sphinx Posted October 29, 2011 Share Posted October 29, 2011 Hi there! I'm not sure which section this questions belongs in however, it seems to fit well in PHP. Basically, I'm using this link to directly log me into the cPanel webmail: http://website.com:2095/[email protected]&pass=123 Which would log me into webmail with the details as: username: [email protected] password: 123 This works perfectly on FireFox, but on Internet Explorer, the popup login box still occurs. Why is this? Thanks Quote Link to comment https://forums.phpfreaks.com/topic/250036-php-link-question/ Share on other sites More sharing options...
xtopolis Posted October 29, 2011 Share Posted October 29, 2011 It's probably logging you in based on cookies, not that link. Quote Link to comment https://forums.phpfreaks.com/topic/250036-php-link-question/#findComment-1283207 Share on other sites More sharing options...
doddsey_65 Posted October 29, 2011 Share Posted October 29, 2011 Login values ( username and password ) are never passed through the URL, and I'd be very suprised if they were. Like said above its probably due to the fact that firefox has thelogin cookies so it logs you in, but IE doesn't. Quote Link to comment https://forums.phpfreaks.com/topic/250036-php-link-question/#findComment-1283218 Share on other sites More sharing options...
sphinx Posted October 30, 2011 Author Share Posted October 30, 2011 Sorry to burst your bubble, but it actually is, check this out (you must use firefox though): http://kadio.co.uk:2095/[email protected]&pass=123 Quote Link to comment https://forums.phpfreaks.com/topic/250036-php-link-question/#findComment-1283420 Share on other sites More sharing options...
xtopolis Posted October 30, 2011 Share Posted October 30, 2011 Ok Works in chrome 14.0.835.202 m Works in IE: 9.0.8112.16421 by clicking that link you sent me. The fact that that works scares me. Quote Link to comment https://forums.phpfreaks.com/topic/250036-php-link-question/#findComment-1283487 Share on other sites More sharing options...
PFMaBiSmAd Posted October 30, 2011 Share Posted October 30, 2011 The php code is either using $_REQUEST (instead of $_POST) or it has register_globals turned on, both of which should be avoided. For either case, it also means that the code is not testing if the (any) form was submitted before using any of the submitted data. Edit: The site is also using basic HTTP authentication (the first popup login box) and I would guess is likely rewriting or redirecting the URL to supply it with a URL something like http://username:[email protected]:2095 Quote Link to comment https://forums.phpfreaks.com/topic/250036-php-link-question/#findComment-1283488 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.