View Single Post
  #5 (permalink)  
Old January 10th, 2008, 12:39 PM
peterh peterh is offline
Authorized User
 
Join Date: Jan 2008
Location: Suwanee, GA, USA.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Well, it turns out that the vendor wanted to simply pass the login info in the querystring, figuring it's safe enough since you need to be logged in prior anyway.

When a user logs in, all their user info is stored into session, and on the next page after a successful login(inside_home.asp), there is a link calling a javascript function to post to the vendor.
i.e.
Code:
<a href='http://www.securedata-trans5.com/ap/ap_admin_v2/admin_v2.php' onClick='JavaScript:AppointmentPlusLogin();return false;' target=_top>blah blah</a>
the javascript function is simply
Code:
function AppointmentPlusLogin() {
window.location.href = document.form1.submit();
VBScript
Code:
<%          
        Set dc = Server.CreateObject("ADODB.Connection")
        dc.ConnectionTimeout = Session("dc_ConnectionTimeout")
        dc.CommandTimeout = Session("dc_CommandTimeout")
        dc.Open Session("dc_ConnectionString"), Session("dc_RuntimeUserName"), Session("dc_RuntimePassword")
        Set cmdTemp = Server.CreateObject("ADODB.Command")
        Set dcUser = Server.CreateObject("ADODB.Recordset")
        cmdTemp.CommandText = "SELECT * FROM login LEFT JOIN person ON login.login_id = person.login_id WHERE (person.person_id = " & Session("person_id") & ") AND person.hide_record <> 1"
        cmdTemp.CommandType = 1
        Set cmdTemp.ActiveConnection = dc
        dcUser.Open cmdTemp, , 0, 1

        dim pw
        pw = dcUser("last_name")

        dim pw2
        pw2 = trim(left(pw,3))

            dcUser.Close
            Set cmdTemp = Nothing
            Set dcUser = Nothing
            dc.Close
            Set dc = Nothing


%>
And here's the form telling the javascript function AppointmentPlusLogin what to do.
Code:
<form name="form1" id="form1" method="post" action="http://www.vendor.com/admin_v2.php?action=log_in&login=<%= pw %>&password=<%= pw2 & Session("login_name") %>">

</form>
Please note that I don't recommend passing login info through the querystring if it can be avoided.

Peter Hansen
Software Developer
AtHomeNet, Inc.
peterh@athomenet.com
Reply With Quote