Hi Amit. That sounds interesting. I looking at something so allow a
credentials to be passed in a similar fashion to zope as a url. Do you
have any further details you are able to share? Many thanks.
Regards,
David
Amit Upadhyay wrote:
On 2/8/06, *Jason F. McBrayer* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
On Wed, 2006-02-08 at 06:04 -0800, [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> wrote:
> Does someone have a recipe for logging in via url only. I would like
> to have it work with admin or regular user where
> credentials can be passed as parameters in a url and they are
logged in
> and directed to the url. For admin login I am wanting it to
simply log
> into admin index.
You _could_ do this by looking at the admin interface's login view, and
handling request.GET the way it handles request.POST. But IMO you
_shouldn't_ do this, as it may (depending on other things) open up quite
a few new ways to steal credentials (think about referrers, and about
httpd logs).
One option could be to use a one time login url.
* Create a model containing GUID/UUID.
* Create a view that sends you a mail containing a login url
everytime you hit it.
* Create a view that server this url containing GUID/UUID as
parameter, and if it matches with one in database, delete that
object and log user in.
I have done something similer for invitations, as soon as i get a
request containing previously generated GUID, i create a user and log
user in with that user.
--
Amit Upadhyay
Blog: http://www.rootshell.be/~upadhyay
+91-9867-359-701
