I have a hosting, where I got specified admin panel. On this panel I can set passwords and usernames, and the passwords get encrypted. So my question is:
Is there any way for that to design the authentication?
I mean, when it requires login and password, it pops-up in browser, and I'd like to make this happen ON the website, where I can design it with CSS, not IN the browser. Any ideas?
Thanks in advance, any helpful answers gets me closer.
First, beware that the user name and password are sent in clear(base64 encoding) text if you are using "Basic Authentication" and not wrapped with the ssl module.
To achieve what you are trying do, you will have to use "form authentication":
<form method="post" action="validate_credentials.php" >
<table border="1" >
<tr>
<td><label for="user">Username</label></td>
<td><input type="text" name="user" id='user'></td>
</tr>
<tr>
<td><label for="pass" >Password</label></td>
<td><input name="pass" id='pass' type="password" ></input></td>
</tr>
<tr>
<td><input type="submit" value="Submit"/></td>
</tr>
</table>
</form>
and here is how the validate_credentials.php file looks like:
<?php
// Grab User submitted information
$username = $_POST["user"];
$password = $_POST["pass"];
// Stored user name and password
$db_user = "secret_username";
$db_pass = "secret_password";
// Authentication mechanism
if ($username != $db_user and $password != $db_pass) {
echo"Invalid Credentials, Please try again.";
exit();
}
if ($username == $db_user and $password == $db_pass) {
echo"Valid Credentials, You are authenticated.";
// You can now serve the document that was requested.
}
I just tried to keep it simple so that you understand. To feel safe, validate user inputs and don't use clear text passwords in validate_credentials.php file, you can google how to do that.
Related
I'm stuck. I'm trying to follow every example I can find about using Python 3's Requests library to access a webpage, after first logging in from a login page. The kicker here, is that I'm trying to create a tool for work, so I can't give the link to the exact webpage I'm working with, but I can show the source code from the page to help. Hoping someone can show me what I need to do with what I provide here?
What I think I'm stuck on (I think) is, there's a hidden input named "__RequestVerificationToken" that dynamically changes with each new login page load/refresh, and I know that it's something that will need to be "posted" along with the login credentials, but every tutorial I've seen so far does this step like this:
Use Requests and BS4 to first access and parse the source code of the login page and find that unique token value
Send a post request using that unique token value
BUT the problem is (I think), that token value changes between those two requests, in turn making the first one obsolete.
The source code for the credential section of the page (along with some kind of encryption functions that I'm not sure is needed, but included it anyway) looks like the below. It runs without "error", but the page I want to access AFTER the login, looks identical to the login page code, signifying it didn't login successfully:
[![Login_Creds][1]][1]
<form action="/Login" id="form-login" method="post"><input name="__RequestVerificationToken" type="hidden" value="3s5_lA2VJBP3XTpl_YE3zkxcZarbGUuCZfHbm0oJ3nvQweIKorZXnein-YBQnrouX9VVLVc0qw2gvOVIE8-IxLdd9kALEFVpb4RA4z1Ed7k1" /> <div id="message-sessionexpired" class="usermessage-login ui-widget-content ui-corner-all h-column" style="display: none">
<div class="v-column first">
<i class="ci-icon-info-sign ci-icon" id="128824"></i>
</div>
<div class="v-column last">
We thought you left, so for your security we signed you out.
Please sign back in below.
</div>
</div>
<div id="message-userloggedout" class="usermessage-login ui-widget-content ui-corner-all h-column" style="display: none">
<div class="v-column first">
<i class="ci-icon-info-sign ci-icon table-cell" id="128825"></i>
</div>
<div class="v-column last">
You signed in with a different user in a new tab.
Please use the new tab or sign back in below.
</div>
</div>
<table>
<tr>
<td>
<label for="login-email">User Name (email)</label>
</td>
<td>
<input class="input-login" id="login-email" name="email" type="text" value="" />
</td>
</tr>
<tr>
<td>
<label for="login-password">Password</label>
</td>
<td>
<input autocomplete="on" class="ci-textbox input-login" id="login-password" name="password" type="password" value="" />
</td>
</tr>
<tr>
<td colspan="2" style="text-align: center">
<input id="login-passhash" name="passhash" type="hidden" value="" />
</td>
</tr>
<tr>
<td colspan="2" style="text-align: right">
<button class="ci-button" id="button-login" title="Version 4.4.86.17690" type="submit" value="Login">Login<script for="button-login" temporary="true" type="text/javascript">button_login=new Button("#button-login",{disabled:!1});$(function(){button_login.init();$("#button-login").off("click.centralui");$("#button-login").on("click.centralui",function(n){$(this).is(":disabled")||n.isDefaultPrevented()||$("#form-login").loader().show({message:"",focusInput:!1});$(this).is(":disabled")||n.isDefaultPrevented()||encryptPassword()})})</script></button>
</td>
</tr>
<tr>
<td colspan="2">
<a class="smaller" href="/ResetPassword?Length=5" id="link-forgotpassword">Forgot your password?</a>
</td>
</tr>
<tr>
<td colspan="2">
</td>
</tr>
</table>
<br />
<div class="validation-summary-valid" data-valmsg-summary="true"><ul><li style="display:none"></li>
</ul></div></form>
<script type="text/javascript">
$(function () {
if (sessionStorage.expired == "true") {
$("#message-sessionexpired").css("display", "flex");
sessionStorage.expired = false;
}
if (sessionStorage.userLoggedOut == "true") {
$("#message-userloggedout").css("display", "flex");
sessionStorage.userLoggedOut = false;
}
});
function encryptPassword() {
var clearPass = $("#login-password").val();
$("#login-passhash").val(null);
var publicKeyExponent = Base64.decode("EXPONENT_STRING_HERE");
if (publicKeyExponent != false) {
var publicKeyModulus = Base64.decode("DECODE_STRING_IS_HERE");
var publicKey = new RSAPublicKey(publicKeyModulus, publicKeyExponent);
var encryptedPass = RSA.encrypt(clearPass, publicKey);
$("#login-passhash").val(encryptedPass);
$("#login-password").val(null);
}
}
</script>
The code that I've attempted until now is this:
import requests
from bs4 import BeautifulSoup
USERNAME = 'USERNAME'
PASSWORD = 'PASSWORD'
LOGIN_URL = "BASEURL/Login" # /Login from the "<form action" part of login source code
PRIVATE_URL = "BASEURL/PAGE_AFTER_LOGIN"
headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/IP_HERE Safari/537.36'}
def main():
sess = requests.session()
# Get login "hidden_token" first
html = sess.get(LOGIN_URL)
soup = BeautifulSoup(html.content,'html.parser')
hidden_token = soup.find('input', {'name': '__RequestVerificationToken'}).get('value')
# Create payload
payload = {
"username": USERNAME,
"password": PASSWORD,
"__RequestVerificationToken": hidden_token
}
# Perform login
html = sess.post(LOGIN_URL, data=payload, headers=headers)
# Scrape url
html = sess.get(PRIVATE_URL, headers=headers)
print(html) # Response
print(html.text) # Source Code for after logged in page
if __name__ == '__main__':
main()
Any ideas on what else I can try, besides using Selenium, given this data? Again, I can't provide the exact URL, just looking for some guidance. Thanks!
UPDATE
After some digging, it turns out that my suspicion is correct, when I print out the cookies from the first "get" request, and the "post" request, that "__RequestVerificationToken" is different. So is there a way to somehow submit that token value from the "post" command?
[1]: https://i.stack.imgur.com/85yAO.png
I guess your hunch about the fact that the token changes between requests is correct.
Most probably a new token is generated based upon the cookies. If the server sees a new user (a.k.a a new session cookie) then it will generate another __RequestVerificationToken.
Every login is different in its own way, but what I suggest you try is the following
GET(login_url) -> extract cookies from response object, extract __RequestVerificationToken
POST(login_url, data = (user, passw, token), cookies = extracted_cookies) -> extract cookies again
When you post request with the same cookies, maybe the server will not change the token.
After you login, extract the cookies again and compare them. (sometimes servers assign a new set of cookies after you logged in). Good luck!
I am having some troubles with Apache Shiro when I put the right user and password in the login page. It keeps redirecting me to the same page every time.
Here I have my project structure.
Now my Shiro ini file content
[main]
# specify login page
authc.loginUrl = /admin/login.jsp
authc.successUrl = /admin/administracion.jsp
[users]
admin = admin
guest = 12345
[urls]
/admin/login.jsp = authc
/admin/** = authc
Now, the login html form
<form class="formulario" name="loginform" action="" method="POST">
<div id="descripcionPagina">
<h1>Login</h1><br>
Para ingresar al sistema <font color="red">identifíquese</font> como usuario del sistema.
<br>
</div>
<table id="tabla3" width="65%" cellpadding="8">
<tr id="fila">
<td align="right">
Identificación:
</td><td>
<input type="text" size="30"
id="Lusuario" name="user">
</td>
</tr><tr id="fila">
<td align="right">
Clave:
</td><td>
<input type="password" size="30"
id="Lpassword" name="password">
</td>
</tr><tr id="fila">
<td align="center" colspan="2">
<input type="submit" value="Ingresar">
</td>
</tr>
</table>
</form>
The web.xml is fine and doesn't contain any web session parameters. Any help would be very appreciated. Thank you.
I think that the problem is with the name of the fields:
Look at the source of the FormAuthenticationFilter (authc)
He need the fields : username and password.
You can change your html form
<input type="text" size="30" id="Lusuario" name="user">
to:
<input type="text" size="30" id="Lusuario" name="username">
Or you can add this in your shiro.ini
authc.usernameParam = user
I think /admin/logging.jsp should be anon instead of authc
I'm setting forth on my first Single-Page Application. I've installed Visual Studio 2012 Professional with Update 2, and loaded the project. I've gone into IE10 and unchecked the "Disable script debugging (Internet Explorer)" checkbox.
Here's my code snippet that ought to be hit by the debugger
However, when I run the code the red breakpoint symbol turns to a hollow white one
with the legend "The breakpoint will not currently be hit; no symbols have been loaded for this document".
I'm at a loss here. Even the debugger; statement isn't causing the code to break out.
I've reinstalled VS2012 and Update 2 twice now.
Thanks
Edward
Do you have multipel projects in your solution, is the file where you are putting breakpoint belongs to same project that is set as start up project?
have you tried to give the function a name (openMain function name here)
Just to make it a bit more understandable I'll show a code that I used for a site.
<form name="myForm" action="mailto:kkatsman#rocfriesepoort.nl?subject=Stickers" enctype="text/plain" method="POST" onsubmit=" return formcheck()">
<table id="formulier">
<tr>
<td>Klas:</td> <td><input type="text" required name="klas" id="klas" onkeyup="vulaan(this)"></td>
</tr><tr>
<td>Examencode:</td> <td><input type="text" required name="examencode" id="examencode" onkeyup="vulaan(this)"></td>
</tr><tr>
<td>Examennaam:</td> <td><input type="text" required name="examennaam" id="examennaam" onkeyup="vulaan(this)"></td>
</tr><tr>
<td>Datum:</td> <td><input type="text" required name="datum" id="datum" onkeyup="vulaan(this)"></td>
<td colspan="2"></td>
<td>Week:</td> <td><input type="text" required name="week" id="week" onkeyup="vulaan(this)"></td>
</tr><tr>
<td>Tijdstip: van</td> <td><input type="text" required name="van" id="van" onkeyup="vulaan(this)"></td> <td>tot</td> <td><input type="text" required name="tot" id="tot" onkeyup="vulaan(this)"></td>
<td>Docent:</td> <td><input type="text" required name="docent" id="docent" onkeyup="vulaan(this)"></td>
</tr>
</table>
So when there is a keypressed in a certain textbox it refers to the function "vulaan"
now my javascript file looks something like:
function vulaan()
{
//voor de klas
var klas = document.getElementById('klas').value;
var klas1 = document.getElementById('klas1').value;
var klas2 = document.getElementById('klas2').value;
document.getElementById('klas1').value = klas;
document.getElementById('klas2').value = klas;
}
How come I customize the session in Liferay?Sample codes are welcome as it will help more,I am pretty new to Liferay?
To be more specific, i'll explain what i've done. Using Custom JSPs Hooks , i have overridden the $PORTAL_ROOT_HOME/html/portlet/login login.jsp and created my own jsp page and also overridden the LoginAction class.My login.jsp page looks like:
<aui:form action="" method="post">
<table>
<tr>
<td>Username :</td>
<td><input name="login" size=15 type="text" /></td>
</tr>
<tr>
<td>Password :</td>
<td><input name="password" size=15 type="password" /></td>
</tr>
</table>
<aui:button type="submit" value="sign-in"/>
</aui:form>
Now please tell upon clicking on the submit button , how can i get the login values in LoginAction.java and hence set the values to session. This is what i mean by customizing.
You should have copied the origonal login.jsp file from the start. By the looks of your codesnipsets you forgot to set the action to your loginAction. This can be done the following way:
<portlet:actionURL secure="<%= PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS || request.isSecure() %>" var="loginURL">
<portlet:param name="saveLastPath" value="0" />
<portlet:param name="struts_action" value="/login/login" />
<portlet:param name="doActionAfterLogin" value="<%= portletName.equals(PortletKeys.FAST_LOGIN) ? Boolean.TRUE.toString() : Boolean.FALSE.toString() %>" />
</portlet:actionURL>
<aui:form action="<%= loginURL %>" method="post">
<table>
<tr>
<td>Username :</td>
<td><aui:input name="login" size=15 type="text" /></td>
</tr>
<tr>
<td>Password :</td>
<td><aui:input name="password" size=15 type="password" /></td>
</tr>
</table>
<aui:button type="submit" value="sign-in"/>
</aui:form>
Please note that it is better to copy the orginal $PORTAL_ROOT_HOME/html/portlet/login/ login.jsp to your hook. Then make the modifications if any needed.
Your Hook will break / remove allot of existing functionality if the provided snipset is all you have.
To receive the parameters from the action you can use Pauls answer.
You can get login values with this code:
String login = ParamUtil.getString(request, "login");
String password = ParamUtil.getString(request, "password");
To set some values to session use this:
HttpSession session = request.getSession();
session.setAttribute("parm", "somevalue");
BR,
Paul
My employer is switching their internal portal over to SharePoint. One of the highly used features of the previous portal was a 'people search' that allowed partial names. SharePoint 2007 defaults to keyword searches which only match against the exact word(s) given as search terms. It can do full-text searches but you have to provide the property name, e.g. "FirstName:tom" (without the quotes of course). That works for a programmatic solution but not for end users.
Is there a way in SharePoint 2007 to let users search for people using partial names?
I found this solution that works well enough for us.
Add a ContentEditor web part to the target page and go to the HTML editor button. Add the following HTML code. It creates two input fields (firstname/lastname) and then creates a query with the search terms included as property searches which will invoke the full-text search.
Note: you need to replace the search result page with the appropriate location for your configuration.
<script language="javascript">
//function to handle enter on keyboard
function txtWildPeopleFinder_KeyDown(e)
{
if (e.keyCode == 13 || e.keyCode==10)
{
e.returnValue=false;
DoWildPeopleSearch();
return false;
}
else
return true;
}
//escape apostrophes in search strings
function escapestr(str)
{
return str.replace("'","%22");
}
//search function
function DoWildPeopleSearch()
{
var firstname = escapestr(document.all["firstname"].value);
var lastname = escapestr(document.all["lastname"].value);
var url;
//search on last name
if(firstname == "")
{
url = "/searchcenter/Pages/peopleresults.aspx?k=LastName%3A" + lastname;
window.location=url;
return;
}
//search on first name
if(lastname == "")
{
url = "/searchcenter/Pages/peopleresults.aspx?k=FirstName%3A" + firstname;
window.location=url;
return;
}
//first and last
url = "/searchcenter/Pages/peopleresults.aspx?k=lastname%3A" + lastname + "%20FirstName%3A" + firstname;
window.location=url;
return;
}
</script>
<table cellpadding="2" cellspacing="0" border="0" width="100%" ID="Table3">
<tr>
<td width="80" nowrap>
First Name:
</td>
<td width="100%">
<input size="20" maxlength="100" id="firstname" name="firstname" type="text" onkeydown="txtWildPeopleFinder_KeyDown(event)">
</td>
</tr>
<tr>
<td width="80" nowrap>
Last Name:
</td>
<td>
<input size="20" maxlength="100" id="lastname" name="lastname" type="text" onkeydown="txtWildPeopleFinder_KeyDown(event)">
</td>
</tr>
<tr>
<td> </td>
<td>
<input type="button" onclick="DoWildPeopleSearch()" value="Search">
</td>
</tr>
</table>