Autologin with User and Password in URL when opening a php site


I have the following code for the login to a time tracker portal:


require_once('initialize.php'); import('form.Form'); import('ttTeamHelper'); import('ttUser');

if ($request->getMethod() == 'POST') {   $cl_login = $request->getParameter('login'); } else {   $cl_login = @$_COOKIE['tt_login']; } $cl_password = $request->getParameter('password');

$form = new Form('loginForm'); $form->addInput(array('type'=>'text','size'=>'25','maxlength'=>'100','name'=>'login','style'=>'width: 220px;','value'=>$cl_login)); $form->addInput(array('type'=>'text','size'=>'25','maxlength'=>'50','name'=>'password','style'=>'width: 220px;','aspassword'=>true,'value'=>$cl_password)); $form->addInput(array('type'=>'hidden','name'=>'browser_today','value'=>'')); // User current date, which gets filled in on btn_login click. $form->addInput(array('type'=>'submit','name'=>'btn_login','onclick'=>'browser_today.value=get_date()','value'=>$i18n->getKey('button.login')));

if ($request->getMethod() == 'POST') {   // Validate user input.   if (!ttValidString($cl_login)) $errors->add($i18n->getKey('error.field'), $i18n->getKey('label.login'));   if (!ttValidString($cl_password)) $errors->add($i18n->getKey('error.field'), $i18n->getKey('label.password'));
     if ($errors->isEmpty()) {      // Use the "limit" plugin if we have one. Ignore include errors.
    // The "limit" plugin is not required for normal operation of Time Tracker.

    if ($auth->doLogin($cl_login, $cl_password)) {
      // Set current user date (as determined by user browser) into session.
      $current_user_date = $request->getParameter('browser_today', null);
      if ($current_user_date)
        $_SESSION['date'] = $current_user_date;

      // Remember user login in a cookie.
      setcookie('tt_login', $cl_login, time() + COOKIE_EXPIRE, '/');

      $user = new ttUser(null, $auth->getUserId());
      // Redirect, depending on user role.
      if ($user->isAdmin()) {
        header('Location: admin_teams.php');
      else if ($user->isClient()) {
        header('Location: reports.php');
      else {
        header('Location: time.php');
    } else
      $errors->add($i18n->getKey('error.auth'));   } }

if(!isTrue(MULTITEAM_MODE) && !ttTeamHelper::getTeams())   $errors->add($i18n->getKey('error.no_teams'));

// Determine whether to show login hint. It is currently used only for Windows LDAP authentication. $show_hint = ('ad' == $GLOBALS['AUTH_MODULE_PARAMS']['type']);

$smarty->assign('forms', array($form->getName()=>$form->toArray())); $smarty->assign('show_hint', $show_hint); $smarty->assign('onload', 'onLoad="document.loginForm.'.(!$cl_login?'login':'password').'.focus()"'); $smarty->assign('title', $i18n->getKey('title.login')); $smarty->assign('content_page_name', 'login.tpl'); $smarty->assign('about_text', $i18n->getKey('form.login.about')); $smarty->display('index.tpl'); ?>

So i have a Username+ Password field, a send button and a password forgotten link.

I'm forced to give the users the possibilaty to login with the username and password in the URL. So how to edit this page for this function? I know user+ pass in URL is not a good stile but i have the instruction.






if ($request->getMethod() == 'POST') {
  $cl_login = $request->getParameter('login');
} else {
  $cl_login = @$_COOKIE['tt_login'];
$cl_password = $request->getParameter('password');


  $cl_login = $request->getParameter('login');
  $cl_password = $request->getParameter('password');
  if ($cl_login == null && $request->getMethod() == 'GET')
  $cl_login = @$_COOKIE['tt_login'];

works fine for me to set also username in the URL.

People are also looking for solutions to the problem: php - mkdir() not working with URL


Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.