Auto-Login from external site


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » DirectAdmin » API and Plugins

Auto-Login from external siteLast Modified: Nov 6, 2013, 4:25 pm
If an external site should redirect the client to DirectAdmin, but you don't want the account to enter a user/pass for this redirection, you can create a hidden form, and use JavaScript to submit it automatically.

A sample auto-submission form, to be generated in a temporary html code:

<form action="http://www.domain.com:2222/CMD_LOGIN" method="POST" name="form">
       <input type=hidden name=referer value="/">
       <input type=hidden name=FAIL_URL value="http://www.domain.com/login_failed.html">
       <input type=hidden name=LOGOUT_URL value="http://www.domain.com/logged_out.html">
       <input type=hidden name=username value="username">
       <input type=hidden name=password value="password">
</form>
<script>
       document.form.submit();
</script>

As you may have noticed, the plain-text password is set in the form, so it might be more secure to leave the value blank, and try and set the value via ajax, or some dynamic option, and/or specify that this page must not be cached by the browser, so it cannot be retrieved from disk later on.

A better option would be to pre-set a short-term use Login Key, just for this client's IP address.  It would expire after a certain amount of time, and only allow this client's IP to login with it. Much more secure.
Use the created Login Key for the password, along with this account's usual username (not the login key name)
 
Related Helpfiles
How to create a login page for DirectAdmin on your website
Creating a Login Key to use with your API, script, or temporary login, to keep your password safe

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST