Hi everyone,
I'm using phpAdsNew2 and I would like to have a link/button on one of my websites that would take care of the logon process, i.e. would take me straight to the "main page" of my phpAdsNew2 without having to enter any username/password. So basically I'm trying to bypass the login page... but I can't make it work.
I thought it would be possible to use part of the code for the form in "lib-permissions.inc.php" and to change the <input> fields for username and password to <input type=hidden>, adding username/pw as value, and voila - I would have my automatic-logon-button. But I seem to have missed something.

It is all very difficult for someone not familiar with the file structure and the code structure to follow exactly what is happening in there, so I was hoping that someone with a bit more knowledge about this than me could help me out with this.

So my question is: what would the code be (using the form in lib-permissions.inc.php as a starting point) for creating a logon button that could be placed "outside my phpAdsNew"?

(It might seem like a silly request at first sight but I have a couple of good reasons. Anyway, this would not be a security risk for me since this logon button would be placed on a page which I'm the only visitor (pw protected))

Regards

Majjk

if it's a .htaaccess login you can use
http://username:password@www.domain.com then bookmark it

It's based on cookies and sessions, that's all I really know. I'm certainly not an expert when it comes to these kind of things... I suppose you have to have a look at the script in order to solve this.

Majjk

Try this;

In admin/lib-permissions.inc.php find (around line 286):

PHP Code:

if (phpAds_SuppliedCredentials())
    {
        // Trim spaces from input
$username  = trim($HTTP_POST_VARS['phpAds_username']);
        $password  = trim($HTTP_POST_VARS['phpAds_password']);
        $md5digest = trim($HTTP_POST_VARS['phpAds_md5']); 


And replace with:

PHP Code:

    if (phpAds_SuppliedCredentials())
    {
        // Trim spaces from input
        $username  = trim($HTTP_GET_VARS['phpAds_username']);
        $password  = trim($HTTP_GET_VARS['phpAds_password']);
        $md5digest = trim($HTTP_GET_VARS['phpAds_md5']); 


Then when your using your URL to gain access, stick in your username/password like:

http://mypath.com/ads/index.php?phpAds_username=myuser&phpAds_password=mypass

It might need to be a different file (isntead of index.php) but I think its index.php. The script has files all over the place, its confusing!

didn't work, but thanks anyway.
Looking at that form in admin/lib-permissions.inc.php (around line 462), is there something that will kill any variables passed to it? if I check for my variables (passed from some other page) BEFORE "function phpAds_LoginScreen($message='', $sessionID=0)" (line 448) then I will find my variables intact. if I try to call them later on in the form, then they are non existent!! I had some desperate plan that I could maybe pass my username/pw straight into the form as preset values and then somehow force a refresh of the page... it shouldn't be impossible to make it work, or?

to put a link from an html page just do this:

url/dir/page?nameofpasswordinform=yourpassword&nameofusern amefieldhere=yourusrename; and so on

already tried that, and it doesn't work. as I mentioned before, it seems like any incoming variables are killed off before the form is created (see details above). If I try to access my variables before this bit of the script, then my variables are intact. If I try to access my variables later on, in the form for example, then they are non existent. So here is the last bit of the file admin/lib-permissions.inc.php:


function phpAds_LoginScreen($message='', $sessionID=0)
{
global $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS;
global $phpAds_config, $phpAds_productname;
global $strUsername, $strPassword, $strLogin, $strWelcomeTo, $strEnterUsername, $strNoAdminInteface;

phpAds_PageHeader(phpAds_Login);

if ($phpAds_config['ui_enabled'] == true)
{
echo "<br>";
phpAds_ShowBreak();
echo "<br>";

echo "<form name='login' method='post' onSubmit='return login_md5(this);' action='".basename($HTTP_SERVER_VARS['PHP_SELF']);
echo (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING'] != '' ? '?'.$HTTP_SERVER_VARS['QUERY_STRING'] : '')."'>";
echo "<input type='hidden' name='phpAds_cookiecheck' value='".$HTTP_COOKIE_VARS['sessionID']."'>";
echo "<input type='hidden' name='phpAds_md5' value=''>";
echo "<table width='100%' cellpadding='0' cellspacing='0' border='0'><tr>";
echo "<td width='80' valign='bottom'><img src='images/login-welcome.gif'>&nbsp;&nbsp;</td>";
echo "<td width='100%' valign='bottom'>";
echo "<span class='tab-s'>".$strWelcomeTo." ".(isset($phpAds_config['name']) && $phpAds_config['name'] != '' ? $phpAds_config['name'] : $phpAds_productname)."</span><br>";
echo "<span class='install'>".$strEnterUsername."</span><br>";

if ($message != "")
{
echo "<div class='errormessage' style='width: 400px;'><img class='errormessage' src='images/errormessage.gif' align='absmiddle'>";
echo "<span class='tab-r'>$message</span></div>";
}
else
echo "<img src='images/break-el.gif' width='400' height='1' vspace='8'>";

echo "</td></tr><tr><td>&nbsp;</td><td>";
echo "<table cellpadding='0' cellspacing='0' border='0'>";

echo "<tr height='24'><td>".$strUsername.":&nbsp;</td><td><input class='flat' type='text' name='phpAds_username'></td></tr>";
echo "<tr height='24'><td>".$strPassword.":&nbsp;</td><td><input class='flat' type='password' name='phpAds_password'></td></tr>";
echo "<tr height='24'><td>&nbsp;</td><td><input type='submit' value='".$strLogin."'></td></tr>";
echo "</table>";

echo "</td></tr></table>";
echo "</form>";

phpAds_ShowBreak();

echo "<script language='JavaScript' src='md5.js'></script>";
echo "<script language='JavaScript'>";
?>
<!--
function login_md5(o) {
if (o.phpAds_password.value != '')
{
o.phpAds_md5.value = MD5(o.phpAds_password.value);
o.phpAds_password.value = '';
}

return true;
}

login_focus();
//-->
<?php
echo "</script>";
}
else
{
phpAds_ShowBreak();
echo "<br><img src='images/info.gif' align='absmiddle'>&nbsp;";
echo $strNoAdminInteface;
}


phpAds_PageFooter();
exit;
}



so basically if I would add VALUE=MYVARIABLE in this form, then nothing would show up because the variable has somehow in the process been killed.

Any ideas?

do this: instead of a link to the form put a link to the page the for goes to with the link above

if you dont use the login page then nothing can kill the variables and if you just use the authenticate page then it will take the variables from the url


( im not sure but thats what i do when i look at my homework over the internet, i get tired of typing in my teachers name and selecting the school so i just do the links to bypass the forms)