tags:

views:

91

answers:

3
+5  Q: 

POST to password protected URL?

I am working on a project that requires me to POST some data to a url that requires a username and password for access. How do I build the URL so that it automatically logs into the system?

$.ajax({
    url: "https://xxxxxxx",
    type: "POST",
    data: "___PUT_BODY___="+file+"&file="+time,
})
+4  A: 

If the page uses "Basic" HTTP authentication (the kind where the browser opens a little dialog window asking for a username and password), you can simply do:

https://username:[email protected]/

If the site has a login form embedded on the page somewhere, then the login information doesn't go in the URL. You would have to simulate submitting that form (by generating a similar AJAX request specifically for logging in).

VoteyDisciple  2010-10-19 18:03:14
I agree with votey, but my 2 cents is that I tend to use custom lockouts for my secure pages, and use unique tokens to grant necessary access. So my post would have data as {file: file, token:token} where the url is a lockout bypass that checks the token and referring site to validate access. Sounds complex but it is not. You can do this with basic sessions and a login form. Maybe 20 minutes to set up.
Kai Qing  2010-10-19 18:09:55
"If the server performs HTTP authentication before providing a response, the user name and password pair can be sent via the username and password options."
 2010-10-19 19:08:41
+2  A: 

Read the funny manual

Also, don't make your query string the way it comes out in the URI bar, make it an object. Also, semi-colon goes at the end of that statement.

$.ajax({
    url: "https://example.com",
    type: "POST",
    data: {
            "___PUT_BODY___="   : file, 
            "&file="            : time
          },
    password : "theP4s$w0rD!",
    username : "Bob's big bad world of HTTP Auth"

});
 2010-10-19 19:07:34
A: 

If the page you send from is public, of if the username/password have to remain private you should reconsider putting your username/password in the page.

You can post to a local page on your server, wich in turn can send the data with for example curl to the receiving server.

Also useing curl you can do any kind of authentication you need to.

Paul Scheltema  2010-10-19 21:09:42

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases