Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

auto login 1

Status
Not open for further replies.
stasJohn

stasJohn

Programmer
May 6, 2004
155
0
0
US
Is the following possible?

A client runs a paid membership service. When a member joins, they are given a login/pass for multiple resources (websites).

Whats happening is, people are joining and passing the logins for these various websites to their peers, friends, etc.

So, the client wants an application where each user has a single login. Upon login they are presented with a page which lists the various sites they have available to them. Clicking a link will auto-log them into the website. This way, the member never knows the login details for each resource.

Is this possible? I thought curl was a solution, but realized curl doesn't quite work that way. Maybe ajax, but then all user/passes would be stored in an easy to view javascript file.
 
Sort by date Sort by votes
have a database shared between all the different resources.
keep a login flag in that database that is set by the despatching page.

each link from the despatching page should have a unique id in it with which the receiving website can create a session or link the session to a user. the uid is also, of course, the key for the lookup to the foreign database.

you might take this solution one stage further and use a fully database driven session management system. sleipnir214 has posted the code for this in the FAQ to this site.

but note: cookies can't cross domains. you will need to set separate cookies for each domain and pass the uid in the url first time round.
 
Upvote 0 Downvote
Thanks for the response.

That would be a good solution, but unfortunately I have no control over these resources. These websites are other sites built by other people.
 
Upvote 0 Downvote
how does the autologin to the foreign resources work then?
 
Upvote 0 Downvote
you have misunderstood.

how does each foreign resource manage automatic logins? do they have a rememberme function? do they deploy a specific cookie? how are their passwords handled? if they do not allow automatic logins do they use a changing password box field name to prevent autocompletion (or similar).

does your client have the *right* to resell logins to these foreign sites?
 
Upvote 0 Downvote
how does each foreign resource manage automatic logins? do they have a rememberme function? do they deploy a specific cookie? how are their passwords handled? if they do not allow automatic logins do they use a changing password box field name to prevent autocompletion (or similar).
Click to expand...

I'm guessing thats what I need to do. Unfortunately I don't know what the sites are. Still waiting on the client to send the list.

So, it seems I have to figure out how each site does it and mimic it... if possible?

does your client have the *right* to resell logins to these foreign sites?
Click to expand...
They're not actually reselling them. The client has deals with these (resource) websites that allow them to create new user accounts for members. By signing up through my client, the member gets some special perk on the(resource) website. When the member ends their membership, the user account is deleted from the (resource) website.

In a nutshell, membership with my client comes with memberships to a list of (resource) websites.
 
Upvote 0 Downvote
you certainly need to know the login systems of those foreign websites otherwise you can't even start working out a solution to this thread.

if there is a deal in place between your client and these sites, can't you also integrate technically in some respects (viz my first reply).
 
Upvote 0 Downvote
you certainly need to know the login systems of those foreign websites otherwise you can't even start working out a solution to this thread.
Click to expand...
Yes, so, it is possible to do this! but what php functions would help me with a solution?

if there is a deal in place between your client and these sites, can't you also integrate technically in some respects (viz my first reply).
Click to expand...
I will look into this.
 
Upvote 0 Downvote
i think the functions that you would use would entirely depend on the receiving site. in general cURL should work but the handoff to a direct browser-foreign resource website might be problematic (cookies). conversely rewriting everylink might also be a nightmare.

you could consider a frame solution and use the frame linked to your domain to control (by javascript) the logon to the other site. you could occlude the password a bit perhaps by using xmlhttprequest with some onetime encryption.

 
Upvote 0 Downvote
thanks for the suggestions. I'll research each more.
 
Upvote 0 Downvote
no worries:
you might also consider configuring a server to act as a proxy.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pc3957
  • Locked
  • Question
Any ideas how I can download a file from a web site that requires login mimicking clicks
Replies
1
Views
49
spamjim
spamjim
Stripes1283
  • Locked
  • Question
Use MySql Db as entry point(Login Creds) and redirect to other MySql db/s in php 1
Replies
2
Views
54
Stripes1283
Stripes1283
cleartango
  • Locked
  • Question
How do I change URL links in a login | register button?
Replies
2
Views
44
cleartango
cleartango
evil1966
  • Locked
  • Question
Multiple User Login Security and Tracking 1
Replies
9
Views
61
evil1966
evil1966
evil1966
  • Locked
  • Question
Opening Login page throws errors - Use of undefined constant SECURE & Cannot modify header infor
Replies
9
Views
99
evil1966
evil1966

Part and Inventory Search

Sponsor

Back
Top