Neowin External Login Tool

By john smith 1924
in Software created by our members

 Share

Recommended Posts

Mentor

Jambooo

Posted
Posted
Well, I have never posted data to another site through a form like that. I'm using the thing right now, and I see how it works. I'm just curious how this method handles an invalid login. What happens? Does it return a false or something? If the login is accepted do you still get to access the returned values?

Ok, sorry if I sounded a bit offending there...

As for invalid logins, it seems to just return to the neowin stylee login form displaying an error. I'd rather the request returning false to be honest - it would give 3rd party sites more control over how errors are handled.

Grand Master

+chorpeac MVC

Posted
  • MVC
Posted

OK I copied that code you posted into a page, and it doesn't do anything for me. Where do the returned values go? How can you access them?

I think I am just confused because I am looking at an example, and it's not complete.

Ah...your login.php has the Method="get" right? So you can access them there?

lol....it's been so long since I have done regular html form crap. I haven't had to do this in .NET for a long time.

Mentor

Jambooo

Posted
Posted

The form's action points to and is authorised by Neowin's script... the results are then passed to another script using the specifified URL. Here is a working version:

http://blueloose.com/misc/neowin_login.html

Edit: the above does not grab your password (check the source)

Edit: results are processed by http://www.sietse.nu

Grand Master

+chorpeac MVC

Posted
  • MVC
Posted

Yeah see...I don't think they are going to allow this. Because you would still be able to capture the persons login credentials. When you log in through their method, the security problem is not going to be present since you will be on their server. I don't think this is going to fly.

Regardless of whether you collect their password or not... I don't think the admins are going to like this. I was doing something very similar to it, and this is why they are performing this side login script.

Mentor

Jambooo

Posted
Posted

The login is still validated fully by Neowin's servers (action="https://www.neowin.net/login/?url=http://www.sietse.nu/neowin/"). The only thing different between the two versions is formatting... neo's has all pretty colours and the variation doesn't.

Still don't think they'd allow it however :(

/heads for the hills

Grand Master

matt74441

Posted
Posted

If they have the login prompt on Neowin's server, there is no chance of your password being stolen. Thats the only reason I can think of that would keep us from doing this from our sites.

Mentor

Sietse Veteran

Posted
  • Veteran
Posted
If they have the login prompt on Neowin's server, there is no chance of your password being stolen. Thats the only reason I can think of that would keep us from doing this from our sites.

I second that, therefore it's not allowed to use your own login form.

Grand Master

+chorpeac MVC

Posted
  • MVC
Posted

Sietse/Timdorr:

Does the Timezone offset that is being returned take into consideration the daylight savings? There is a daylight savings checkbox in the board settings. But for me on the US East coast, it is always -5 in the drop down, and is that what it is always going to return for the timezone offset?

Edit: Sidenote, can you tell me what neowin does when it stores dates? Does it store the UTC date and then converts it to the users timezone when it is shown to a user?

Grand Master

+chorpeac MVC

Posted
  • MVC
Posted

OK I don't think the timezone is taking the daylight checkbox into account. I think it is always return what is in the timezone dropdown. Could the timezone portion of this script be changed to take into account this daylight savings setting?

Grand Master

Tim Dorr Veteran

Posted
  • Veteran
Posted
How about a SOAP webservice for external projects in application form? :D

Nope, we implemented it in this form for a reason. No one can have you enter your password and harvest the result for malicious purposes. How do we know that you're not also having your application send the login data to your own server for collection and future abuse? We just cannot give out automated trust.

I'm also going to change up the code so Lee's example does *not* work. That's a potential area for abuse, and we cannot allow it. However, there is still some XSS stuff that I'm sure could be abused, so this is far from a completely secure system.

Mentor

Jambooo

Posted
Posted
Nope, we implemented it in this form for a reason. No one can have you enter your password and harvest the result for malicious purposes. How do we know that you're not also having your application send the login data to your own server for collection and future abuse? We just cannot give out automated trust.

I'm also going to change up the code so Lee's example does *not* work. That's a potential area for abuse, and we cannot allow it. However, there is still some XSS stuff that I'm sure could be abused, so this is far from a completely secure system.

Sounds good.. soon we'll have .NET Passport type system.

Grand Master

matt74441

Posted
Posted

I guess the only thing that Lee really wanted was the login form to be dressed up a little. Maybe if you added some information to the form, such as how Neowin sponsored projects use it or such, and explain the security. I don't know, I'm talking out of my ass.

Grand Master

+chorpeac MVC

Posted
  • MVC
Posted
I guess the only thing that Lee really wanted was the login form to be dressed up a little. Maybe if you added some information to the form, such as how Neowin sponsored projects use it or such, and explain the security. I don't know, I'm talking out of my ass.

Yeah I could see it being a help for users to know what applications are using the Neowin Side door.

Good work Timdorr, let us know what kind of change might be done when you get an idea. Also, when you modify it could you tweak the timezone part to take into consideration the daylight savings time? :) Thanks bro!

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Apple Maps

      By Joni_78 · Posted

      My son is in Monaco right now, and I was checking his location in Apple's Find My app. I noticed that Prince Albert's Palace was blurred out on the satellite imagery in both Find My and Apple Maps. I checked Google Maps, and the palace wasn't blurred there. Does Apple have some kind of process where property owners can request that their homes be blurred on Apple Maps?  
    • Spotify finally removes the disco ball app icon in the latest update

      By Bern@rd · Posted

      No, it was THAT ugly and I’d rather forget it completely existed.
    • Microsoft about to radically change how often your Edge browser updates

      By +Good Bot, Bad Bot · Posted

      There is a lot of reasons not to use Edge but faster fixes and security updates is not one of them.
    • Can't access the forum on mobile

      By Steven P. · Posted

      Can't reproduce. I installed Edge, went to neowin.net > accepted the cookie consent > used menu to go to forums, everything loads and I can browse around the forums. If you can't interact with the dialog on the forums for some reason, go to the main site and accept the cookie consent there? It is true that the site will not function properly until the cookie consent is accepted or rejected,. it's a legal requirement and I also know that certain VPN/ad blockers block it, which is a user related issue and not a neowin.net problem.   This is not our cookie consent dialog. Gotta love browser hijacking... /s Edit: this may be what Californians see, I will confirm with our consent provider.
    • Google Chrome 149.0.7827.115 (offline installer)

      By Copernic · Posted

      Google Chrome 149.0.7827.115 (offline installer) by Razvan Serea The web browser is arguably the most important piece of software on your computer. You spend much of your time online inside a browser: when you search, chat, email, shop, bank, read the news, and watch videos online, you often do all this using a browser. Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Use one box for everything--type in the address bar and get suggestions for both search and Web pages. Thumbnails of your top sites let you access your favorite pages instantly with lightning speed from any new tab. Desktop shortcuts allow you to launch your favorite Web apps straight from your desktop. Chrome has many useful features built in, including automatic full-page translation and access to thousands of apps, extensions, and themes from the Chrome Web Store. Google Chrome is one of the best solutions for Internet browsing giving you high level of security, speed and great features. Important to know! The offline installer links do not include the automatic update feature. Download web installer: Google Chrome Web 32-bit | Google Chrome 64-bit | Freeware Download: Google Chrome Offline Installer 64-bit | Direct Link | 131.0 MB Download: Google Chrome Offline Installer 32-bit | Direct Link | 119.0 MB Download page: Google Chrome Portable Download: Chrome ARM64 | Direct Link View: Chrome Website | Release Notes Get alerted to all of our Software updates on Twitter at @NeowinSoftware

  • Recent Achievements

    • One Month Later
      Clizby earned a badge
      One Month Later
    • One Month Later
      Timaximus earned a badge
      One Month Later
    • Week One Done
      Timaximus earned a badge
      Week One Done
    • Rookie
      FBSPL went up a rank
      Rookie
    • First Post
      davidbazooked earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      491
    2. 2
      PsYcHoKiLLa
      170
    3. 3
      +Edouard
      164
    4. 4
      Steven P.
      85
    5. 5
      ATLien_0
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!