Text only | Text with Images

coppermine-gallery.com/forum

Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: macnlos on November 07, 2007, 07:04:01 PM

Title: How to encode a URL for auto-login
Post by: macnlos on November 07, 2007, 07:04:01 PM
I've got family members within a secure website and I want to create a single link to transfer them into CPG.  I'm hoping there is some way to encode something like the following URL so the don't have to login.  Guest access is turned off on CPG, I don't want non-family members to view the gallerys.

LINK:  http://www.mysite.com/gallery/login.php?username=xxxxxx&password=yyyyyy

Is this possible and does someone have an example?  If not I could create a single button form page that would pass the variables with predefined values and mimic what the login.php does.

Thanks,
CR
Title: Re: How to encode a URL for auto-login
Post by: macnlos on November 07, 2007, 07:11:27 PM
Sorry about that URL link above...  It's not a real link, just a sample I did find it goes to some advertising based site.  I really didn't mean to do that...  :(
Title: Re: How to encode a URL for auto-login
Post by: Nibbler on November 07, 2007, 07:34:48 PM
If you are sure that you are aware of the security risks, you can mod login.php

Code Select

if (isset($_POST['submitted'])) {
    if ( $USER_DATA = $cpg_udb->login( addslashes($_POST['username']), addslashes($_POST['password']), isset($_POST['remember_me']) ) ) {


change the 3 $_POSTs to $_REQUESTs and add &submitted=yes to your sample link.

PS. When posting example links use example.com; it's reserved for that purpose.
Title: Re: How to encode a URL for auto-login
Post by: macnlos on November 07, 2007, 09:46:34 PM
That worked like a charm!  Here is what I changed for anyone else's reference:

<install-directory>/login.php

Code Select

if (isset($_REQUEST['submitted'])) {^M
    if ( $USER_DATA = $cpg_udb->login( addslashes($_REQUEST['username']), addslashes($_REQUEST['password']), isset($_REQUEST['remember_me']) ) ) {


From a URL perspective I'm now passing something like:
http://www.example.com/gallery/login.php?username=somebody&password=something&remember_me=1&submitted=yes
Title: Re: How to encode a URL for auto-login
Post by: Joachim Müller on November 08, 2007, 08:30:16 AM
Good to hear that this worked for you, and thanks for resolving your thread. Just for the benefit of others who might be looking for a similar thing: the solution posted in this thread is very, very bad in terms of security - passing a username and password along in the URL is a no-no unless you really know what you're doing and unless you have made sure to secure your entire gallery by other mechanisms. This hack is imo only for local family networks, but definitely not fit for usage on the www.
Text only | Text with Images