A web site requires a user name and password.  I want a hyperlink
format which will allow me to bypass the screen where you enter the
username and password, and submit the information directly.

Here is the web site I'm talking about:
http://www.plc.doleta.gov/eta_start.cfm
Complicating matters, you have to click "OK" before you can even get
to the point where you enter the user name and password.
What I'm looking for is something formatted like:
https://plc.doleta.gov//cris/login.do?....usernamee=.... password=........

And be able to log in with a single click from anywhere in internet explorer.
Thanks

Jay

It's not exactly what you're looking for, but something like
http://www.roboform.com/ will definitely do the trick. It
automatically fills and submits the form for you.   It's free if you
only have a few accounts to remember.   The toolbar allows near-one
click entry to websites.

I think I should also point out that due to the fact it is a
government system it may very well be a policy violation to set up an
automatic login. These regulations vary from one government agency to
another, but most of them do not allow this. You may wish to check
with an administrator for the site, or another official in that
department before you attemp to use any type of automatic login.

Thank you - but that won't help with what I want to do.
I actually have many "user names" for this web site.  I'm an
immigration lawyer, and I get a new user name for each client I
represent.  I have a case management system which lets me create a web
field with both a prefix and a suffix.  So what I want to be able to
do is enter the user name in the web field, and have the prefix and
suffix formatted to take me to this page and log me in.  (I can use
the same password for all the accounts.)
But thanks for you idea.
J

It depends on their system behind it. I have checked the website, and
it looks not too difficult to do that. Try this:

http://www.plc.doleta.gov/eta_start.cfm?username=...&password=...&method=login&actiontype=login

replace the ... with correct information

If it does not work than you have to find someone to work more closely
to see he website. It may need some scripting, or we can do some
trade. You need scripting advices, I may need some immigration advices
:)

If later the website change how to login, for example some websites
ask the person to read security numbers in the graphics format, then
it become for difficult to have auto login.





regards



Rakata

I tried that format and get this error message:

We're sorry, Error in URL Query String Parameters.

Possible Errors are:

 
URL Query String should have at least one parameter (called
actiontype) or three parameters (called actiontype, cfid and cftoken)
or five parameters (called actiontype, cfid, cftoken, qrystr and
hash).


URL Query String can not be modified manually.  
--------------------------------------------------------
I'm pretty sure this means either:
1.  We've almost got it, or
2.  It can't be done.

J

And be happy to  trade some scripting advice for some immigration advice!

It means that the system behind the login will read only POST data. In
submiting data there are 2 methods. POST and GET. When you fill a
form, most of them you submit with method of POST. When you make a url
... blah=1&blah=2 .. etc you submiting with method of GET.

You can make a trick, but you need another server (not just a link and
doleta.gov server). The other server will convert your GET submition
to POST submition to the doleta.gov server.

Lol .. it looks like technical explanation :)

I just created a script to do that, but it has to run on a server, and
it has to be ASP server because I wrote the script on ASP. You can
have it. I can send you the script, or you can just get it by knowing
the URL.

I host the script on this URL:

http://www.proxsee.com/jay/autologin.asp?username=...&password=...

replace the ... with correct username and password

Warning: If you put username and password on that URL and put on your
browser, you are sending username/password information to my server.
So, better you test with a dummy data, or just belive me that I do not
sniff your data :)

The script uder that URL will fill the form with username and
password, pick a random click on the submit button, and automatically
submit the username and password to doleta.gov server. If they do not
check the referer URL, it will work. But, if they check the referer
(URL before submition), and say ... the referer is not 'my own server'
then reject ... then we have to do another difficult trick.

I hope it works now.

I am not good at Javascript. You may not need to do have other server,
just use only javacsript on an HTML that you can host under any
servers. The trick that I show you above required Javascript and ASP.


regards



Rakata

Does it work ?

YES!  It works just as you explained.  I wouldn't be able to use this
"live" on a web site I don't control as this involves matters of
client access and confidentiality.  Where do we go from here???

Jay

it might be possible to duplicate their login form locally on your
machine, and have it submit to their server.  this should work as long
as they are not checking the referred to restrict POST requests to
their own server (which would be a perfectly valid thing to do in the
interest of security)

try this out:  save this code to your machine as "autologin.html" (for
example to your c: drive at c:/autologin.html), then you can call it
from where you saved it like
 file:///c:/autologin.html?username=...&password=...

i have written some javascript that will detect if you have provided a
username and password in the querystring and submit the form
automatically if so.


the code:


<html>
	<head>
		<title>login</title>
		<script type="text/javascript">
			window.onload = function autoLogin() {
				var qs = location.search.substring(location.search.indexOf("?") + 1);
				
				if (qs != null && qs.length > 0) {
					var kvs = new Array();
					var pairs = qs.split("&");
					
					//  get keys/vals from querystring
					for (var x = 0; x < pairs.length; x++) {
						var kv = pairs[x].split("=");
						kvs[kv[0]] = kv[1];
					}
					
					//  populate form fields
					var form = document.getElementById("loginForm");
					form.elements["username"].value = kvs["username"];
					form.elements["password"].value = kvs["password"];
					form.submit();
				}
			}
		</script>
	</head>

	<body>
		<form action="http://www.plc.doleta.gov/eta_start.cfm" method="post"
enablecab="no" name="h1b" id="loginForm">
			<div>username: <input type="text" name="username" value=""
size="15" maxlength="15"></div>
			<div>password: <input type="password" name="password" size="15"
maxlength="15"></div>
			<div><input type="submit" name="method" value="login" /></div>
		</form>
	</body>
</html>