hyperlink to Bypass login

Discussion in 'Javascript' started by Priya, Apr 29, 2010.

  1. Priya

    Priya Guest

    I would need to provide a hyperlink on my website that would let users
    to login automatically with a username and password. Could I do that
    with javascript, if yes can someone please direct me to the
    documentation that would give the steps of doing so?

    Any help is greatly appreciated. Thanks.
    Priya, Apr 29, 2010
    #1
    1. Advertising

  2. Priya

    Priya Guest

    On Apr 29, 12:26 pm, Ivan Marsh <> wrote:
    > Priya wrote:
    > > I would need to provide a hyperlink on my website that would let users
    > > to login automatically with a username and password. Could I do that
    > > with javascript, if yes can someone please direct me to the
    > > documentation that would give the steps of doing so?

    >
    > > Any help is greatly appreciated. Thanks.

    >
    > You can't secure a website client-side.
    >
    > http://www.developer.com/tech/article.php/923111/Client-side-Versus-S...
    >
    > --
    > "All right, all right, if it will make you happy, I will overthrow society."
    >   - Philip J. Fry


    Hi Ivan, can I do it if I had access to the server? Can I get coding
    help online?
    Priya, Apr 29, 2010
    #2
    1. Advertising

  3. Priya

    Priya Guest

    Yes that is exactly what I am trying to do-pass a username/password to
    an existing site, so it would automatically log me in. Can I find some
    documentation online, I am a newbie; so any help will be greatly
    appreciated. Thank you for all the info.
    Priya, Apr 29, 2010
    #3
  4. Priya

    Ry Nohryb Guest

    On Apr 29, 7:08 pm, Priya <> wrote:
    > Yes that is exactly what I am trying to do-pass a username/password to
    > an existing site, so it would automatically log me in. Can I find some
    > documentation online, I am a newbie; so any help will be greatly
    > appreciated. Thank you for all the info.


    http://example.com/login.html?user=user&password=password

    Not that it would be a good idea though.
    --
    Jorge.
    Ry Nohryb, Apr 29, 2010
    #4
  5. Priya wrote:

    > Yes that is exactly what I am trying to do-pass

    ^^^^^^^
    YSCIB.

    > a username/password to an existing site, so it would automatically log me
    > in.


    Where "me" is really you, from a local (file://) site on your local system
    connected to the Internet, in a Web browser?

    > Can I find some documentation online,


    Yes? (That is not a question either.)

    > I am a newbie;


    And therefore not required to use your brain before posting?

    <http://www.catb.org/~esr/faqs/smart-questions.html>
    <http://jibbering.com/faq/#posting>

    > so any help will be greatly appreciated. Thank you for all the info.


    To do this, I had created a bookmarklet that uses the `javascript:' scheme
    to generate a document that duplicates the form usually used to log in to
    the service (with the exception of the `action' attribute, which value must
    contain the full URL) that submits itself:

    javascript:'<!DOCTYPE html ...><html>...<body
    onload="document.forms[0].submit()"><form action="http://..."
    method="POST">...</form></body></html>'

    It could be rewritten accepting parameters (such as username, password, and
    site), or be reused to write a script for any Web site (the Same Origin
    Policy does not apply then) that uses DOM scripting to append and submit the
    form. If you use the bookmarklet and the login data is hard-coded, you
    should make sure that the bookmarks file cannot be accessed by unauthorized
    people.

    Chances are that the original login form used by the service uses POST, so
    you will have to use a form or XHR anyway. A simple link would not suffice,
    and it would probably be off-topic here anyway (no scripting necessarily
    involved).


    PointedEars
    --
    Anyone who slaps a 'this page is best viewed with Browser X' label on
    a Web page appears to be yearning for the bad old days, before the Web,
    when you had very little chance of reading a document written on another
    computer, another word processor, or another network. -- Tim Berners-Lee
    Thomas 'PointedEars' Lahn, Apr 29, 2010
    #5
  6. Priya

    Ry Nohryb Guest

    On Apr 29, 7:48 pm, Ry Nohryb <> wrote:
    > On Apr 29, 7:08 pm, Priya <> wrote:
    >
    > > Yes that is exactly what I am trying to do-pass a username/password to
    > > an existing site, so it would automatically log me in. Can I find some
    > > documentation online, I am a newbie; so any help will be greatly
    > > appreciated. Thank you for all the info.

    >
    > http://example.com/login.html?user=user&password=password
    >
    > Not that it would be a good idea though.


    In some sites this might also work:

    http://user:/login.html
    --
    Jorge.
    Ry Nohryb, Apr 29, 2010
    #6
  7. Ry Nohryb wrote:

    > Ry Nohryb wrote:
    >> Priya wrote:
    >> > Yes that is exactly what I am trying to do-pass a username/password to
    >> > an existing site, so it would automatically log me in. Can I find some
    >> > documentation online, I am a newbie; so any help will be greatly
    >> > appreciated. Thank you for all the info.

    >>

    > [...]
    > In some sites this might also work:
    >
    > http://user:/login.html


    This security-relevant bug has been fixed long ago. Default security
    settings in more recent browsers do not allow that anymore.


    PointedEars
    --
    Prototype.js was written by people who don't know javascript for people
    who don't know javascript. People who don't know javascript are not
    the best source of advice on designing systems that use javascript.
    -- Richard Cornford, cljs, <f806at$ail$1$>
    Thomas 'PointedEars' Lahn, Apr 29, 2010
    #7
  8. Priya

    Ry Nohryb Guest

    On Apr 29, 10:45 pm, Thomas 'PointedEars' Lahn <>
    wrote:
    > Ry Nohryb wrote:
    > > In some sites this might also work:

    >
    > > http://user:/login.html

    >
    > This security-relevant bug has been fixed long ago.  Default security
    > settings in more recent browsers do not allow that anymore.


    In your dreams, may be. I have just tried it out on the latest Safari,
    Chrome, Opera, and FireFox, my dear Pointy.
    --
    Jorge.
    Ry Nohryb, Apr 29, 2010
    #8
  9. Ry Nohryb wrote:

    > Thomas 'PointedEars' Lahn wrote:
    >> Ry Nohryb wrote:
    >> > In some sites this might also work:
    >> >
    >> > http://user:/login.html

    >>
    >> This security-relevant bug has been fixed long ago. Default security
    >> settings in more recent browsers do not allow that anymore.

    >
    > In your dreams, may be. I have just tried it out on the latest Safari,
    > Chrome, Opera, and FireFox, my dear Pointy.


    Microsoft removed the support for thos from IE because of the security
    issue.

    In Firefox (3.6) you have to set the user preference
    "network.http.phishy-userpass-length" from the default 1
    to 255 in order to have a good chance that no phishing
    warning is displayed.

    <http://kb.mozillazine.org/Network.http.phishy-userpass-length>

    It is unlikely that it will take other vendors long to take appropriate
    measures, so this approach must be recommended against.

    And stop calling me "(my dear) Pointy", Georgie-Baby.


    PointedEars
    --
    var bugRiddenCrashPronePieceOfJunk = (
    navigator.userAgent.indexOf('MSIE 5') != -1
    && navigator.userAgent.indexOf('Mac') != -1
    ) // Plone, register_function.js:16
    Thomas 'PointedEars' Lahn, Apr 30, 2010
    #9
  10. Priya

    Bwig Zomberi Guest

    Priya wrote:
    > Yes that is exactly what I am trying to do-pass a username/password to
    > an existing site, so it would automatically log me in. Can I find some
    > documentation online, I am a newbie; so any help will be greatly
    > appreciated. Thank you for all the info.


    1. Save the username/password in your browser and use the form-filling
    feature to do the login.

    2. If you need a Javascript solution, use user javascript to fill the
    form fields and do the submission as per the web page code. This will
    ensure that site's javascript gets to hashing the submitted contents.

    3. If the website allows authentication without javascript, then what
    Jorge suggested would work.
    http://example.com/login.html?user=user&password=password
    Of course, you need to look at the source, identify the form fields and
    then construct the correct URL with hidden additional fields if present
    or required. They may however block GET method in authentication.


    --
    Bwig Zomberi
    Bwig Zomberi, Apr 30, 2010
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    1,344
  2. davetichenor
    Replies:
    1
    Views:
    818
    Eliyahu Goldin
    Oct 30, 2006
  3. Ken
    Replies:
    1
    Views:
    369
    Alvin Bruney
    Aug 16, 2003
  4. Dave
    Replies:
    0
    Views:
    934
  5. Replies:
    0
    Views:
    141
Loading...

Share This Page