Hi experts

I am in the planning of a project where I need an initial login to the application (this part is no challenge) then on some pages inside the application I need access to some php pages on a secure server thru the web object.

The php pages all have one login page for obvious security reasons.

I would however like to have my application to do a auto login to the php part so the user does not have to go thru a second password before viewing the php content.

In short

Application with login (pass 1)
+
Silent php auto login to the php part on some pages within the app.

All without going thru 2 login screens…

Any suggestions?

Looks pretty obvious to me... Have you read the documentation for HTTP.Submit()? Is there something you didn't understand?

Ulrich

Hi Ulrich
Thanks for the fast reply.

Yes, I am new to programming. I have managed to set up some parts of my project due to the great examples posted on these pages, but I have not been able to find any examples for auto login with HTTP.Submit().

As far as I can read it goes something like this:

myvalues = {Name="Brian", Company="Indigo Rose"};
result = HTTP.SubmitSecure("https://www.indigorose.com/myscript.php", myvalues, SUBMITWEB_POST, 20, 443, nil, nil);


But how do I change this to do a log in,
and
Where do I place the code in the browser template? In the button on click? Or on load? Or?

Best regards

I see your problem... yes, it can be a bit tricky.
In any case, if you want to bypass the logon web page with your application, it is possible that you might have to adapt your existing web site a bit. I see at least two ways:

1) If you want to use HTTP.Submit() and send the logon data to the server, the server will have to send some token back to the application, that will allow the user to access the pages through the web object. For example, you submit the logon data, and return some session identifier as plain text. Then you load the internal web page in the web object, passing the session identifier as parameter, like http://domain.com/page1.php?session=1234567Of course you would have to implement some kind of control on the server to check if the session informed is valid, etc.

2) It might be easier to have a special PHP logon script for use with your application, where you get the logon data as $_REQUEST. You would use as start page of your web object something like http://domain.com/page2.php?username=John&password=mysecretand have the PHP script fetch this info, and then load the page corresponding to a successful login. Or not, if the data isn't valid any more, etc. This way you could use a cookie to keep track of an correctly authenticated user.

There may be other or even better solutions, but this is what I realized right now, and already might give you some idea...

Ulrich