Auto-login passing username and password via URL

This topic is locked

Auto-login passing username and password via URL	7/26/2019 11:42:33 AM
PHPRunner Tips and Tricks
Sergey Kornilov admin Please note that passing username and password via URL is very insecure. Use it for internal applications only. The following code needs to be added to AfterAppInit event. It takes full advantage of Security API. `if ($_GET["username"] && $_GET["password"]) { if (Security::checkUsernamePassword($_GET["username"],$_GET["password"])) Security::loginAs($_GET["username"]); }` And now you can try to run it in the web browser as `https://yourwebsite.com/login.php?username=...&password=...`

Mark as Solved Mark as not solved

2 replies


U	uli 8/3/2019
	Thanks for this small script snipplet. I tried this out but got this Warning that is generated by the call to "Security::loginAs($_GET["username"]);" count(): Parameter must be an array or an object that implements Countable in **/classes/runnerpage.php on line 1133 PHPRunner 10.2 Thanks for help


	milver 2/3/2020
	Thanks for this small script snipplet. I tried this out but got this Warning that is generated by the call to "Security::loginAs($_GET["username"]);" count(): Parameter must be an array or an object that implements Countable in **/classes/runnerpage.php on line 1133 PHPRunner 10.2 Thanks for help [size="2"]Try this way:[/size] [font="Consolas"][color="#008080"]Security::loginAs($username, true); [font="Consolas"][size="2"][size="3"]For more visit: [/size]https://xlinesoft.co...api_loginas.htm[/size]

2 replies

Mark as Solved Reply