Can user login by embedding login details in a hyperlink?

- 34 Posts
Funk247 Reply #1, 10 years, 11 months ago

Hi, I know this question defeats the object of having security in the first place, but you know how clients can be sometimes.

Basically the client has 2 sites, one built in modx and one in asp, they both have a login in place with a single user profile that every visitor gets to use.

They want users to be able to login to the asp site and then click a link to visit the modx site and be logged in automatically - I'm not even sure this is possible...

I've tried passing the same variables that the login form does to various pages but without any success, I'm just returned to the login page each time.

www.mywebsite.com/index.php?id=87&username=myusername&password=mypassword&returnUrl=%2F&service=login&Login=Login

Has anyone else tried anything similar before? I've got some code that would allow me to do something with php but with the referring site being built in asp which I have now knowledge of, I'm a bit stumped.
- 12 Posts
svetoslav Reply #2, 10 years, 11 months ago
I think the best way should be to use a third party login service such as OpenID. But this means changes to the site based on asp.
If you want to do this with url parameters, don't use the "Login" snippet. "Login" needs input to authenticate a user. Make a custom snippet and get usage of the security/login processor (I assume you are running Revolution 2.2x).
The snippet can be something like this:
```
<?php 
 $loginContext = $modx->context->get('key');
 $c = array(
   'login_context' => $loginContext,
   'username' => $_GET['username'],
   'password' => $_GET['password'],
   'returnUrl' => null,
   'rememberme' => false
 );
 $response = $modx->runProcessor('security/login', $c);
 return $response;
?>
```