| View previous topic :: View next topic |
| Author |
Message |
ccs
-
Joined: 02 Apr 2005
Posts: 101
|
 Posted: Sat Jul 23, 2005 7:32 pm Post subject: Passing login credentials |
 |
|
Excuse me if this has been covered, but I couldn't find anything related to this.
I have a web page for member's to enter their name and password. I'd like to then submit that information to a page on the web site that is protected via a list of user and groups.
The current problem is that whatever I do, the normal Windows Login screen pops up and forces the user to re-enter their name and password (unless they've done it before in which case they still have to click 'ok').
Is there a way I can send this login information to a protected page/folder location on the Abyss server (ver 2.x pro) and bypass the 'default' login method?
Thanks!
---Joe Byrne |
|
| Back to top |
  |
 |
MonkeyNation
-
Joined: 05 Feb 2005
Posts: 921
Location: Cardiff
|
| Posted: Mon Jul 25, 2005 2:08 am Post subject: |
|
|
Do you mean locations protected via abyss? (Unsure as its in the CGI area.)
http://username:password@domain.tld/directory/file.ext
_________________
 |
|
| Back to top |
    |
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Mon Jul 25, 2005 9:48 am Post subject: |
|
|
That format of credential passing is now disabled by default in IE/Firefox (not sure about Opera) after all the fuss about people using it to obfusicate domains in spam/phishing/other scams...
_________________
"Invent an idiot proof webserver and they'll invent a better idiot..." |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Mon Jul 25, 2005 2:02 pm Post subject: Re: Passing login credentials |
|
|
ccs,
Because of the reason invoked by Anonymoose, there is no other way than using a CGI script to act as a "proxy".
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
ccs
-
Joined: 02 Apr 2005
Posts: 101
|
| Posted: Thu Jul 28, 2005 7:20 am Post subject: |
|
|
| Quote: |
Because of the reason invoked by Anonymoose, there is no other way than using a CGI script to act as a "proxy".
|
Ok, I haven't a clue what this means thought.
In simple terms, there are web pages that have a form where you can enter your user name and password. When you submit the form, you are taken to a (presumably) protected area. eBay is a good example of this.
Then there are other sites where you attempt to access a protected page and you get a "generic" Windows login box (not an HTML component) and you enter your user name and password to gain access.
I am trying to figure out how to accomplish the first method. I assumed that the user account setup in the Abyss setup was the first step but once those accounts are created, I can't seem to access the protected area without the darn Windows login Popup box.
Do all these web sites with 'members section' deploy some form of protection outside of the Web server? It would seem to me that the safest method would be to let the web server control who accesses what and how. if the web server does provide this function, are there different ways to implement this type of security so sending the login credentials via a http header is possible?
Please let me know if this is still not clear. Its one of those things that seems like it should be really simple to do. |
|
| Back to top |
|
|
cmxflash
-
Joined: 11 Dec 2004
Posts: 872
|
| Posted: Thu Jul 28, 2005 11:51 am Post subject: |
|
|
<? if ($_POST[username]=="user"&&$_POST[password]=="password") { ?>
HTML here
<? } else { ?>
Login failed - HTML here
<? } ?> |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Thu Jul 28, 2005 12:53 pm Post subject: |
|
|
ccs,
We understand now what you meant. As you've guessed all these login systems are deployed outside of the "basic" HTTP authentication.
They usually verify the access credentials entered in the form against a database where logins and passwords are stored.
Most of them use cookies to track the opened user session.
For more information and tutorials, we recommend looking at http://www.cgi-fan.com/PHP/Tips_and_Tutorials/User_Authentication/ .
The examples there are for PHP but the concepts can be easily translated to other languages.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
|
