Home General support

Parsing credential with the URL string - POSSIBLE?

WiZaxx Member
in General support
Hi there,
I've searced the forum but have not found an answer:
Is it possible to parse the username and password in the URL?

Thank you
Wz

Comments

  • sbillard Member
    I don't really understand your question. There is no usercode/password in the URLs, logins are done through form postings. It also would not be a good idea to put these credentials in an URL as it would negate any security that these might otherwise provide.

    Maybe you should try to describe what you wish to accomplish.
  • WiZaxx Member
    Thanks for the response.
    I have integrated zen with fengoffice, so I would like to have my fengoffice users to be able to login to zen bypassing the login screen.

    My idea was to make a URL link with the credential. (that is only accessible once logged in fengoffice).

    Is there a better way that doesn't involve coding? Yes I'm a code challenged person :)
    Cheers,
    Wz
  • Blue Dragonfly Member
    I believe what you're trying to accomplish could be done by crafting a POST request to the zenphoto login URL, putting the username and password as POST fields, but not in the URL itself. Adding credentials to the URL wouldn't be seen by zenphoto, since it doesn't expect them there (and rightly so!) - that is a big security risk. Just imagine Google caching a link containing a username/password, or someone bookmarking the page and someone else being able to login as them from that bookmark.

    So I think a reasonable solution would be to generate a link not containing the credentials, but that executes a script in fengoffice which creates a POST request (a form submission) setting all the same variables as the zenphoto login page, sending this to the zenphoto lgin URL (which simulates clicking "Submit" / "Login" from the form itself), and then forwarding the user to zenphoto once the response is received.
  • acrylian Administrator, Developer
    So you are after a single login actually? Then take a look at the lib-auth.php in the current nightly (it changed since 1.2.9), it allows to have a custom procedure that you possibly could tie together with fenoffice which I know. sbillard is actually the expert on that and I think there has been a similar thread on this some weeks back.
  • WiZaxx Member
    Thank you all,
    I will try to search the forums for single login then.

    Cheers,
    Wz
  • sbillard Member
    Also look at the hacks on the Zenphoto WEB pages. There is a "single logon" hack there that might work. It is pretty old, though, so may not work with current versions of zenphoto.
Sign In or Register to comment.