Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13

Thread: A little help

  1. #1
    Banned
    Join Date
    Sep 2012
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Exclamation A little help

    Hello. My problem is this.
    I want to create a site that you login with your personal user and password.
    After the login page you get like a user : password manager.
    Every user : pass has a link to auto login with the displayed user / pass

    Ex. You login with user : asd and password : dsa

    Then you see : Yahoo - asd@yahoo.com : password dsa - LOGIN BUTTON (or something like that ) When you click the link or button the scripts goes to yahoo and add the user pass and logins you to yahoo directly. Like a macro but on a website

    I hope someone understand what i am trying to say. I hope i get a big help from you guys. I am at the noob lvl. Thanks

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,089
    Thanks
    51
    Thanked 506 Times in 493 Posts
    If you're at the noob lvl, it's probably not a good idea to expect people to let you look after their passwords to be honest.

    Not only could you be accused of hacking peoples accounts (even though it's not really hacking but simply using their passwords) but if you're a company this could open up a small legal minefield for you if you're not well known and trusted.

    Then there is also the point that many of us here on codingforums are suspicious whenever someone talks of wanting to take usernames and passwords from users of big sites like yahoo and log them in remotely.. sounds a bit dubious every time I hear it.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • #3
    Banned
    Join Date
    Sep 2012
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    This is not your problem man. Really now. I need this to help my performers to get faster access to their account. Anyone could really give me an idea?
    It`s not about storing their personal password. I need to make them an auto-login to sites like LJ - Imlive.
    Thanks
    Last edited by ntzntz; 09-07-2012 at 12:55 PM.

  • #4
    New Coder
    Join Date
    Sep 2011
    Posts
    80
    Thanks
    0
    Thanked 13 Times in 12 Posts
    To build on tangoforce's concerns, the way I'd suggest you do it is have your standard authentication system which logs users into your site, using a good password hashing system such as phpass to store the pass for your site, then use the password they use to log into your site as the key for a symmetric cypher to encrypt and decrypt passwords they store on your site for other services. That way you never see sensitive data.

    On the auto logging into other websites front, I highly doubt you'd be able to automate it. Any decent website will protect against Cross Site Request Forgery (which is basically what you're suggesting), so at best it could add the user name and password to the form.

    If your want to do it securely it'll take a bit of research.

  • #5
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,089
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Quote Originally Posted by ntzntz View Post
    This is not your problem man. Really now.
    When you post on this site asking for information which is basically cross site scripting, it everyones problem.

    Quote Originally Posted by ntzntz View Post
    I need this to help my performers to get faster access to their account.
    Let them login themselves then. Do you think they're incapable of using a keyboard and mouse? What you're saying sounds like a typical script kiddy attackers approach "I need to do this to help someone who is in desperate need of my help". It just doesn't sound right.


    Quote Originally Posted by ntzntz View Post
    It`s not about storing their personal password. I need to make them an auto-login to sites
    You need to make them an auto login yet you're not storing their personal password? - So how do you intend to log them in without their password then? - No matter how you try to convince me, the final result is that you want people to hand over their passwords to you.

    Quote Originally Posted by MarkR View Post
    To build on tangoforce's concerns, the way I'd suggest you do it is have your standard authentication system which logs users into your site, using a good password hashing system such as phpass to store the pass for your site, then use the password they use to log into your site as the key for a symmetric cypher to encrypt and decrypt passwords they store on your site for other services. That way you never see sensitive data.
    Supposing I implemented that. When the users log into my site, whats to stop me recording their passwords using my php and then decryping the users encrypted information at will? - Nothing. It doesn't matter how complex sounding you try to make it, if the ops site will store the passwords (encrypted or not) the end result is that the ops website will still have to transmit the passwords to the remote sites login script. That means the ops server / php code will at some point have access to the raw password.

    Like I said, it doesn't really matter how you dress this up, the op is wanting to get hold of peoples email logins and that doesn't sound right.

    ntzntz if you really want your users to be able to login to yahoo instantly, get them to install yahoo messenger. That does the job as soon as a new email arrives.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • #6
    Banned
    Join Date
    Sep 2012
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Why you are trying to say that i want to scam peoples off? I do not understand you. Let me explain again maybe you could understand what i want and you can let me alone with this blame.
    I work at a videochat studio. I create the accounts for the models. I have the access and password on every model is working here. I do not want to get their password. I already have the passwords and the usernames. I just want to help them to get to the main screen or inside the account much easier. They work on 4-5 sites. Everytime they need to login with an username and a password.
    What i want to do is this. They have a user and pass witch let them login to a single page that has every site login and password and a click so they can go directly to the account. What is so hard to understand? You go directly to blame . If this is not the place to ask then tell me no problem i look for help some place else. If you think that what i do is not right please ask an admin to ban my account.
    And man i am not talking about yahoo here that was just an example what is wrong with you. I work with Livejasmin, xlove, cam4free, myfreecam, imlive.

  • #7
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,089
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Quote Originally Posted by ntzntz View Post
    Why you are trying to say that i want to scam peoples off?
    I've already told you. You know almost nothing about php programming but you want to be dealing with peoples logins. Something doesn't sound right about it.

    Sorry, maybe you are legitimate but I've seen these types of posts before. The only difference here is I'm saying what other users of this site are thinking but won't say to you.

    We don't like to help people with code that could be used to attack someone elses service or to log peoples passwords etc. We'll help people defend against security vulnerabilities but we won't help people with things that could create / abuse them.

    Sorry if that offends but we see many newbie coders who ask strange questions like this.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • #8
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,978
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    If you are intent on shared login over multiple sites, then the best bet would be the approach of central login servers and kerberos style authentication. So long as its shared, data is easily retrieved and compared on any of the sites in question. This of course assumes control over all the sites in question. Otherwise, passing credentials around from site to site is just a security hole waiting to be exploited.

  • #9
    Banned
    Join Date
    Sep 2012
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    So much help. Thanks you could tell how i can do it or not. Not to blame me all the way. Please close this post. I ask and admin to close my account. I will look to disable myself. Thanks for nothing.

  • #10
    Banned
    Join Date
    Sep 2012
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    tangoforce **** YOU. YOU ARE JUST A RETARDED GEEK THAT THINKS HE IS THE CENTER OF THE UNIVERSE. DONT JUDGE THE PEOPLE YOU SEE AND TALK WITH BECAUSE THEY CAN **** YOU RETARD. YOU ARE A ****HEAD. YOU AND YOUR WHOLE FAMILIY.
    fou-lu. I dont have nothing with you but i dont find a way to disable this ****ing account so. **** YOU TO.
    Have a great day

  • #11
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,089
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Quote Originally Posted by ntzntz View Post
    YOU AND YOUR WHOLE FAMILIY.
    See.. You don't even respect people you've never met so what makes you trustable with their login details? I even apologised to you if you were legitimate however you've still thrown your toys out of the pram. That only reinforces my suspicions.. you're aggressive and want to attack people and peoples passwords to their yahoo accounts would be a prime method of doing so.

    If you want to know how to do what you want LEARN. Doing the kind of thing you want takes skill, knowledge and time (something many people don't have). Thats the simple answer. We can't put knowledge into your head and we don't do complete projects free. The fact that you want it done ASAP and with us doing all the leg work for you and it involves peoples passwords just doesn't seem right.

    Fou surprisingly gave you a pointer and instead of going away and doing your research you've insulted him too. If you want to be banned, thats the way to do it.

    You never showed us a link to your site for us to see if it might be genuine, all you did was mention (like many wannabe hackers) the words yahoo and password. You don't think thats suspicious?

    As mentioned before no-one here will give you complete code that could be used to abuse people online. I'm simply telling you what others won't. I've been truthful to you. If you can't handle that, go and join a group of hackers and demand that they help you and abuse them the same way you did with me. I bet you wouldn't dare would you

    I think many members here know me well enough to confirm I say what I think. If I wanted to insult you I would have said something to you that was really offensive. I didn't so accept it as it is - someone telling you that we don't really want to get involved in something that doesn't look right. There was no personal attack against you in it.
    Last edited by tangoforce; 09-08-2012 at 06:28 PM.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • #12
    New Coder
    Join Date
    Sep 2011
    Posts
    80
    Thanks
    0
    Thanked 13 Times in 12 Posts
    Quote Originally Posted by tangoforce View Post


    Supposing I implemented that. When the users log into my site, whats to stop me recording their passwords using my php and then decryping the users encrypted information at will? - Nothing. It doesn't matter how complex sounding you try to make it, if the ops site will store the passwords (encrypted or not) the end result is that the ops website will still have to transmit the passwords to the remote sites login script. That means the ops server / php code will at some point have access to the raw password.

    Like I said, it doesn't really matter how you dress this up, the op is wanting to get hold of peoples email logins and that doesn't sound right.

    ntzntz if you really want your users to be able to login to yahoo instantly, get them to install yahoo messenger. That does the job as soon as a new email arrives.
    I know this is dead, but I'd like to clarify my point, assuming op is legit and not out to scam some login credentials.

    My post was based around damage limitation and building a system which stores information safely. What I proposed wasn't meant to sound complex, but a method to store sensitive information where the key is only exposed in session data. If anything it would be pretty easy to implement.

    With any system that stores sensitive information, there is always a point where it must be exposed internally. Take your average login system with passwords stored with a standard one way cipher, would you suggest that all sites using this highly recognised and accepted method cease what they are doing because at some point they could log the plain text password? An element of trust is always involved.

    Information security isn't entirely about building bomb proof systems, they don't exist. Considerations into damage limitation if a breach were to occur are equally important IMO.

  • #13
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,089
    Thanks
    51
    Thanked 506 Times in 493 Posts
    I know exactly what you're getting at and the method you're trying to suggest. All I was saying was that if the op wanted to record the passwords of their users, your system would not prevent that as they would at some point be exposed to the ops own code.

    If you read the ops last post, I suspect you'll understand why I had my suspicions in the first place. Underneath the surface of the ops post was a rather aggressive person who clearly had some sort of motive IMO even telling Fou what to do and Fou had done nothing to offend.
    Last edited by tangoforce; 09-11-2012 at 08:58 PM.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •