Neowin External Login Tool

By john smith 1924
in Software created by our members

 Share

Recommended Posts

Mentor

Jambooo

Posted
Posted
Well, I have never posted data to another site through a form like that. I'm using the thing right now, and I see how it works. I'm just curious how this method handles an invalid login. What happens? Does it return a false or something? If the login is accepted do you still get to access the returned values?

Ok, sorry if I sounded a bit offending there...

As for invalid logins, it seems to just return to the neowin stylee login form displaying an error. I'd rather the request returning false to be honest - it would give 3rd party sites more control over how errors are handled.

Grand Master

+chorpeac MVC

Posted
  • MVC
Posted

OK I copied that code you posted into a page, and it doesn't do anything for me. Where do the returned values go? How can you access them?

I think I am just confused because I am looking at an example, and it's not complete.

Ah...your login.php has the Method="get" right? So you can access them there?

lol....it's been so long since I have done regular html form crap. I haven't had to do this in .NET for a long time.

Mentor

Jambooo

Posted
Posted

The form's action points to and is authorised by Neowin's script... the results are then passed to another script using the specifified URL. Here is a working version:

http://blueloose.com/misc/neowin_login.html

Edit: the above does not grab your password (check the source)

Edit: results are processed by http://www.sietse.nu

Grand Master

+chorpeac MVC

Posted
  • MVC
Posted

Yeah see...I don't think they are going to allow this. Because you would still be able to capture the persons login credentials. When you log in through their method, the security problem is not going to be present since you will be on their server. I don't think this is going to fly.

Regardless of whether you collect their password or not... I don't think the admins are going to like this. I was doing something very similar to it, and this is why they are performing this side login script.

Mentor

Jambooo

Posted
Posted

The login is still validated fully by Neowin's servers (action="https://www.neowin.net/login/?url=http://www.sietse.nu/neowin/"). The only thing different between the two versions is formatting... neo's has all pretty colours and the variation doesn't.

Still don't think they'd allow it however :(

/heads for the hills

Grand Master

matt74441

Posted
Posted

If they have the login prompt on Neowin's server, there is no chance of your password being stolen. Thats the only reason I can think of that would keep us from doing this from our sites.

Mentor

Sietse Veteran

Posted
  • Veteran
Posted
If they have the login prompt on Neowin's server, there is no chance of your password being stolen. Thats the only reason I can think of that would keep us from doing this from our sites.

I second that, therefore it's not allowed to use your own login form.

Grand Master

+chorpeac MVC

Posted
  • MVC
Posted

Sietse/Timdorr:

Does the Timezone offset that is being returned take into consideration the daylight savings? There is a daylight savings checkbox in the board settings. But for me on the US East coast, it is always -5 in the drop down, and is that what it is always going to return for the timezone offset?

Edit: Sidenote, can you tell me what neowin does when it stores dates? Does it store the UTC date and then converts it to the users timezone when it is shown to a user?

Grand Master

+chorpeac MVC

Posted
  • MVC
Posted

OK I don't think the timezone is taking the daylight checkbox into account. I think it is always return what is in the timezone dropdown. Could the timezone portion of this script be changed to take into account this daylight savings setting?

Grand Master

Tim Dorr Veteran

Posted
  • Veteran
Posted
How about a SOAP webservice for external projects in application form? :D

Nope, we implemented it in this form for a reason. No one can have you enter your password and harvest the result for malicious purposes. How do we know that you're not also having your application send the login data to your own server for collection and future abuse? We just cannot give out automated trust.

I'm also going to change up the code so Lee's example does *not* work. That's a potential area for abuse, and we cannot allow it. However, there is still some XSS stuff that I'm sure could be abused, so this is far from a completely secure system.

Mentor

Jambooo

Posted
Posted
Nope, we implemented it in this form for a reason. No one can have you enter your password and harvest the result for malicious purposes. How do we know that you're not also having your application send the login data to your own server for collection and future abuse? We just cannot give out automated trust.

I'm also going to change up the code so Lee's example does *not* work. That's a potential area for abuse, and we cannot allow it. However, there is still some XSS stuff that I'm sure could be abused, so this is far from a completely secure system.

Sounds good.. soon we'll have .NET Passport type system.

Grand Master

matt74441

Posted
Posted

I guess the only thing that Lee really wanted was the login form to be dressed up a little. Maybe if you added some information to the form, such as how Neowin sponsored projects use it or such, and explain the security. I don't know, I'm talking out of my ass.

Grand Master

+chorpeac MVC

Posted
  • MVC
Posted
I guess the only thing that Lee really wanted was the login form to be dressed up a little. Maybe if you added some information to the form, such as how Neowin sponsored projects use it or such, and explain the security. I don't know, I'm talking out of my ass.

Yeah I could see it being a help for users to know what applications are using the Neowin Side door.

Good work Timdorr, let us know what kind of change might be done when you get an idea. Also, when you modify it could you tweak the timezone part to take into consideration the daylight savings time? :) Thanks bro!

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft releases major feature updates for stock Windows 11 apps

      By Liberi_Fatali · Posted

      Yes for me, I installed 'old calculator' (Windows 7 calculator) in its place since it is more useful to me. I think paint is the only one I left installed
    • Microsoft releases new Windows 11 Media Creation Tool with the latest updates

      By erpster3 · Posted

      eh I'll wait for the June 2026 MVS ISO downloads which should be coming out next Tuesday June 16 and possibly contain build 8655 instead of 8653
    • Using Windows 10 past its end of support date, is it really that bad?

      By erpster3 · Posted

      read this recent topic in another forum: https://www.askwoody.com/forums/topic/still-on-win-10-and-happy-to-be-there/ some people are happy sticking with Win10
    • Cooler Master MasterFrame 600 PC case is now 33% off on Amazon

      By Ivan Jenic · Posted

      Cooler Master MasterFrame 600 PC case is now 33% off on Amazon by Ivan Jenic The Cooler Master MasterFrame 600 is currently $109.99 on Amazon, down from its original $164.99 list price. That's 33% off and $55 saved on this premium aluminum mid-tower case with a modular design. If you're upgrading your PC case and want something that doesn't force you into a rigid layout, the MasterFrame 600 is worth a look. The case is built around the Cooler Master's FreeForm 2.0 platform, which lets you reconfigure the internal structure according to your hardware. Magnetic side panels allow for straightforward adjustments, and the case supports everything from Mini-ITX to E-ATX motherboards without compromise. There's also generous cooling headroom. Four pre-installed PWM fans handle airflow out of the box. GPU clearance goes up to 410mm, and the case supports radiators up to 420mm with room for three simultaneously. Truth be told, this might not be the prettiest case on the market, but it’s highly functional. The aluminum construction keeps the whole thing lightweight despite its size, and the finish looks noticeably better than the plastic mid-towers competing at this price point. If you want a serious, flexible case that prioritizes function over flashy aesthetics like RGB lighting, the MasterFrame 600 delivers at a reasonable price. Cooler Master MasterFrame 600 - $109.99 | 33% off on Amazon This Amazon deal is US-specific and not available in other regions unless specified. This is a first-party seller link (at the time of article publishing); ensure that you also purchase from a first-party seller link only. If you don't like it or want to look at more options, check out the previous deals that we have covered, OR you can also visit Amazon US deals page. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.
    • Microsoft releases new Windows 11 Media Creation Tool with the latest updates

      By restore · Posted

      i guess im heading to uupdump. thanks

  • Recent Achievements

    • Rookie
      restore went up a rank
      Rookie
    • Very Popular
      AndrewSteel earned a badge
      Very Popular
    • Veteran
      Taliseian went up a rank
      Veteran
    • One Month Later
      Clizby earned a badge
      One Month Later
    • One Month Later
      Timaximus earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      509
    2. 2
      +Edouard
      162
    3. 3
      PsYcHoKiLLa
      155
    4. 4
      ATLien_0
      82
    5. 5
      Steven P.
      79
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!