tags:

views:

132

answers:

2

Hello, i want to build a website with following features: 2 Frames. 1 Frame with am edit box and a button. The second frame should show a page whitch is secured by username/password. Is there a possibility that a sepcified user is always logged on? The problem is: I can't edit any thing on the page of the second frame.

I have to use this in the office and have to see the orders of a webshop backend. But the user who monitors the orders should use this website without login. Is it possible to store the username/password on a local maschine and login automaticly and permanent(i DONT mean a password manager).

The workflow is: Open the local HTML file and see the two frames. Any idea. I hope i could figure out what I have to do.

+1  A: 

If you login at least once -- maybe you could use JS or a client-side script to alter the existing cookie to expire later -- since you want forever, about 10 years should do the trick, haha.

henasraf
+1  A: 

I would give the "manager" person a real login in the system that provides a read-only view.

If the system can't do that, I'd recommend fixing the system... but it sounds like you are stuck with the system as is and can not alter it.

update(s): (updated again to do a post vs. get)

Based on the comments below, here's a basic sample of the insecure auto-login:

<html>
  <head>
    <title>CEO System Overview</title>
    <script>
      function autoLogin(){
        document.forms['auto'].submit();
      }
    </script>
  </head>
  <body onload="autoLogin();">
    <form name="auto" method="post" target="overview" action="fullpath/foobar.php/login.php/action/process">
      <input type="hidden" name="email_address" value="[email protected]"/>
      <input type="hidden" name="password" value="foobar"/>
    </form>
    <iframe name="overview" width="100%" height="100%" frameBorder="0"
      src="about:blank">
    </iframe>
  </body>
</html>

Notes:

  1. This is insecure - any user of this PC/file can access the system
  2. Navigation via the browser back/forward buttons may be a bit messed up (some browsers handle navigation within iframes better than others)
scunliffe
I know I know but the ceo want a quickn dirty version.This is not possible
SurfingCat
scunliffe
Its a post login to a gambio webshop:<form id="login" action="https://www.foobar.php/login.php/action/process" method="post">
SurfingCat
SurfingCat
Does not work. I get only the login page.
SurfingCat