autologin

[a]

in linux, how do you start netscape on commandline and it opens a url which
has login and password boxes so basically you start netscape and it opens
a password protected site withouth having to push the login button?

 

[spaghetti]

in linux, how do you start netscape on commandline and it opens a url
which
has login and password boxes so basically you start netscape and it opens
a password protected site withouth having to push the login button?

You could do this by passing the login form values to the handling script
through the URL. For instance, if the page logs in with a form like this:

<form action="mypage.com/login.asp" method="post">
username: <input type="text" name="username"> <br>
password: <input type="password" name="password"> <br><br>
</form>

You can probably login with a URL like this:

http://mypage.com/login.asp?username=doris&password=ditz

 

[Toby A Inkster]

<form action="mypage.com/login.asp" method="post">
username: <input type="text" name="username"> <br>
password: <input type="password" name="password"> <br><br>
</form>

You can probably login with a URL like this:

http://mypage.com/login.asp?username=doris&password=ditz

That probably wouldn't work actually. Note the form method in your example
is POST. If it were GET it would work, but most login forms use the POST
method.

 

[spaghetti]

That probably wouldn't work actually. Note the form method in your
example
is POST. If it were GET it would work, but most login forms use the POST
method.

It technically shouldn't work, yes, but it probably does because alot of
server scripting platforms handle values passed through the URL or headers
the same way. In ASP for instance, Request.Querystring() grabs the value
from either URL or header, and $username in PHP is similar. So the method
I suggested above kinda takes advantage of that fact.

 

[Alan D-W]

It technically shouldn't work, yes, but it probably does because alot of
server scripting platforms handle values passed through the URL or headers
the same way. In ASP for instance, Request.Querystring() grabs the value
from either URL or header, and $username in PHP is similar. So the method
I suggested above kinda takes advantage of that fact.

In ASP:
request.querystring("surname") only gets the value from a GET and ignores
POSTed

request.form("surname") is the formal way to get the value from a POST and
ignores GET values in the URL

however, request("surname") will get the value from either, and is of course
the sloppy way because you could GET id and password in the URL instead of
having them POSTed from the proper login page.

Alan

 

[Andrew Urquhart]

It technically shouldn't work, yes, but it probably does because alot
of server scripting platforms handle values passed through the URL
or headers the same way. In ASP for instance, Request.Querystring()
grabs the value from either URL or header, and $username in PHP
is similar. So the method I suggested above kinda takes advantage
of that fact.

In ASP Request.Querystring() is querystring data only, so the previous
form would *not* work. However using Request("keyname") would 'work'
except that using such shortcut methods in any server-side language is a
web application security risk IMHO, always use the exact data collection
you're expecting.

 

[Augustus]

in linux, how do you start netscape on commandline and it opens a url which
has login and password boxes so basically you start netscape and it opens
a password protected site withouth having to push the login button?

You could look at their login form and get:

1) what fields they are using
2) what page the form is going to

Once you have that, you could write your own html web page with

<form method=________ action=________>
<input type=text name=________ value="your userID">
<input type=text name=________ value="your password">
<input type=submit value=submit>
</form>

then below that throw in some javascript to automatically submit the form

the _________ blanks are the values you get from their form (names, action,
method)

So to automatically log in to their page, you would load up your page, not
theirs

 

[spaghetti]

In ASP Request.Querystring() is querystring data only, so the previous

Eh, sorry, it's been a long time. I still hold that it works much of
the time though, so if it works for him, problem solved!

 

[a]

Augustus wrote:

Once you have that, you could write your own html web page with

<form method=________ action=________>
<input type=text name=________ value="your userID">
<input type=text name=________ value="your password">
<input type=submit value=submit>
</form>

I got this part simply by saving the page and adding values

then below that throw in some javascript to automatically submit the form

can you please give some quick example of such a script?
thanks

 

[a]

Eh, sorry, it's been a long time. I still hold that it works much of
the time though, so if it works for him, problem solved!

this has method="post" and it doesn't work for me
but thanks anyway

 

[Andrew Urquhart]

previous

Eh, sorry, it's been a long time. I still hold that it works much of
the time though, so if it works for him, problem solved!

I think you're talking bolognese.

 

[Augustus]

Augustus wrote:



I got this part simply by saving the page and adding values


form

can you please give some quick example of such a script?
thanks

assuming you give your form the name "MyForm":

<script>
document.MyForm.submit();
</script>

(this should work, my javascript is a little rusty)

 

[Adrienne]

however, request("surname") will get the value from either, and is of
course the sloppy way because you could GET id and password in the URL
instead of having them POSTed from the proper login page.

Additionally, it will also look through the Server and Cookie collections
as well. If there are items in those four collections with the same name
and different values, you could get yourself in trouble.