dcsimg
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 12 of 12

Thread: Auto login to external website

  1. #1
    Join Date
    Apr 2010
    Posts
    6

    Auto login to external website

    Hello!!!
    This is an external .CGI site that I do not have access to. The user(s) want to auto login. i.e. just open up or navigate to a site that will auto log them in. I have tried on my own to do this just by modifying the current code but can't get it. I was hoping for ideas on where to get a fresh start. I am not much of a web coder... only a Windows guy. Here is the code from the website.

    Code:
     
     
    <html>
    <head>
    <script> 
    document.domain="medcity.net";
    </script>
    <meta http-equiv="Content-Language">
    <meta http-equiv="Content-Type" content="text/html">
    <meta name="robots" content="none">
    <title>Instant Virtual Extranet</title>
     
    <script src="/dana-na/css/ds.js"></script>
    <script> 
            WriteCSS();
    </script>
    <noscript>
    <link rel="stylesheet" href="/dana-na/css/ds.css">
    </noscript>
     
    <script>
    <!--
    if (window.top != self) {
    	top.location = location;
    }
    if(window.name == "newpincancel" || window.name == "nexttokencancel") {
       window.close();
    }
    //--></script>
    <script src="/dana-na/auth/lastauthserverused.js"></script>
    <script> 
     
    function deletepreauth() {
        document.cookie = "DSPREAUTH="+ escape("")+ ";path=/dana-na/;expires=12-Nov-1996";
    }
    </script>
     
    </head>
     
    <body onload="FinishLoad(1);" bgcolor="#FFFFFF" color="#000000" link="#3366CC" vlink="#CC6699" alink="#3366CC" leftmargin="0" topmargin="0" rightmargin="0" marginwidth="0" marginheight="0">
     
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
    	<tr height="46" align="left">
    		<td colspan="2">
    		<a href="http://www.hcahealthcare.com/"><img style="border:0px;padding:10px;margin:10px;" src="HCALogo2007.gif"></a></td>
    	</tr>
    	<tr height="30">
    		<td bgcolor="#6293A3" colspan="2"></td>
    	</tr>	
     
    </table>
    <table cellpadding="0" cellspacing="0" border="0" width="100%">
            <tr>
                    <td bgcolor="#000000" colspan="2"><img border="0" src="/dana-na/auth/url_40/imgs/space.gif" width="1" height="1"></td>
            </tr>
    </table>
    <blockquote>
     
    <form name="frmLogin" action="login.cgi" method="POST" autocomplete="off">	
    	<input type="hidden" name="vpnOriginalSubmit" onclick="javascript:return originalSubmit()">
            <input type="hidden" name="tz_offset">
            <table border="0" cellpadding="2" cellspacing="0">
                                            <tr>
                                                    <td nowrap  colspan="3"><b>Welcome to the</b></td>
                                            </tr>
                                            <tr>
                                                    <td nowrap  colspan="3"><span class="cssLarge"><b>HCA Simplified Remote Access</b></span></td></tr>
                                          
                                            <tr>
                                                  <td colspan="3">&nbsp;</td>
                                            </tr>
     
     
    				<tr>
    				
                                    <td valign="top">
                                    
                                            <table border="0" cellspacing="0" cellpadding="2">
     
     
     
    													<tr>
    														<td>username</td>
    														<td>&nbsp;</td>
    														<td><input type="text" name="username" size="50" maxlength="50"></td>
    													</tr>
     
     
    													<tr>
    														<td>password</td>
    														<td>&nbsp;</td>
    														<td><input type="password" name="password" size="50" maxlength="50"></td>
    													</tr>
     
     
     
                                                    <tr>
     
    								<td colspan="3">
    									<input type="hidden" name="realm" value="West Florida RSA AA">
    								</td>
     
                                                    </tr>
                                             
                                                    <tr>
                                                            <td>&nbsp;</td>
                                                            <td>&nbsp;</td>
                                                            <td><input type="submit" value="Sign In" name="btnSubmit" disabled  onclick="javascript:return glue('Login')">&nbsp;
     
    </td>
                                                    </tr>										
    					
    										
     
                                            </table>
                                  
                            </td>
                            <td valign="top">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
    			<td valign="top"><table border="0" cellspacing="0" cellpadding="2">
    <tr><td>Please sign in to begin your secure session.<br><br><noscript>Note: Javascript is disabled on your browser.</noscript></tr></td></table></td>
    	</tr>	
            </table>
    	<table cellspacing="0" border="0" cellpadding="0">
    		<tr>
    			<td>
    			  <div style="color:#1E4677;">
    				<div style="color:red;font-weight:bold">Notice:</div>
    				<div style="font-weight:bold">Please ensure you have the correct link to Enhanced Simplified Remote Access in order to avoid potential connection issues.</div>
    				<br>
    				Your link should look like this: <span style="color:blue;font-style:italic;font-weight:bold">https://divisionra.clio.medcity.net</span><br>
    				To correct your link, remove any characters after ".net". Create a new bookmark to the correct link.<br>
    				Delete any existing bookmarks containing incorrect links such as <span style="color:blue;font-style:italic;font-weight:bold">https://divisionra.clio.medcity.net/dana-na/auth/url_xx/welcome.cgi</span>
    				<br>
    				<br>
    				
    				Contact your local IT Help Desk for additional assistance.
    			  </div>
    				
    			</td>
    		</tr>
    		<tr><td>&nbsp;</td></tr>
    		<tr>
    			<td>
    				<h5>By proceeding further I accept the following:  </h5>					
    			</td>
    		</tr>
    		<tr>
    			<td>
    				You are about to access an HCA - Information Technology & Services, Inc. (IT&S) computer system. This system is to be used only by authorized users of IT&S, its customers and affiliates. As a user of this system, you have no expectation of privacy rights or ownership in anything you may create, store, send or receive on this system. By proceeding, your use of this system constitutes your consent to monitoring, retrieval, and disclosure of any information within this system for all purposes deemed appropriate by IT&S, including enforcement of rules concerning unacceptable uses of this system. If you have any questions about what constitutes an acceptable use by you, please consult the written policies provided by IT&S and your company.
    			</td>
    		</tr>
    		<tr>
    			<td><img src="/dana-na/auth/url_40/imgs/space.gif" width="10" height="10"></td>
    		</tr>
    		<tr>			
    			<td>
    				<a onclick="javascript:return glue('ChangePassword');" href="#"> Change Password </a>
    				&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
    				&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
    				<a onclick="javascript:return resetPassword();" href="#"> Forgot Password </a>
    			</td>
    		</tr>
    	</table>
    	</form>
    </blockquote>
    </table>
     
    <table border="0" cellspacing="0" cellpadding="0" width="100%">
    	<tr>
    		<td>
    			<table cellpadding="0" cellspacing="0" border="0" width="100%">
            <tr>
    					<td><img src="/dana-na/auth/url_40/imgs/space.gif" width="10" height="10"></td>
    					<td><img src="/dana-na/auth/url_40/imgs/space.gif" width="1" height="2"></td>
    					<td><img src="/dana-na/auth/url_40/imgs/space.gif" width="10" height="10"></td>
            </tr>
    				<tr valign="top">
    					<td><img src="/dana-na/auth/url_40/imgs/space.gif" width="10" height="1"></td>
    					<td nowrap ><br><br><br><br>
    					<td align="right"><img src="/dana-na/auth/url_40/imgs/space.gif" width="10" height="10"></td>
            </tr>
    			</table>
    		</td>
            </tr>
            <tr>
    		<td colspan="2"><img border="0" src="/dana-na/auth/url_40/imgs/space.gif" height="6" width="1" alt=""></td>
            </tr>
    </table>
    </body>
     
    <script> 
    function trim(stringToTrim) {
    	return stringToTrim.replace(/^\s+|\s+$/g,"");
    }
     
    function glue(userAction)
    {
    	if (document.frmLogin.btnSubmit.disabled)
    			return false;
    	var username = document.frmLogin.username.value;
    	var pwd = document.frmLogin.password.value;
    	if ( trim(username).length > 0 && trim(pwd).length > 0 ) {
    		try {
    			window.aa_forensic.document.forms['LoginForm'].username.value = username;
    			window.aa_forensic.document.forms['LoginForm'].domainName.value = window.location.hostname;
    			window.aa_forensic.document.forms['LoginForm'].userAction.value = userAction;
    			window.aa_forensic.document.LoginForm.submit();
    			document.frmLogin.btnSubmit.disabled=true;
    			//setTimeout("originalSubmit()", 6000);
    			return false;
    		} catch ( e ) {
    			alert( "exception " + e );
    			return false;
    		}
    	}
    	else {
    		if(trim(username).length <= 0 )
    		{
    			alert("Please enter username");
    			return false;
    		}
    		if(trim(pwd).length <= 0 )
    		{
    			alert("Please enter password");
    			return false;
    		}		
    		return false;
    	}
    	
    }
     
    function resetPassword()
    {
    	var reset_window = window.open("https://rsaintegration.app.medcity.net/Integration/resetPasswordUserId.jsp", null, 'width=850,height=600,scrollbars=yes' );
    	reset_window.focus();
    }
     
    function originalSubmit() {
    	Login(1);
    //	document.frmLogin.password.value = window.location.hostname + '~' + document.frmLogin.password.value;
    	document.frmLogin.submit();
    }
    </script>
     
     
     
    <iframe src='https://rsaintegration.app.medcity.net/Integration/RedirectToAAFlow.do' frameborder='0' width='0' height='0' id='aa_forensic' name='aa_forensic'></iframe>
     
     
    </html>
    Thanks for your time!!

  2. #2
    PeejAvery's Avatar
    PeejAvery is offline Super Moderator Power Poster
    Join Date
    May 2002
    Posts
    10,943

    Re: Auto login to external website

    If the server-side does not check for the HTTP-referrer...than just copy the form. Change the value for the username and password. Then submit the form.
    If the post was helpful...Rate it! Remember to use [code] or [php] tags.

  3. #3
    Join Date
    Apr 2010
    Posts
    6

    Re: Auto login to external website

    If the server-side does not check for the HTTP-referrer...than just copy the form. Change the value for the username and password. Then submit the form.
    Let's assume it does do a server-side check.

    Would it make a difference if I had the actual website load in a seperate frame? That way the server-side check wouldn't matter.

  4. #4
    PeejAvery's Avatar
    PeejAvery is offline Super Moderator Power Poster
    Join Date
    May 2002
    Posts
    10,943

    Re: Auto login to external website

    If the server is checking the HTTP referrer, then you won't be able to login without spoofing those headers.

    But, have you tried just duplicating the form and submitting it with the username and password?
    If the post was helpful...Rate it! Remember to use [code] or [php] tags.

  5. #5
    Join Date
    Apr 2010
    Posts
    6

    Re: Auto login to external website

    I tried to do 2 things with the end result of the page failing to load after I clicked submit. It very well could be a coding problem on my end.

    Code:
    <td><input type="submit" value="Sign In" name="btnSubmit" disabled  onclick="javascript:return glue('Login')">&nbsp;
    I either set it to "enabled onclick" or I removed that attribute entirely that way the submit button would be enabled. (When I copied the website the submit button was always disabled)

    Code:
    <form name="frmLogin" action="login.cgi" method="POST" autocomplete="off">
    I set the action="" to the full http:// link to the login.cgi file.
    Last edited by homeshark; April 18th, 2010 at 12:16 PM. Reason: correction

  6. #6
    PeejAvery's Avatar
    PeejAvery is offline Super Moderator Power Poster
    Join Date
    May 2002
    Posts
    10,943

    Re: Auto login to external website

    You're missing what I'm saying...Try the following.

    Code:
    <form action="http://domain.com/path/to/login.cgi" method="POST">
    <input type="hidden" name="vpnOriginalSubmit" />
    <input type="hidden" name="tz_offset" />
    <input type="hidden" name="realm" value="West Florida RSA AA" />
    
    <input type="text" name="username" size="50" maxlength="50" value="" />
    <input type="password" name="password" size="50" maxlength="50" value="" />
    </form>
    <script type="text/javascript">
    document.forms[0].submit();
    </script>
    If the post was helpful...Rate it! Remember to use [code] or [php] tags.

  7. #7
    Join Date
    Apr 2010
    Posts
    6

    Re: Auto login to external website

    Code:
    <form action="http://domain.com/path/to/login.cgi" method="POST">
    <input type="hidden" name="vpnOriginalSubmit" />
    <input type="hidden" name="tz_offset" />
    <input type="hidden" name="realm" value="West Florida RSA AA" />
    
    <input type="text" name="username" size="50" maxlength="50" value="" />
    <input type="password" name="password" size="50" maxlength="50" value="" />
    </form>
    <script type="text/javascript">
    document.forms[0].submit();
    </script>
    Well, when I only fill in the path to the login.cgi, it brings me to their site saying invalid u/p. When I fill in the value="" also it looks like it gets stuck on the login.cgi and errors out. I am assuming then that they have the server side reference check. I also made sure to login correctly before hand that way a cookie gets created that remembers my computer
    Last edited by homeshark; April 18th, 2010 at 02:50 PM. Reason: additional info

  8. #8
    Join Date
    Mar 2010
    Posts
    52

    Re: Auto login to external website

    u can try this,


    Code:
    <html>
    <head>
    
    <script type="text/javascript">
    
    function autoLogin() {
    document.webservices.submit();
    } 
    </script>
    
    </head>
    
    <a href="javascript:autoLogin()">Log me automatically in</a>
    
    <BODY>
    <form name="webservices" method=post action="http://www.xxxxx.com/login.php" target="new_window" onSubmit="window.open('', 'new_window', 'width=450,height=300,status=yes,resizable=yes,scrollbars=yes)"> 
    <input type=hidden id=UserName name="username" value="yyyyy"/>
    <input type=hidden id=Password name="password" value="zzzzz"/>
    </form>
    
    </body>
    </html>

  9. #9
    Join Date
    Apr 2010
    Posts
    6

    Re: Auto login to external website

    I had to add
    Code:
    <input type="hidden" name="realm" value="West Florida RSA AA">
    to give it the best fight but it either comes back saying invalid U/P or times out.

    Looks like I'll have to do this the harder way. Anyone recommend any open source or 3rd party program that will replay keystrokes. That way I can get the user to a specific part in the website?

    -Chase

  10. #10
    PeejAvery's Avatar
    PeejAvery is offline Super Moderator Power Poster
    Join Date
    May 2002
    Posts
    10,943

    Re: Auto login to external website

    If you look at your original post, you will see that the form is calling the JavaScript function named glue(). That is comparing the forms and submitting another form. You'll need to make both of those forms to get this to work.
    If the post was helpful...Rate it! Remember to use [code] or [php] tags.

  11. #11
    Join Date
    Apr 2010
    Posts
    6

    Re: Auto login to external website

    I'm not really sure what GLUE is... when I downloaded the site I didn't see any gluw.js files or alike...

  12. #12
    PeejAvery's Avatar
    PeejAvery is offline Super Moderator Power Poster
    Join Date
    May 2002
    Posts
    10,943

    Re: Auto login to external website

    It's not in an external script, it's at the bottom of the page.
    If the post was helpful...Rate it! Remember to use [code] or [php] tags.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Windows Mobile Development Center


Click Here to Expand Forum to Full Width




On-Demand Webinars (sponsored)