Results 1 to 5 of 5

Hybrid View

  1. #1
    Join Date
    Oct 2009
    Posts
    3
    Plugin Contributions
    0

    Default Is there a way to auto-login to admin?

    I have added a ZenCart v1.3.8 to a site I am managing which uses a custom built CMS. I would like to add a direct link to the ZenCart admin interface from the admin interface of the CMS. There is already a similar link to a PhpList installation.

    The Phplist link uses an href of the form ~/admin/?login="xxx"&password="xxx". I have tried a similar link for ZenCart but it just opens the login form and I have to enter the username and password. I would prefer it to login directly without having to input the details.

    Can anyone suggest the correct syntax?

    Mike

  2. #2
    Join Date
    Jul 2009
    Posts
    495
    Plugin Contributions
    0

    Default Re: Link for login to admin.

    i dont know if its possible to login without entering details, this would comprimise security surely?
    i may not know how yet, but i soon will....i hope :)

  3. #3
    Join Date
    Jun 2008
    Location
    Morrisville, NC
    Posts
    50
    Plugin Contributions
    0

    Default Re: Link for login to admin.

    That's not possible because the zencart admin login uses a random token that is different on every login that must be present and match for you to be able to login. You could hack the login process to bypass the token check under cetain conditions, but that smells really bad from a security perspective.

    What I would probably do is modify login.php to check for login and password being passed as GET parameters and fill them into the form if they are. That way the user would only have to click "submit" to login. Something like this should only be done inside your CMS, where the user has already had to login to one system and even then only if you really trust the security of your CMS.

  4. #4
    Join Date
    Jul 2006
    Location
    SF Bay Area
    Posts
    867
    Plugin Contributions
    1

    Default Re: Is there a way to auto-login to admin?

    You can do this with Curl in two steps.

    retrieve the login screen and parse out the security token and then construct another Curl call to do the login.

    drawback is that your curl script will have to store an admin password in plain text.

  5. #5
    Join Date
    Oct 2009
    Posts
    3
    Plugin Contributions
    0

    Default Re: Is there a way to auto-login to admin?

    Thanks all for the advice. Sounds like it will be easier and better security to just login again to ZenCart. Not sure about the security of the CMS as it is a one off system written more than 5 years ago, not a proprietary or open source system, and not actively maintained since.

    Mike

 

 

Similar Threads

  1. Replies: 2
    Last Post: 24 Mar 2015, 04:55 PM
  2. Is there a way to require login or differentiate pricing?
    By saltsandsuch in forum General Questions
    Replies: 1
    Last Post: 15 May 2013, 11:48 AM
  3. Admin auto login for a cron job
    By Gigo in forum Customization from the Admin
    Replies: 20
    Last Post: 9 Aug 2012, 07:39 AM
  4. Replies: 4
    Last Post: 13 Feb 2010, 07:33 PM
  5. Admin login problem: There was a security error when trying to login.
    By eddeford in forum Installing on a Linux/Unix Server
    Replies: 3
    Last Post: 27 Jan 2010, 03:59 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR