HTML Forum

**dgkindy** · 02-18-2011, 01:33 PM

I want to access a word document that is stored at a URL, but in order to get to it, I must pass through a security screen that requests my login and password. The login is saved so I just need to handle the password. Reviewing the source code below, the password is entered into an input field called password.

Reason for this is a I have several documents listed in a excel file that I want to grab automatically but do not want to enter my password over and over and save the files to my desktop.

I tried entering

Quote:

?password=mypassword

after the URL but did not work.

HTML Code:

http://libraries.com/download?fileid=113142650101&entity_id=9144640101&sid=101?password=mypassword

HTML Code:

<html>
<head>
<style type="text/css"> @import url(sso-styles.css);</style>
<!-- ~APC Validation Point:Login~ Do not alter text between the tildes! -->
<!-- Login Package Version 1.7.2   GIS - Service Request - #5812344 -->
<!-- End of Changes  from SSO Integration Team on- 11/05/2007  -->
 
<script type="text/javascript">
// SSO Login specific scripts and variables
var ns4 = (document.layers)? true:false;
var ie4 = (document.all)? true:false;
var LoginMode = "S";
var NTLMtarget = "http://gemeta2corpge.corporate.ge.com/ssosmal/"
function checkAutoLogin (mode,dest) {
 
 if (LoginMode == mode) {
  var gototarget = NTLMtarget + "ntprotected/autologin.asp?dest=" + dest;
  // For Automatic, do not allow back button to come back to login page
  if (LoginMode == "Y") {
   if (document.images)
    top.location.replace(gototarget);
   else
    top.location=gototarget;
  } else {
   top.location=gototarget;
  }
  return true;
 }
    return false;
}
function clearAutoLogin () {
 if (LoginMode == "1") {
   if (confirm("Confirm You wish to turn off One Click Login")) {
  deleteCookie ("SSOAutoLogin", "/", ".ge.com");
  top.location=top.document.URL;
   }
 }
 if (LoginMode == "Y") {
   if (confirm("Confirm You wish to turn off Automatic Login")) {
  deleteCookie ("SSOAutoLogin", "/",  ".ge.com");
  top.location=top.document.URL;
   }
 }
}
function goStandardLogin () {
 
 setCookie("SSOALFailed", "Y", "/", ".ge.com" );
 
 
 
    top.location=top.document.URL;
}
function setOneClickLogin () {
 if (LoginMode == "1") return;
 if (LoginMode == "Y") {
        var now = new Date();
        var expireDate = new Date();
        expireDate.setTime(now.getTime() + 60 * 24 * 60 * 60 * 1000);
        setCookie("SSOAutoLogin", "1", "/", ".ge.com", expireDate);
        top.location=top.document.URL;
    }
    if (confirm("You must first qualify for One Click Login in each domain.  Would you like to qualify now?")) {
  var QualURL = NTLMtarget + "qualify/qualify.asp?dest=" + document.login.ORIGTARGET.value ;
  top.location=QualURL;
   }
}
function setSemiAutoMode () {
 if (LoginMode != "1") return;
 var now = new Date();
 var expireDate = new Date();
 expireDate.setTime(now.getTime() + 60 * 24 * 60 * 60 * 1000);
 if (document.login.SemiAutoMode.checked) {
  if (confirm("Setting this SSO option will allow you to access SSO enabled application for 8 hours without re-entering you SSO ID or password.  To disable this option, clear your cookies in your browser.  Remember, you will not see a login page during this time period.  Would you like to set this option for today?")) {
   setCookie("SSOAutoLogin", "SA", "/", ".ge.com", expireDate);
    } else {
     document.login.SemiAutoMode.checked = false;
    }
 } else {
   setCookie("SSOAutoLogin", "1", "/", ".ge.com", expireDate);
 }
}
function rememberSSOID () {
 if (document.login.saveID.checked) {
  saveSSOID();
 } else {
  clearSSOID();
 }
}
function saveSSOID () {
  var currentSSOID = getCookies("ssouserid");
  if (currentSSOID != document.login.username.value && currentSSOID != null) {
    if (!confirm("The login screen is currently remembering the SSO User ID of  " + currentSSOID + ".  OK to change this to " + document.login.username.value + "?")) {
      return;
    }
  }
  var now = new Date();
  var expireDate = new Date();
  expireDate.setTime(now.getTime() + 365 * 24 * 60 * 60 * 1000);
  setCookie("ssouserid", document.login.username.value, "/", ".ge.com", expireDate);
  var SSOID = getCookies("ssouserid");
  if (SSOID == document.login.username.value && SSOID != currentSSOID) {
    alert ("SSO login screens used by your business are now set to remember and prepopulate your SSO User ID when accessed from this computer.  Please note that SSO login screens used by other businesses may not have this feature.  For your security, login screens do not remember your SSO Password.");
  }
}
function clearSSOID () {
  var SSOID = getCookies("ssouserid");
  if (SSOID == null || SSOID == "") {
    return;
  }
  if (confirm("Are you sure you no longer want this login screen to remember and prepopulate your SSO User ID?  Note: Clicking OK will not delete your SSO account.")) {
    deleteCookie ("ssouserid", "/",  ".ge.com");
    document.login.username.value = "";
    document.login.username.focus();
  }
  else { document.login.saveID.checked=true; }
}
function sso_onload(mode) {
 
 var allcookies = document.cookie;
  var smtryno = allcookies.indexOf("TRYNO=");
  if (smtryno != -1 ) {
   var smt = parseInt(getCookies("SMTRYNO"));
   document.login.smtryno.value=smt;
   }        
 
 
 if (mode == "1") {
    document.onkeypress = eventHandler;
      }
    else {
  var SSOID = getCookies("ssouserid");
  if (SSOID == null) SSOID="";
  if (SSOID == "") {
   document.login.username.focus();
  } else {
   document.login.username.value=SSOID;
   document.login.password.focus();
  }
 }
 //document.login.TARGET.value=QueryString("TARGET"); 
 checkAutoLogin("Y",document.login.ORIGTARGET.value);
 
}
 
function setCookie(name, value, path, domain, expires, secure) {
  var curCookie = name + "=" + escape(value) +
      ((expires) ? "; expires=" + expires.toGMTString() : "") +
      ((path) ? "; path=" + path : "") +
      ((domain) ? "; domain=" + domain : "") +
      ((secure) ? "; secure" : "");
  document.cookie = curCookie;
}
function getCookies(name) {
  var dc = document.cookie;
  var prefix = name + "=";
  var begin = dc.indexOf("; " + prefix);
  if (begin == -1) {
    begin = dc.indexOf(prefix);
    if (begin != 0) return null;
  } else
    begin += 2;
  var end = document.cookie.indexOf(";", begin);
  if (end == -1)
    end = dc.length;
  return unescape(dc.substring(begin + prefix.length, end));
}
function deleteCookie(name, path, domain) {
  if (getCookies(name)) {
    document.cookie = name + "=" +
    ((path) ? "; path=" + path : "") +
    ((domain) ? "; domain=" + domain : "") +
    "; expires=Thu, 01-Jan-70 00:00:01 GMT";
  }
}
function eventHandler() {
 if (event.keyCode == 13) validateForm();
}
 
function validateForm() {
 var msg  =   "Please enter the following values:" + "\n\n";
 var error=    false ;
 if (LoginMode == "1") {
  if (checkAutoLogin("1",document.login.ORIGTARGET.value)) return false;
  return false;
 } else {
  if(trim(document.login.username.value) == "") {
   msg = msg + "SSO User ID" + "\n\n";
   error = true;
  }
  if(trim(document.login.password.value) == "") {
   msg = msg + "SSO Password" ;
   document.login.password.focus();
   error = true;
  }
 }
 if (error) {
  alert(msg);
  return false ;
 } else {
  if (document.login.saveID != null) {
   if(document.login.saveID.checked){
    saveSSOID ();
   }
  }
  // here we put the code for checking the special character in uid and password 
 
  if(!validateUidAndPassword()){
   var allcookies = document.cookie;
   // alert(allcookies);
   var smtryno = allcookies.indexOf("TRYNO=");
   var ltargetUrl = "HTTP://libraries.ge.com/download?fileid=69594475101&entity_id=9144640101&sid=101";
 
     if (smtryno != -1 ) {
        var smt = parseInt(getCookies("SMTRYNO"));
        var newsmtry = smt+1;
 
        if (newsmtry >=10){
         location.replace("ssoMessage.jsp");
          }else{
          setCookie("SMTRYNO", newsmtry, "/", ".ge.com" );
          location.replace(ltargetUrl);
          }
      } else{
     setCookie("SMTRYNO", "1", "/", ".ge.com" );
     location.replace(ltargetUrl);     
    }
 
 
   return false;
  }
 
  //document.login.submit();
  return true;
 }
}
 
function validateUidAndPassword(){
 
var stringUID = document.login.username.value;
var stringPASS = document.login.password.value;
// alert("UID==>"+stringUID);
// alert("PASS==>"+stringPASS);
var iChars = " 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ@-_.[],'\"";
var iChars2 = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ@-_.";
 for (var i = 0; i < stringUID.length; i++) {
   if (iChars.indexOf(stringUID.charAt(i)) == -1){
     return false;
   }
 }
 for (var i = 0; i < stringPASS.length; i++) {
   if (iChars2.indexOf(stringPASS.charAt(i)) == -1){
    return false;
   }
 }
return true;
}
function trim(s) {
  var lTrim = /^\s+/;
  var rTrim = /\s+$/;
  var os = String(s);
  os = os.replace(rTrim, '');
  return os.replace(lTrim, '');
}
function openFAQ() {
  var URL = "https://www.ge-registrar.com/gecentral/ssofaqpage.jsp?i18n=en_US";
  var WindowName = "FAQ";
  window.open(URL,WindowName,
  'toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=no,copyhistory=no,width=500,height=550');
}
</script>
<SCRIPT LANGUAGE="JavaScript">
function QueryString(key)
{
        var value = null;
        for (var i=0;i<QueryString.keys.length;i++)
        {
                if (QueryString.keys[i]==key)
                {
                        value = QueryString.values[i];
                        break;
                }
        }
        return value;
}
QueryString.keys = new Array();
QueryString.values = new Array();
 
function QueryString_Parse()
{    
  var query = window.location.search.substring(1);
  var pairs = query.split("&");
 
         for (var i=0;i<pairs.length;i++)
        {
                var pos = pairs[i].indexOf('=');    
                if (pos >= 0)
                {
                        var argname = pairs[i].substring(0,pos);
                        var value = pairs[i].substring(pos+1);
                        QueryString.keys[QueryString.keys.length] = argname;
                        QueryString.values[QueryString.values.length] = value;
                }
        }
 
}
QueryString_Parse();
//<!-- Changes done by SSO Integration Team for Frames functionality with sso login page on 11/05/2007 -->
function fullScreen()
{
try 
{
if(top.document.frames.length>0) 
{
top.location.href=location.href
}
}
catch(e)
{
top.location.href=location.href
} 
}
//<!-- End of Changes done by SSO Integration Team for Frames functionality 11/05/2007 -->
</script>
<title>SSO LOGIN</title>
</head>
<!--
<body leftmargin="0" topmargin="0" marginheight="0" marginwidth="0" rightmargin="0" onload="sso_onload('S')">
-->
 
<!-- Changes done by SSO Integration Team for Frames functionality with sso login page on 11/05/2007 -->
<body leftmargin="1" topmargin="1" marginheight="1" marginwidth="1" rightmargin="1" onload="sso_onload('S');">
 
<!-- End of Changes done by SSO Integration Team for Frames functionality 11/05/2007 -->
<form name ="login"  autocomplete="off" action="/verify.fcc" method="POST" onSubmit="return validateForm()">
<input type="hidden" name="TARGET"   value="HTTP://libraries.ge.com/download?fileid=69594475101&entity_id=9144640101&sid=101">
<input type="hidden" name="ORIGTARGET" value="HTTP://libraries.ge.com/download?fileid=69594475101&entity_id=9144640101&sid=101">
<input type="hidden" name="SMAGENTNAME" value="ZYcL1zjpZV0QJ5gbMUlrn9krsKiAz6/ERSnOf3vazWdOVeUf2B0hhw==">
<input type="hidden" name=smauthreason value=0>
<input type='hidden' name=smtryno value=0 >
<input type='hidden' value=1 name=lsubmit>
<input type="hidden" name="REALM"  value=null>
<input type="hidden" name="DOMAIN" value=null>
 <input type="hidden" name="postpreservationdata" value="">
 
<div align="center">
<!-- start header table-->
<table border="0" cellpadding="0" cellspacing="0" width="800">
 <tr bgcolor="#3B73B9">
  <td width='526'><img src='img/sso_header.gif' alt='' border='0'></td>
<td width='274' class='Masthead' align='left' valign='center'>
Single Sign On
  </td>
 </tr>
</table>
<!--end lheader table-->
</div>
<div align="center">
<!--start main content table divided into 3 main columns and two gutter columns-->
<table border="0" cellpadding="0" cellspacing="0" width="772" bgcolor="#ffffff">
 <tr>
  <td><img src="img/s.gif" width="182" height="30" alt="" border="0"></td>
  <td><img src="img/s.gif" width="70" height="1" alt="" border="0"></td>
  <td><img src="img/s.gif" width="250" height="1" alt="" border="0"></td>
  <td><img src="img/s.gif" width="10" height="1" alt="" border="0"></td>
  <td><img src="img/s.gif" width="260" height="1" alt="" border="0"></td>
 </tr>
 <tr>
  <td>&nbsp;</td>
  <td colspan="4" align="left" valign="top"><div class='Header'>
   Enter your User ID and Password to Login
  </div>
  </td>
 
  </tr>
 <tr>
  <!--start left navigation column-->
  <td rowspan="3" align="left" valign="top" width="182">
   <table>
 
    <tr><td>
     <div  id="nav2">
     <ul class='breadcrumb'>
     <li><span><a href='https://www.ge-registrar.com/gecentral/genericReg.jsp'>Sign Up Now!</a></span></li>
<li><span><a href='javascript:openFAQ();'>Need Help?</a></span></li>
<li><span><a href='https://www.ge-registrar.com/gecentral/modify.jsp'>Modify Your Account</a></span></li>
<li><span><a href='http://passwordreset.ge.com'>Synchronize your Password</a></span></li>
<li><span><a href='https://www.ge-registrar.com/gecentral/getuid.jsp'>Forgot your User ID?</a></span></li>
<li><span><a href='https://www.ge-registrar.com/gecentral/reset.jsp'>Forgot your Password?</a></span></li>
     </ul>
     &nbsp;
     </div>
    </td></tr>
     </table>
  </td>
  <!--end left navigation column-->
  <td rowspan="3" width="30"></td>
  <!--start center content area-->
  <td colspan="3" align="left" valign="top">
  </td>
  </tr>
  <tr>
  <td align="left" valign="top" class="GlbText">
   <table cellspacing="0" cellpadding="0" border="0" class="formLayout" >
   <tr><td>&nbsp;</td></tr>
   <tr valign="top">
   <td colspan="3"  height="42">
   <label for='username'><b>User ID:</b></label>
<span class='inputWrapper'><input type='text' name='username' id='username'  maxlength='64' class='text' /></span>
   </td>
   </tr>
 
   <tr valign="top">
   <td colspan="3"  height="42">
    <label for='password'><b>Password:</b></label>
    <span class='inputWrapper'><input type='password' name='password' id='password' maxlength='30' class='text' /></span>
   </td></tr>
 
   <tr>
   <td colspan="3" height="36" class="link">
   <script>
 
    if(! getCookies("ssouserid")){
     document.write("<INPUT type='checkbox' name='saveID' class='checkbox' onclick='javascript:rememberSSOID();'>");
    } else {
     document.write("<INPUT type='checkbox' checked='checked' name='saveID' class='checkbox' onclick='javascript:rememberSSOID();'>");
    }
    document.write("&nbsp;<label class='inlineLabel'>Remember my SSO User ID</label>&nbsp;");
 
   </script>
   </td>
   </tr>
   <tr>
   <td valign="center" height="36">
    <input class="Submit" type="submit" value="Log In" name="Submit">
   </td>
   <td valign="center">&nbsp;&nbsp;
   <img src='img/navBul02.gif' alt='' border='0'>
    &nbsp;</td>
   <td valign="center">
   <span class='link'><a href='https://www.ge-registrar.com/gecentral/reset.jsp'>Forgot your Password?</a></span>
   </td>
   </tr>
   </table>
  </td>
  <!--end center content area-->
  <td width="10"></td>
  <!--start right content area 3rd column-->
  <td align="left" valign="top">
   <div id="RightContent">
   <ul class='relatedLinks'>
   <li><a href='https://www.ge-registrar.com/gecentral/ssofaqpage.jsp'>Learn More </a>
<div class='GlbText'>It's easy to get secure access to all of your applications with just one User ID and Password! Find out how Single Sign On can simplify your accounts now.</div></li>
<li><a href='https://www.ge-registrar.com/gecentral/genericReg.jsp?TARGET=HTTP://libraries.ge.com/download?fileid=69594475101&entity_id=9144640101&sid=101
'>Sign Up </a>
<div class='GlbText'>If you don't have a Single Sign On User ID and Password yet, sign up now!</div></li>
<li><a href='http://security.ge.com/?TARGET=HTTP://libraries.ge.com/download?fileid=69594475101&entity_id=9144640101&sid=101
'>Security Is Your Responsibility</a>
<div class='GlbText'>Report all security concerns and incidents to security.ge.com</div></li>
  </ul>
  </div>
  </td>
  <!--end right content area-->
  <!-- new code start -->
  <!-- new end -->
  </tr>
  <tr>
  <td colspan="3" align="left" valign="top" class="GlbText">
 
  <script>
 
          document.write("<div id='PassBox' style='visibility:hidden'>");
    document.write("<div class='HeaderErr'>Incorrect User ID or Password </div>");
    document.write("The information that you have entered is incorrect.&nbsp;&nbsp;");
    document.write("If you are still having problems logging in, contact your local help desk. ");
    document.write("</div>");
 
    var allcookies = document.cookie;
   // alert(allcookies);
   var retry = allcookies.indexOf("SMTRYNO=");
   if (retry != -1) {
    document.getElementById("PassBox").style.visibility="visible";
   }
   else if ("N" == "Y") {
    document.getElementById("PassBox").style.visibility="visible";
    document.getElementById("PassBox").innerHTML="Your SSO session has timed out. Please re-enter your SSO ID and Password to access this application.";
    // document.write("<div id='PassBox'>");
    // document.write("Your SSO session has timed out. Please re-enter your SSO ID and Password to access this application.");
    // document.write("</div>");
   } else {
    document.write("&nbsp;");
   }
  </script>
  </td>
 </tr>
 </table>
 <!--start footer row-->
 <table border="0" cellpadding="0" cellspacing="0" width="772" bgcolor="#ffffff">
 <tr>
  <td class="Copy" align="left">
  Copyright General Electric Company 2000-2011
  </td>
  <td class="Copy" align="right">
  Login page hosted by: GE Corporate
  </td>
 </tr>
 <!--end footer row-->
 </table>
<!--end main content table divided into 3 columns-->
</div>
</form>
 
</body>
</html>

**chrishirst** · 02-18-2011, 04:35 PM

Probably needs to be POSTed, passwords should NEVER be sent in a URL.

HTML Forum

Find a Professional HTML Freelancer!

FREE Outsourcing eBook!