Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

invisible auto-login to remote website

Status
Not open for further replies.
AlexandreAmant

AlexandreAmant

IS-IT--Management
Aug 24, 2002
94
BE
Hi,

I'd like to show a page to a visitor that is protected by .htaccess, without giving him my login/password.

What language should I use for this ?

I've seen that MS has now patched the usage user:pass@url_to_visit in IE so this is a no way as most webusers are on IE.

Anyone with a good solution that would not compromise my password ? I guess it must be done on the server side, but I don't know which language to use for that.

Thanks !
 
Sort by date Sort by votes
I'd like to show a page to a visitor that is protected by .htaccess, without giving him my login/password.
Click to expand...

why dont you make a temporary password as well (php, asp or anyother of the SS languages would work) in your password dbase.

or just email this user the page.

zzzzzz
 
Upvote 0 Downvote
Hi Deecee,

I don't control the password of the page that I want to display (I log-in on a remote site and I can't add a user or password). So I have to login with a sort of master password to have access to the particular page that I want to display.

The page is dynamic (the user can select different things to see from menus) so I can't email it.
 
Upvote 0 Downvote
Hi mate,

If you have no control over the remote server, your pretty much stuck. Any method you use to connect would really require modifications on the remote server.

Hope this helps

Wullie


The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
Hi Wullie,

I find you rather pessimistic ;o)

There should be a way of hiding the credentials in my code (or server-side script) and calling the remote page to display on my site.

I remain optimistic !
 
Upvote 0 Downvote
AlexandreAmant said:
I find you rather pessimistic ;o)
Click to expand...

While coding can do many things, there are always limitations, especially when working with an external server that is out of your control.

AlexandreAmant said:
There should be a way of hiding the credentials in my code (or server-side script) and calling the remote page to display on my site.
Click to expand...

Now, this is a different story and not my take on your original question. From your comment about the browser I thought you wanted to redirect to this site rather than pull the page in locally.

I use Coldfusion so can only really comment on that, but if you have CF you should be able to do this with CFHTTP supplying it with the username and password.

Hope this helps

Wullie


The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
OK thanks. Unfortunately, I don't have Coldfusion (never used it), but at least I know it is possible.

Anyone else using any other server-side language who has experience with such a problem ?

Ideally PHP or Perl, but I might ask too much....

Thanks !
 
Upvote 0 Downvote
You could set up VNC on a machine and then supply the third party with a usercode/password to enable them access to control that machine.

Then visit the site that uses .htaccess to protect it... and click the "remember my password" checkbox that appears in the popup login screen.

That way the third party will still have the popup login screen... but they can click the "OK" button (since the password is "remembered" and shown as "bullets" in the password field").

You could even set the browser up to be in Kiosk mode to make it less obvious that they really have full control of the machine.

If you used VirtualPC or the VMWare equivalent, then you could run this all in a virtual "sandbox" (and it really wouldn't matter if they trashed the host).

This is most likely not the solution you were looking for... but I'm trying to be helpful and provide a lateral slant on things for you.

Jeff
 
Upvote 0 Downvote
Jeff,

It's not the solution I am looking for as anyone on the web must be able to access my site, but thanks for the idea anyway !

 
Upvote 0 Downvote
I'd like to show a page to a visitor that is protected by .htaccess, without giving him my login/password
Click to expand...

I understood that to be a specific visitor (to your organisation?) rather than all people who visit your website.

I would have thought that the idea of having a site behind .htaccess was to prevent anyone "from getting in" without the password. If, as you say, the site is not managed by you... be sure to check the terms and conditions of your access... there may be a clause in there designed to prevent you "enabling free access" to their content.

Jeff
 
Upvote 0 Downvote
Jeff,

Thanks for these considerations.

The people will have to log on to my site, so only a selected amount of people will have access and they will actually see a page that is on another site (so I must pull it) and on which I must login myself with a login that I don't want my visitor to see.

I hope it is more clear now...

Thanks !
 
Upvote 0 Downvote
It sounds to me that you have a piad memebership to a site and now you want others to see that site, via your website. If this is the case, then you are clearly in violation of the terms of your agreement with that site and I doubt that anyone here will be too anxious to provide assistance.

There's always a better way. The fun is trying to find it!
 
Upvote 0 Downvote
Hi tviman,

This is totally not the case. I am not trying to violate any agreement I might have or anything like that.

I am trying to give access to statistics of visits to my clients who have bought hosting from me. I need to log them on the stat website (the one protected by .htaccess) and for that, they will log on to a protected part on my website, to avoid putting their stats public.

I can't give out the stats website password because then they could do anything using my login because it is the same login for everything on this site.
 
Upvote 0 Downvote
AlexandreAmant said:
I am trying to give access to statistics of visits to my clients who have bought hosting from me. I need to log them on the stat website (the one protected by .htaccess) and for that, they will log on to a protected part on my website, to avoid putting their stats public.

I can't give out the stats website password because then they could do anything using my login because it is the same login for everything on this site.
Click to expand...

I know this isn't what you are looking for, but some insight might be able to get you a workaround to this.

[ul]
[li]Is this for dedicated or shared hosting?[/li]

[li]Are you showing the full machines stats or single users?[/li]

[li]If it is single users, how are you going to determine which user sees which page? (Or will they see everyones stats)[/li]

[li]If this is a dedicated machine, why don't you generate your own stats? (Possible also with shared)[/li]
[/ul]
Hope this helps

Wullie


The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
Hi Wullie,

Thanks for your comments.

Shared hosting, I'm showing single users.

Indeed, someone with access *could* tweak the URL and see someone else's stats if he knows the site name. But if I put it in a frame, it will be already more difficult.
 
Upvote 0 Downvote
Okay, then how about something like this:

Create a cgi script and embed the username & password within the script and redirect to the site statistics page for the appropriate user. Or, create an FTP process to extract the statistics via a cgi script?

Without knowing the mechanics of your server, it's impossible to provide the exact scripting techniques or other possibilites, or even if this would be feasible.

Hope this helps...

PS: My apologies for the implications of my earlier post. This is a prime example of the importance of providing as much information as possible "up front" so you can get the response and help you need. Only on your seventh post did you fully explain what you wanted to do.

There's always a better way. The fun is trying to find it!
 
Upvote 0 Downvote
tviman,

Thanks for that and sorry for not being clear since the beginning, a good lesson for me.

My case is quite tricky because my remote server uses a login on urchin to get the stats, so I can't ftp, I must display what the server displays.

I'm working on a PHP script around that, I'll post it here is it works.

In the meantime, I am waiting for more input from anyone who came across this problem.

Thanks !
 
Upvote 0 Downvote
Another thought...

Suppose you send the data to your clients each day via email? You could create a script (PHP or PERL) to cycle through a list of your clients, pull the stats and send them. If you have control of the server you could even set this up as a cron job.

Another option would be to place the reports in a sub-directory in each users htdocs or - maybe name the file by date and let them read/view/delete at will.

Just some thoughts....

There's always a better way. The fun is trying to find it!
 
Upvote 0 Downvote
Ok, now we are getting a little further. [wink]

What version of Urchin is this? I'm guessing it's an older version because the one we run for our customers (v5) does not use htaccess in any way, it uses an actual login and supports direct linking.

Also, is this password really sensitive to you or do you just not want your clients accessing any other client's stats? What I mean by this is can you supply us with a login to test some methods? (Obviously don't just post the password here though)

tviman

Without knowing the actual version yet, I think the problem here is that the stats are multiple pages (quite a few)

For example, here is a version that runs on our server:


As you can see from this, it would be pretty difficult to mail or save the file every day.

Hope this helps

Wullie


The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
Wullie, I see what you mean - it's been a while since I looked at an Urchin report.

You bring up a point that's been nagging at the back of my mind for a couple of days (of course, the back isn't too far from the front nowadays...).

Anyway, here's the nag - and remember that I'm no server whiz like you but I think I have a pretty good grasp of how they work...

I am trying to give access to statistics of visits to my clients who have bought hosting from me.
Click to expand...

The itch: if AlexandreAmant is selling hosting services, how are his clients maintaining their respective sites? Is he doing all the site maintenance? Also, he indicates that there is, indeed, seperate reports for each hosting account. This brings me back to the question of why does he have to use his user/password to access his clients web reports? Shouldn't they be able to do this on their own without his intervention?

There's always a better way. The fun is trying to find it!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Digital Dose
  • Locked
  • Question
My website refreshes twice when it is opened on any browser. 1
Replies
3
Views
256
sartechy
sartechy
ControlNovice
  • Locked
  • Question
Any plans to add AppSheet programming to this list?
Replies
0
Views
177
ControlNovice
ControlNovice
tyutghf
  • Locked
  • Question
Chat to current website visitors together
Replies
1
Views
187
antanasdeg
antanasdeg
JScannell
  • Locked
  • Question
Accessing a localhost website from other devices
Replies
4
Views
262
JScannell
JScannell
tyutghf
  • Locked
  • Question
Linkedin updates on website
Replies
0
Views
150
tyutghf
tyutghf

Part and Inventory Search

Sponsor

Back
Top