p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   Classic ASP Basics (http://p2p.wrox.com/forumdisplay.php?f=61)
-   -   Help passing login info to new page (http://p2p.wrox.com/showthread.php?t=65071)

peterh January 7th, 2008 10:07 AM

Help passing login info to new page
 
Hello, I'm trying to set up our login page so that when they login, they can click a link to a third-party website, which will automatically log them in using login info from our database.

ANY advice or pointers would be great.

Thanks.

Peter Hansen
Software Developer
AtHomeNet, Inc.
peterh@athomenet.com

peterh January 7th, 2008 10:37 AM

Need help.
=[

Peter Hansen
Software Developer
AtHomeNet, Inc.
peterh@athomenet.com

peterh January 7th, 2008 12:09 PM

Figured it out.

Peter Hansen
Software Developer
AtHomeNet, Inc.
peterh@athomenet.com

mat41 January 7th, 2008 06:33 PM

Your solution may be useful to others...

Wind is your friend
Matt

peterh January 10th, 2008 12:39 PM

Well, it turns out that the vendor wanted to simply pass the login info in the querystring, figuring it's safe enough since you need to be logged in prior anyway.

When a user logs in, all their user info is stored into session, and on the next page after a successful login(inside_home.asp), there is a link calling a javascript function to post to the vendor.
i.e.
Code:

<a href='http://www.securedata-trans5.com/ap/ap_admin_v2/admin_v2.php' onClick='JavaScript:AppointmentPlusLogin();return false;' target=_top>blah blah</a>
the javascript function is simply
Code:

function AppointmentPlusLogin() {
window.location.href = document.form1.submit();

VBScript
Code:

<%         
        Set dc = Server.CreateObject("ADODB.Connection")
        dc.ConnectionTimeout = Session("dc_ConnectionTimeout")
        dc.CommandTimeout = Session("dc_CommandTimeout")
        dc.Open Session("dc_ConnectionString"), Session("dc_RuntimeUserName"), Session("dc_RuntimePassword")
        Set cmdTemp = Server.CreateObject("ADODB.Command")
        Set dcUser = Server.CreateObject("ADODB.Recordset")
        cmdTemp.CommandText = "SELECT * FROM login LEFT JOIN person ON login.login_id = person.login_id WHERE (person.person_id = " & Session("person_id") & ") AND person.hide_record <> 1"
        cmdTemp.CommandType = 1
        Set cmdTemp.ActiveConnection = dc
        dcUser.Open cmdTemp, , 0, 1

        dim pw
        pw = dcUser("last_name")

        dim pw2
        pw2 = trim(left(pw,3))

            dcUser.Close
            Set cmdTemp = Nothing
            Set dcUser = Nothing
            dc.Close
            Set dc = Nothing


%>

And here's the form telling the javascript function AppointmentPlusLogin what to do.
Code:

<form name="form1" id="form1" method="post" action="http://www.vendor.com/admin_v2.php?action=log_in&login=<%= pw %>&password=<%= pw2 & Session("login_name") %>">

</form>

Please note that I don't recommend passing login info through the querystring if it can be avoided.

Peter Hansen
Software Developer
AtHomeNet, Inc.
peterh@athomenet.com


All times are GMT -4. The time now is 01:55 PM.

Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.