2

I have made a php login for my family's website private links.

Would it be possible to prefill the login details if I emailed a family member a link? Also, could I also have another link that automatically logs the user in?

I used to protect my family links with .htaccess/.htpasswd and it would be simple to do this with something like like this:

http://user:password@myfamilysite.com/family/protectedlinks/
devwk
  • 372
  • 2
  • 14
  • 1
    browsers don't allow that anymore. you could. you could use another authentication system in php and pass the details in the url `http://myfamilysite.com/family/protectedlinks/?user=&password=` or just send then a hash `http://myfamilysite.com/family/protectedlinks/?hash=LONG_RANDOM_HASH` neither is that safe –  May 30 '19 at 21:22
  • tim, the hash way would be the safest though, right? Are there any alternative secure methods? – devwk May 30 '19 at 21:58
  • sure, don't send user names or passwords in email, make the person create their own user name\password, make them log in with these details every time. have all transactions go over https. but that's not what you wanted right? –  May 30 '19 at 22:12

1 Answers1

1

In this case you need to use GET parameters. For example

http://myfamilysite.com/family/protectedlinks/?user=LONG_HASH&password=LONG_HASH

In PHP file receive this request, you just need Decrypt this Hash. You can login your family directly or pre fill all form, and his just need to click on submit function. The second alternative is more security, because you don't get directly your application.

In email you pass this link with pessoal access for members of your family.

Rafael Ribeiro
  • 36
  • 2