I frequently clear my browser's cache and cookies, so I never depend upon such things to "remember me" for logins to password-protected sites.

Often, for most sites, I can figure out a URL to bookmark that enters my password for me as part of the bookmark. Essentially, it sends the same information to the site that the HTML form does when I log in. For example, my bookmark to the Empeg BBS looks something like:

http://empeg.comms.net/cgi-bin/start_page.pl?Username=tfabris&Password=mypassword&option=Login

This works like a charm and logs me into the BBS without the need for typing anything, and without needing to depend on a valid cookie to remember who I am.

My only problem with doing this on the Empeg BBS is that it doesn't take me to the Forum Index automatically. It takes me to the "Welcome, Tfabris" screen, and I still have to click once more to get to the Forums.

Can anyone else figure out if there's a way to construct a URL that both logs me in and takes me to the forum index?

Tony Fabris
Empeg #144

Thats odd, I was about to post the exact same obscure question for a somewhat different reason. I recently purchased a a PalmV with a wireless (OmniSky) modem and I want to make a palm clipping app for this BBS. This allows us gadget freaks to read it anywhere and because it would be PQA based I can strip out unnecesary formating and graphics for reasonable download times. Unfortunately, dealing with cookies with a PQA would be more work that I really want to put forth so I was trying to find a way to pass the user name and password on the http:// line.

As close as I can tell the query string you show will only work with the main login page. After that the BBS sends back an encoded version of your password. To determine that password you should be able to set your web browser to prompt you before accepting cookies and then enter the Empeg BBS site. You will get a cookie passed to you with "Password=jibberish" in it. The jibberish is apparently an encoded version of your password. You should be able to pass that version of your password and your original username to any page on the BBS (in the query string like you mentioned) and get access to that page. Note that I have not actually tried this.

Unfortunately this still complicates makeing a PQA because I still would have to implement the ability to receive and parse cookies on the PQA proxy site. Oh well, maybe someday when I have a little free time.

-Mike

Yeah, most sites that return login cookies DON'T use the password as part of the cookie. What they return isn't gibberish- it's usually some kind of a tag that represents you as a unique user for that session. I've seen some that require you to post your username/password along with an ID for the cookie, too. Gave me fits trying to come up with a scheme to do that for Yahoo mail, ended up having to compromise with a Javascript applet (too complex to go into detail here).

I don't think I can post to this BBS without accepting cookies, because without the cookie, each page would assume I'm not logged in at all. I was only interested in making it easier for me to enter the BBS after having purged my cookies. I've already done that, of course, I just was looking for a way to get around one of the two clicks I now use to enter the BBS. Yes, that's the epitome of lazy. So sue me.

Good luck with your palm thing.

("Purging Cookies"? "Palm Thing"? What BBS is this anyway?)

Tony Fabris
Empeg #144

For what it is worth, what you are refering to is a session ID which uniquely identifies you for some period of time until you log out or the session expires. What I am refering to is different, it actually appears to be an encoded password. For example after clearing my cookies, using the encoded password I mentioned I can go to...

http://empeg.comms.net/cgi-bin/wwwthreads.pl?Username=mcomb&Password=jibberish

and go to the main index page and be logged in for that page (it says welcome mcomb and so on). That encoded password stays the same between session and does not expire for serveral years. Of couse as soon as I click on something the username and password are no longer contained on the query string so I am essentially logged out.

-Mike

That encoded password stays the same between session and does not expire for serveral years.

Ah, that's interesting! Now I see what you mean. Perhaps I can use that to my advantage. Thanks.

Tony Fabris
Empeg #144

I think the latest version of wwwthreads doesn't require cookies... I seem to recall seeing something about that in the last few days?

-- Bleys

"If you would judge, understand." -- Seneca

If I recall PaulH's comments correctly, we are stuck with this version because it is the last free one.

But, do you know anything about wwwthreads? I am curious if there is a public way to access a text only version of the site. Some engines (I am thinking specifically of the one Slashdot and it's clones are based on) allow for a text dump of the contents that is updated every so often. This is great for pulling content to be presented in other formats (like the Palm thing I was thinking about).

BTW, sorry for prolonging a somewhat off-topic thread. I assure everyone that if I had an Empeg I would be too busy playing with it to be wasting your time writing about implementations of web board software.

Thanks,
Mike

BTW, sorry for prolonging a somewhat off-topic thread. I assure everyone that if I had an Empeg I would be too busy playing with it to be wasting your time writing about implementations of web board software.

No need to apologize at all! This is an interesting board because of the extraordinary people we have contributing to it. As long as it is informative, any post even remotely pertaining to empeg matters (or the empeg bbs!) is germane.

It would be a far less entertaining place if every single post were talking about hierarchical playlists and suggestions for visuals and how to feed the empeg's signal into an auxiliary input of an existing head unit etc.

Keep the variety coming. And really appreciate just what a great group of people we have here!

tanstaafl.

"There Ain't No Such Thing As A Free Lunch"

wwwthreads uses MYSQL as a backend. Using scripted SQL queries you should be able to extract whatever you like and dump it wherever you like.

Then again -- I may be oversimplifying: I'm no DBA.

-- Bleys

"If you would judge, understand." -- Seneca

In theory yes, but I would have to have ip access (the site is probably firewalled) and an account with sql access. I doubt either is readily available although you never know. I would try, but I have been fighting with Oracle8i for the last 16 hours pretty much straight and I don't ever want to see another line of sql code or constraint table.

-Mike

p.s. Also not a DBA which explains why it took me 16 hours to do something a DBA should have been able to do in 3. Then again a good DBA makes the same amount in 3 hours that I make in 16 so maybe everything balances anyway.

You could always email the board admin ([email protected]) and see if s/he would allow you/assist you in mirroring the board. It never hurts to have a totally separate backup site...

I imagine you could replicate the DB from one MYSQL server to another but I'm just guessing as I don't know MYSQL's capabilities that well. If that's not possible there's GOT to be a way to script a hot backup of the DB, transport it, and load it onto a different server...

-- Bleys

"If you would judge, understand." -- Seneca