmit=Login
I can't seem to get the form to submit the details0 -
No, you need to find out the server-side code. How the page itself decides whether to try and attempt a logon or not.
Does it see if someone has done a POST rather than a GET? Or does it just check to see if certain values are present. If the latter, then manipulating the query string might work.0 -
Could you try something like writing a html page on your site that would contain the full url to the login page. You could populate the form fields (user/pass) using PHP then tell the html page to submit the form after it has fully loaded.
I had success with this automatically loggin into the eircom broadband stats page.
Auto submit form:<body onload="window.document.stats.submit()">
Form:<form method="POST" name="stats" action="http://broadbandsupport.eircom.net/stats.asp"> <input type="text" name="username" class="statsForm" value="---------"/> <input type="text" name="password" class="statsForm" value="---------" /> <input type="submit" value="submit"> </form>
You could then use CSS to hide all of this and display a fancy "logging you in" message to the user. The only problem with this is that the username and password is displayed in plaintext in the source.
Maybe you could do something with PHP to set headers and construct the POST request then send the client page to the login while sending the user details. Don't know if this would work but it might be worth looking into.
Are you familiar with PHP?0 -
You could use cURL - http://php.net/manual/en/book.curl.php
I done it few years back for sending SMS messages automatically via O2. handles cookies and all.0 -
Advertisement
-
You could use cURL - http://php.net/manual/en/book.curl.php
I done it few years back for sending SMS messages automatically via O2. handles cookies and all.
But won't that just provide a logged in session for the PHP script and not the user/browser. I think the OP wants to be able to get his site to login the user to the 3rd party site so they can then access that site like normal.
I may be completely off base on this however.0 -
Yeah you right. I'm not sure what the OP wants to do on the external site but I suppose what you say makes more sense alright.0
-
Could you try something like writing a html page on your site that would contain the full url to the login page. You could populate the form fields (user/pass) using PHP then tell the html page to submit the form after it has fully loaded.
I had success with this automatically loggin into the eircom broadband stats page.
Auto submit form:<body onload="window.document.stats.submit()">
Form:<form method="POST" name="stats" action="http://broadbandsupport.eircom.net/stats.asp"> <input type="text" name="username" class="statsForm" value="---------"/> <input type="text" name="password" class="statsForm" value="---------" /> <input type="submit" value="submit"> </form>
You could then use CSS to hide all of this and display a fancy "logging you in" message to the user. The only problem with this is that the username and password is displayed in plaintext in the source.
Maybe you could do something with PHP to set headers and construct the POST request then send the client page to the login while sending the user details. Don't know if this would work but it might be worth looking into.
Are you familiar with PHP?
Hi Folks,
Thanks for all the suggestions, your right tech guy I want to able to give the user what looks like a single sign on effect through my own website to a 3rd party website.
So if i understand what what your saying, i need to direct the user to the user to a different HTML page, fill in the details, and then call the action on the external login form.
Im not totally familar with PHP, currently trying to use java.0 -
Yes, thats what i'm saying.
Are you talking about Java Server Pages (JSP) or a desktop app?0 -
Yes, thats what i'm saying.
Are you talking about Java Server Pages (JSP) or a desktop app?
Ya im trying to use JSP's.
I think i may have to reconsider my options, the login page seems to use javascript and xmlhttp calls to perform action/login. Which is an area im not totally familar with. From the looks of the code do the calls for the login have to be made from within the actual login page.
Here's the full source code.<html> <head> <title>External Website</title> <link href="skins/skin/skin.css" rel="stylesheet" media="screen"/> </head> <body> <script type="text/javascript"> var request; function validateForm(){ var errorDiv = document.getElementById('errorMsgPlaceHolder'); errorDiv.innerHTML = ''; if (document.getElementById('username').value.length < 1) { errorDiv.innerHTML = 'Please enter username'; document.getElementById('username').focus(); return false; } if (document.getElementById('password').value.length < 1) { errorDiv.innerHTML = 'Please enter password'; document.getElementById('password').focus(); return false; } //all ok, show loading gif and call servlet document.getElementById('errorMsgPlaceHolder').innerHTML = "<img src='img/loadingImg.gif' alt='loading...' border=0/>"; var servletUrl = 'logincheck?username=' + document.getElementById('username').value; var file_ajax_version = "0.1.3" var xmlhttp=false; if (window.ActiveXObject) { //else assume this is IE var msobj = new Array( "Msxml2.XMLHTTP.6.0", "Msxml2.XMLHTTP.4.0", "Msxml2.XMLHTTP.3.0", "Msxml2.XMLHTTP", "Microsoft.XMLHTTP"); var x, len = msobj.length; for (x = 0; x < len; ++x) { // try each MS ActiveX object in turn try { xmlhttp = new ActiveXObject(msobj[x]); break; } catch (err) { //alert(file_ajax_version + ": Error initializing XMLHttpRequest 2.\n" + err); // show error } } } else {//} if (window.XMLHttpRequest) { //if ECMA version of object is available try { netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead"); netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); } catch (err) { //alert("Error initializing XMLHttpRequest 1.\n" + err); // show error } xmlhttp = new XMLHttpRequest(); // instantiate it } xmlhttp.open("GET", servletUrl,false); xmlhttp.send(null); if (xmlhttp.responseText == 'ok') {return true;}else { document.getElementById('errorMsgPlaceHolder').innerHTML = xmlhttp.responseText; return false; } } </script> <form action="j_security_check" method="post"> <center> <div id="LoginBoxBorder" align="center"> <div id="LoginHeadText">External Web Site</div> <div id="LoginAll"> <table> <tbody> <tr><td colspan="2" class="loginErrorMsg"><div id="errorMsgPlaceHolder"></div></td></tr> <tr> <td> <label for="username">Username:</label> </td> <td width="200px"> <input type="text" size="30" name="j_username" id="username"/> </td> </tr> <tr> <td> <label for="password">Password:</label> </td> <td> <input type="password" size="30" name="j_password" id="password"/> </td> </tr> <tr> <td> </td> <td> <input type="submit" value="Login" onClick="javascript:return validateForm();"/> <input type="reset" value="Reset"/> </td> </tr> <tr> <td colspan="2" align="left"> <img src="./img/bglogo.png" align="left" alt="Web Site"/> </td> </tr> </tbody> </table> </div> </div> </center> </form></body> </html>0 -
Advertisement
Advertisement