Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Passing Variables to an external login page

  • 23-09-2010 2:42pm
    #1
    Registered Users, Registered Users 2 Posts: 98 ✭✭


    Folks im trying to access an external website from within my own. I'd like to be able to by pass the login phase of the external website to give the effect of a single sign on etc.

    The external websites login page is pretty straight forward, ie https//externalsite/login.jsf.

    I've looked at doing things along the lines of https//externalsite/login.jsf?j_username=username&j_password=password, although its trial and error etc.

    I know I need to call the action login, with the appropriate parameters filled although im currently not getting anywhere.

    Any help appreciated, thanks.


Comments

  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    It mostly depends on how the logon page on the external site works - what does the page use to decide whether it should try a logon or not?

    Some pages check to see if the HTTP_METHOD is a POST. You would then need to see if you can initiate a POST request to that site, passing in the credentials of the user. If they check to see if the POST request originated only from the same site, then that wouldn't work.

    Some just check to see if the value of the submit button is not null, in which case something like this would probably work:
    https//externalsite/login.jsf?j_username=username&j_password=password&cmdsubmit=Logon


  • Registered Users, Registered Users 2 Posts: 98 ✭✭gerryg80


    Here's the source from the login page
    <form action="j_security_check" method="post">
                <center>
                    <div id="LoginBoxBorder" align="center">
                        <div id="LoginHeadText">Login Page</div>
                        <div id="LoginAll">
                            <table>
                                <tbody>
                                 <tr><td colspan="2" class="loginErrorMsg"><div id="errorMsgPlaceHolder"></div></td></tr>
                                    <tr>
                                        <td>
                                            <label for="username">Username:</label>
                                        </td>
                                        <td width="200px">
                                            <input type="text" size="30"
                                                   name="j_username" id="username"/>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td>
                                            <label for="password">Password:</label>
                                        </td>
                                        <td>
                                            <input type="password" size="30"
                                                   name="j_password" id="password"/>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td>&nbsp;</td>
                                        <td>
                                            <input type="submit" value="Login" onClick="javascript:return validateForm();"/>
                                            <input type="reset" value="Reset"/>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td colspan="2" align="left">
                                            <img src="./img/bglogo.png" align="left"
                                                 alt=""/>
                                        </td>
                                    </tr>
                                </tbody>
                            </table>
                        </div>
                    </div>
                </center>
            </form>
    

    Ive looked at trying the following,
    https//externalsite/login.jsf?j_username=username&j_password=password&cmdsubmit=Login

    I can't seem to get the form to submit the details


  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    No, you need to find out the server-side code. How the page itself decides whether to try and attempt a logon or not.

    Does it see if someone has done a POST rather than a GET? Or does it just check to see if certain values are present. If the latter, then manipulating the query string might work.


  • Registered Users, Registered Users 2 Posts: 2,236 ✭✭✭techguy


    Could you try something like writing a html page on your site that would contain the full url to the login page. You could populate the form fields (user/pass) using PHP then tell the html page to submit the form after it has fully loaded.

    I had success with this automatically loggin into the eircom broadband stats page.

    Auto submit form:
    <body onload="window.document.stats.submit()">
    
    Form:
    	<form method="POST" name="stats" action="http://broadbandsupport.eircom.net/stats.asp">
    		<input type="text" name="username" class="statsForm" value="---------"/>
    		<input type="text" name="password" class="statsForm" value="---------" />
            <input type="submit" value="submit">
    	</form>
    
    

    You could then use CSS to hide all of this and display a fancy "logging you in" message to the user. The only problem with this is that the username and password is displayed in plaintext in the source.

    Maybe you could do something with PHP to set headers and construct the POST request then send the client page to the login while sending the user details. Don't know if this would work but it might be worth looking into.

    Are you familiar with PHP?


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    You could use cURL - http://php.net/manual/en/book.curl.php

    I done it few years back for sending SMS messages automatically via O2. handles cookies and all.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,236 ✭✭✭techguy


    Webmonkey wrote: »
    You could use cURL - http://php.net/manual/en/book.curl.php

    I done it few years back for sending SMS messages automatically via O2. handles cookies and all.

    But won't that just provide a logged in session for the PHP script and not the user/browser. I think the OP wants to be able to get his site to login the user to the 3rd party site so they can then access that site like normal.

    I may be completely off base on this however.


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    Yeah you right. I'm not sure what the OP wants to do on the external site but I suppose what you say makes more sense alright.


  • Registered Users, Registered Users 2 Posts: 98 ✭✭gerryg80


    techguy wrote: »
    Could you try something like writing a html page on your site that would contain the full url to the login page. You could populate the form fields (user/pass) using PHP then tell the html page to submit the form after it has fully loaded.

    I had success with this automatically loggin into the eircom broadband stats page.

    Auto submit form:
    <body onload="window.document.stats.submit()">
    
    Form:
        <form method="POST" name="stats" action="http://broadbandsupport.eircom.net/stats.asp">
            <input type="text" name="username" class="statsForm" value="---------"/>
            <input type="text" name="password" class="statsForm" value="---------" />
            <input type="submit" value="submit">
        </form>
     
    

    You could then use CSS to hide all of this and display a fancy "logging you in" message to the user. The only problem with this is that the username and password is displayed in plaintext in the source.

    Maybe you could do something with PHP to set headers and construct the POST request then send the client page to the login while sending the user details. Don't know if this would work but it might be worth looking into.

    Are you familiar with PHP?

    Hi Folks,

    Thanks for all the suggestions, your right tech guy I want to able to give the user what looks like a single sign on effect through my own website to a 3rd party website.

    So if i understand what what your saying, i need to direct the user to the user to a different HTML page, fill in the details, and then call the action on the external login form.

    Im not totally familar with PHP, currently trying to use java.


  • Registered Users, Registered Users 2 Posts: 2,236 ✭✭✭techguy


    Yes, thats what i'm saying.

    Are you talking about Java Server Pages (JSP) or a desktop app?


  • Registered Users, Registered Users 2 Posts: 98 ✭✭gerryg80


    techguy wrote: »
    Yes, thats what i'm saying.

    Are you talking about Java Server Pages (JSP) or a desktop app?

    Ya im trying to use JSP's.
    I think i may have to reconsider my options, the login page seems to use javascript and xmlhttp calls to perform action/login. Which is an area im not totally familar with. From the looks of the code do the calls for the login have to be made from within the actual login page.

    Here's the full source code.
     
    <html>
        <head>
            <title>External Website</title>
            <link href="skins/skin/skin.css" rel="stylesheet" media="screen"/>
        </head>
        <body>
        <script type="text/javascript">
         var request;
     function validateForm(){
     var errorDiv = document.getElementById('errorMsgPlaceHolder');
     errorDiv.innerHTML = '';
     if (document.getElementById('username').value.length < 1) {
      errorDiv.innerHTML = 'Please enter username';
      document.getElementById('username').focus();
      return false;
     }
     if (document.getElementById('password').value.length < 1) {
       errorDiv.innerHTML = 'Please enter password';
       document.getElementById('password').focus();
       return false;
     }
            //all ok, show loading gif and call servlet
     document.getElementById('errorMsgPlaceHolder').innerHTML = "<img src='img/loadingImg.gif' alt='loading...' border=0/>";
     var servletUrl = 'logincheck?username=' + document.getElementById('username').value;
     var file_ajax_version = "0.1.3"
     var xmlhttp=false;
     if (window.ActiveXObject) { //else assume this is IE
       var msobj = new Array( "Msxml2.XMLHTTP.6.0",
             "Msxml2.XMLHTTP.4.0",
             "Msxml2.XMLHTTP.3.0",
             "Msxml2.XMLHTTP",
             "Microsoft.XMLHTTP");
       var x, len = msobj.length;
       for (x = 0; x < len; ++x) { // try each MS ActiveX object in turn
        try {
         xmlhttp = new ActiveXObject(msobj[x]);
         break;
        }
        catch (err) {
         //alert(file_ajax_version + ": Error initializing XMLHttpRequest 2.\n" + err); // show error
        }
       }
      }
      else {//} if (window.XMLHttpRequest) { //if ECMA version of object is available
       try {
        netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
        netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
       }
       catch (err) {
        //alert("Error initializing XMLHttpRequest 1.\n" + err); // show error
       }
       xmlhttp = new XMLHttpRequest(); // instantiate it
      }
     
      xmlhttp.open("GET", servletUrl,false);
      xmlhttp.send(null);
      if (xmlhttp.responseText == 'ok')
      {return true;}else {
           document.getElementById('errorMsgPlaceHolder').innerHTML = xmlhttp.responseText;
        return false;
      }
        }
     </script>
        <form action="j_security_check" method="post">
                <center>
                    <div id="LoginBoxBorder" align="center">
                        <div id="LoginHeadText">External Web Site</div>
                        <div id="LoginAll">
                            <table>
                                <tbody>
                                 <tr><td colspan="2" class="loginErrorMsg"><div id="errorMsgPlaceHolder"></div></td></tr>
                                    <tr>
                                        <td>
                                            <label for="username">Username:</label>
                                        </td>
                                        <td width="200px">
                                            <input type="text" size="30"
                                                   name="j_username" id="username"/>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td>
                                            <label for="password">Password:</label>
                                        </td>
                                        <td>
                                            <input type="password" size="30"
                                                   name="j_password" id="password"/>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td>&nbsp;</td>
                                        <td>
                                            <input type="submit" value="Login" onClick="javascript:return validateForm();"/>
                                            <input type="reset" value="Reset"/>
                                        </td>
                                    </tr>
                                    <tr>
                                        <td colspan="2" align="left">
                                            <img src="./img/bglogo.png" align="left"
                                                 alt="Web Site"/>
                                        </td>
                                    </tr>
                                </tbody>
                            </table>
                        </div>
                    </div>
                </center>
            </form></body>
    </html>
    


  • Advertisement
Advertisement