By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
462,143 Members | 722 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 462,143 IT Pros & Developers. It's quick & easy.

How to bypass a login page from a form submit

P: 5
I have a bit of a strange problem. I thought it would be possible at first but now I don't know.

I have a friend who licenses a service from a website, they give him client logins and he lets his clients have access to some of the features. What he wants is this:

1. His client goes to his website and enters login information. They hit submit.

2. The site then goes over to the third party site, enters the clients login info and hits submit.

We essentially want to mask that third party sites login page from the user. They can see it for a second but they never have to go there and enter their information.

Possible? I keep thinking it would work if we launch a pop up but that's where my knowledge totally putters out. Any help would be greatly appreciated! Thanks!
Jun 1 '10 #1
Share this Question
Share on Google+
7 Replies

gits
Expert Mod 5K+
P: 5,390
are those second login credentials the same as for the first one? ... there is nothing you could really do with JavaScript here ... since it is another domain and trying to script something would be considered as a XSS = cross site scripting attack that a browser wouldn't allow. you would need to know how the login of the third party page would work ... perhaps you might pass the credentials through an url-querystring directly so that the login-form could be avoided for example ... so it could be that:

Expand|Select|Wrap|Line Numbers
  1. http://some-url.domain?user=foo&password=bar
would work. you would need to check the loginpage's source to identify the field-names and adapt the shown query-string to your needs
Jun 1 '10 #2

P: 5
Yes this totally makes sense! The login credentials would be the same.

I am waiting for a set of temporary credentials, I will give it a try. That definitely seems a lot easier too. Hope it works! Thanks so much.
Jun 1 '10 #3

P: 5
ack. unfortunately this doesnt work. It just sits there on the login page.

Would I have to do anything special if the fields were set to user.username and user.password?
Jun 1 '10 #4

gits
Expert Mod 5K+
P: 5,390
what is the form action? ... how does your url basically look like?
Jun 1 '10 #5

P: 5
@gits
this is on the ../ch/dashboard page

Expand|Select|Wrap|Line Numbers
  1. <form action="/ch/login" method="POST">
  2.  
  3.             <fieldset>
  4.                 <p>
  5.                 </p>
  6.  
  7.                 <p><label for="chUsername">Username: </label>     <input type="text" id="user.username" name="user.username" value="" class="focusOnMe"    >
  8.  
  9.  </p>
  10.                 <p><label for="chPassword">Password: </label>     <input type="password" id="user.password" name="user.password" value=""     >
  11.  
  12.  </p>
  13.                 <button type="submit" class="btnLogin"><span>Log in</span></button>
  14.  
  15.                 <input type="hidden" name="destination" id="destination" value="/ch/dashboard" />
  16.             </fieldset>            
  17.         </form>
Jun 1 '10 #6

gits
Expert Mod 5K+
P: 5,390
@hmmboldt
the url should look like:
Expand|Select|Wrap|Line Numbers
  1. http://.../ch/login?user.username=foo&user.password=bar
it might be that it will not work, when the serverside script explicitly awaits POST parameters (with the url we just send it via GET) ... then you cannot really bypass the page ... except by asking the provider to get a possibility that you might use.
Jun 1 '10 #7

P: 5
Yeah it just doesn't go.

I have pretty much told my friend the same thing. He needs to ask them for some help with this one.

Thank you so much for all of the help!
Jun 1 '10 #8

Post your reply

Sign in to post your reply or Sign up for a free account.