RainLoop - Pass values in a URL link and automatically Sign In - html

I am trying to pass a value using a link.
For example, if I want to add an email and password for a user to Sign In straight away in the RainLoop webmail.
I am trying using
http://demo.rainloop.net/?RainLoopEmail="new#email.com"&RainLoopPassword="12345"
or
http://demo.rainloop.net/?RainLoopEmail="new#email.com"&RainLoopPassword="12345"#ID
Is this possible to do?

It is possible but you will have to rewrite the rainloop PHP files by yourself. Also parsing passwords via the GET method is a very bad idea. Get commands will stay in your history so everyone who types in
demo.rainloop.net will see the ?RainLoopPassword="12345" also. It's not recommended, but possible. Another safer solution will be using the POST method. I suspect you will use this for you bookmarks or something? You can make an AJAX page which sends a POST request with the username and password to demo.rainloop.net. This way nobody will see your passwords and the effect is the same.
EDIT: For using an AJAX page you have to own a webserver, or register on a free hosting like http://freehostingnoads.net

Related

Unable to log into site with JMeter

I am currently learning how to use JMeter so I can test my company's website. I set up a thread group and put in a few HTTP requests that should log into the site and navigate the tabs. The problem is that it does not appear to be logging in. When I look at the response data, I see that the log in request returns the correct temporary redirect page, but every request after that simply returns the html for the initial log in page.
I have tried using a simple HTTP request that sets the username and password text boxes to account details I know work. I have also tried using a Login Config Element and an HTTP Authorization Manager, and they all get the same thing. I tried changing the redirect options as is suggested here, but it was already set to "Follow Redirects". I tried switching it back too, and that didn't work.
I don't know what to do here. Can anyone help me out?
EDIT: I am going to be away on break for the next week, so I won't be able to respond to answers. I'll be back on Dec 3rd.
In the absolute majority of cases it's connected with cookies.
Try adding HTTP Cookie Manager and see what happens.
If you want to manipulate cookies you may wish to store them to JMeter Variables. To enabled this functionality you'll need to set next property:
CookieManager.save.cookies=true
The property lives in jmeter.properties file under /bin folder of your JMeter installation.
it depends how page is reacting if the session is getting stored in cookie you need to have cookie manager. otherwise search for session_id, or token you need to extract token using regular expression extractor and pass it with login form user name and password.
i hope below video can help you little
http://www.youtube.com/watch?v=1V0E8CEabUY

Force download via AJAX

I'm looking for a way to POST data to a backend script, use it to generate a temporary file on the fly (temporary in that it's dynamically generated and not saved to disk on the server), and then offer it to the client as a download.
I have the backend script functioning fine. The problem is that I haven't yet found a way to get the download prompt via an AJAX call.
If I weren't POSTing data, I would just use something like:
window.location.href = 'path/to/my/script.php';
Is what I'm after even possible? Can it be done without resorting to "hacks" like dynamically injecting a form into the DOM and submitting it, or opening up another browser window, etc.?
make POST request;
create the resource;
answer with the resource path;
window.location.href = resourcePath.
[optional] want to secure such resource from third part download? Attach a CSRF token, and make the resource available only if CSRF check is passed - otherwise congratulations, you just won a 403 puppy!
If the resource has proper headers, the browser will ask you to save / open it with specific app. / an so.
You can't do that without a classic form submit unless you can somehow make the download available via GET.
However, doing that would be a good idea anyway since download managers etc. often don't work well with POST - so simply make your script generate a temporary URL and then redirect to that URL using the JavaScript you already posted in your question.

how to deal with www/http in href

I have a db with a buch of urls. The values were entered by users, so it might be something like www.domain.com or http://www.domain.com or stackoverflow.com or https://something.com
I'm retrieving that data and creating links in a html page so people can click and be redirected to that url.
If i get the url from the page , i'll have either:
1.<a href="www.domain.com">
or
2.<a href="http://www.domain.com">
in the second case it works, but the first it doesn't.
Is there a way to make it always work?
thanks!
The www. bit is not special at all, people rely on an automatic correction feature of most browsers to prepend it if the host does not exist. To replicate this, you need to run a program that attempts to resolve each of the host names in your database, and retries with an extra www. if that fails.
The http:// bit is easy: if it is missing, add it.
There are two ways to handle this situation:
First, validate the user input. At the time a URL is submitted, validate it (preferably on the client side via Javascript) to ensure it has the required elements.
Second, in your code, you can use a regular expression or even simple pattern matching to ensure that the string starts with 'http://' or 'https://', and prepend it as needed.
The implementation details vary from language to language, but the concept is the same.

How to keep a url param across pages

I wan't developers who embed my webapp to be able to pass a param in the url like ?style=dark which will alter the css accordingly. Is there a better way to keep this setting as the user navigates than appending ?style=dark to all links?
I've considered cookies etc. but if one user is viewing two pages which embed my app with different themes then one will override the other.
I'm using Python/Django.
If you neither want to use Cookies nor Sessions and do not want to embed it into URLs, the only alternatives which comes to my mind are:
First the most generic: Use a dummy domain in front. Instead of www.example.com use h**p://THEME.example.com/PATH. This even works for HTTPS if you own a wildcard SSL for *.example.com.
A second variant would be to create a Basic-Auth-Handler which uses the Theme as the username with a dummy password. The URL then can look like:
h**p://THEME#www.example.com/PATH
However I am NOT sure what happens if a user connects to the same site with two different themes in the Basic-Auth-case. Also it is somewhat tricky to make the site available for search engines if it is behind an authentication handler. This is because you MUST have an auth-handler today to circumvent the Anti-Phishing-protection in modern browsers.
Note that with both methods you can only have one parameter easily. The password does not count and there are browsers out there which do not accept a wildcard SSL cert *.example.com for PARAM1.PARAM2.example.com.
I'm not exactly sure, but anyway you would have to pass this variable to your site. With that I mean, that there is no difference if you add ?style=dark to your href's, or rel="dark" to your <a>'s for use with javascript. keep in mind that it's just an example
Ofcourse you can always work on that AI to predict what the user wanted at the specific moment. hehe
I'm sure you can use a Session for this kind of thing, not? The first time the values are provided via the Querystring you add them to the Session and then retrieve them from the session in the future.

How do I make a file download require a username and password

In a basic HTML web page, how do you make the user have to enter a username and password before they are allowed to download a file?
What is the best way of achieving this on a website, preferably in plain HTML?
This can't be achieved in HTML.
With client side technologies, the best you are likely to be able to achieve is a JavaScript prompt that you use the data from to direct people to a secret URI.
This is something that really should be handled by the web server.
You won't be able to do this with plain HTML. Easiest way is probably to place the protected file in a directory protected by an .htaccess and .htpasswd file.
I agree with David...this can't really be done. Putting up a JavaScript prompt only protects you so far as well...that isn't really secure.
If you are on an Apache server, you could setup a .htaccess file and setup some user authorization options that point at a page which has the link to your download file. A simple implementation would give you 1 user/password combo that you could distribute to your users. The Apache documentation for this may be found here. Unfortunately I'm not really familiar with how IIS handles this sort of thing.
If you don't want to distribute a generic username/password combo to your users, you're pretty much going to be stuck creating a (or making use of an exsitng) user-management system. There are quite a few modules strewn throughout the web, and a simple Google search should bring you to quite a number of tutorials or existing implementations, depending on what you require.
first download phpmyadmin.open the file.click on create login.name it as login.php.then create a new want again name file.php.after you click yes it popout a logon information.enter the usrname you want and password you want
hope this help!