Jump to content

Username and password in a login link?

fluvly

By fluvly
in PHP Coding Help

 Share

Recommended Posts

fluvly Newbie

fluvly

Posted
Posted

I need to create a login link which includes username and password (taken from an intranet), so that when the user clicks it, he gets automatically logged in the website, without going to the login page.

 

Is it safe to include the username and password in the url?

 

I know nothing about is, and what the most secure way of doing it is. Any help on the matter would be really welcome!

 

Link to comment
Share on other sites
oni-kun Member

oni-kun

Posted
Posted

I need to create a login link which includes username and password (taken from an intranet), so that when the user clicks it, he gets automatically logged in the website, without going to the login page.

 

Is it safe to include the username and password in the url?

 

I know nothing about is, and what the most secure way of doing it is. Any help on the matter would be really welcome!

 

Is their password on the site database? 

$_GET['pass'] = md5($_POST['pass']);

 

For example, send the md5 hash and compare it on the actual website. 'if $dbpass = md5($_GET['pass']) ...'

Link to comment
Share on other sites
manwhoeatsrats Newbie

manwhoeatsrats

Posted
Posted

I need to create a login link which includes username and password (taken from an intranet), so that when the user clicks it, he gets automatically logged in the website, without going to the login page.

 

Is it safe to include the username and password in the url?

 

I know nothing about is, and what the most secure way of doing it is. Any help on the matter would be really welcome!

Unless your password is hashed with something like md5 I would not recommend sending it as a GET variable, as anyone standing there could see the password. 

If the password is md5, I would not be concerned to much.....of course the URL might be captured because of browser history..

In my opinion it would be better to set it so when the link is clicked it sets a session variable

 

 

Link to comment
Share on other sites
laffin Newbie

laffin

Posted
Posted

I would have to agree with iPixel, sending username/passwords over a uri is pretty simple in just memorizing the uri, in order to use the account elsewhere.

 

I would take some information, from user records, browser info, ip, and maybe other data to create a md5 token, store this in the user record for lookup.

and also store this into a cookie. so you can lookup the cookie in the user records

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.