locked
Enter User Input to URL RRS feed

  • Question

  • Alright so I have a URL that looks like below.

    https://supersample.com/srvr/logon?UserID=5555031234&Password=My1stPassowrd

    I would like to write a batch file so when someone double clicks it, it prompts from for their UserID and Password which you can see above in the URL. They enter in their UserID and Password and then the batch file will make a URL with the input after the = sign for the respective variables I guess you would call them.

    I think that makes sense. Basically, I want everyone to use this URL but it's different for everyone. I also don't want to have a desktop shortcut with this URL because then anyone can look at the properties and find their credentials hard coded.

    If I need to try and explain this in a different way, please let me know but I think its pretty obvious what i'm trying to accomplish.

    Wednesday, August 28, 2013 7:15 PM

Answers

  • $Username = Read-Host "Username"
    $HiddenPassword = Read-Host "Password" -AsSecureString
    $ConvertPass = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($HiddenPassword)
    $TextPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto($ConvertPass)
    $URL = "https://supersample.com/srvr/logon?UserID=$UserName&Password=$TextPassword"

    That would work in Powershell... I don't think you can do this in a simple batch file.

    I'd suggest you use the built in security features of the server. It sounds like the server puts the username and password in the URL also, but those security concerns are on the IP Phone portal. When you use this script, you're taking responsibility for this security concern and if it is exploited it will be on you.

    Push back on the vendor and try to get them to support easier and more secure user authentication.

    • Proposed as answer by Bill_Stewart Thursday, September 5, 2013 7:07 PM
    • Marked as answer by Bill_Stewart Thursday, November 7, 2013 7:37 PM
    Thursday, September 5, 2013 2:14 PM

All replies

  • this is powershell

    $name = Read-Host "Please enter username"
    $pass = Read-Host "Please enter password"
    "https://supersample.com/srvr/logon?UserID=$name&Password=$pass"


    simple bat

    @echo off
    echo "Enter Username" 
    set /p UserName=
    echo "Password"
    set /p PassWord=
    echo "https://supersample.com/srvr/logon?UserID=%UserName%&Password=%Password%"
    sleep 15

    • Edited by ImMax Wednesday, August 28, 2013 7:24 PM
    Wednesday, August 28, 2013 7:18 PM
  • Is there a way where I can have the password show up as either like  ●●●●● or for it not to look like it's being entered but being entered behind the scene if that makes sense.


    • Edited by Rich E Rich Thursday, August 29, 2013 1:16 PM
    Thursday, August 29, 2013 1:14 PM
  • So you have a web server that requires credentials but doesn't prompt for them?

    Bill

    Thursday, August 29, 2013 1:37 PM
  • So you have a web server that requires credentials but doesn't prompt for them?

    Bill

    I didn't think it was relevant to explain why I'm trying to do this as it's rather difficult to explain. We have a IP phone portal that has this a URL that when clicked opens this great utility for managing your phone. Instead of having to open the portal, sign in, click 5 different URLs to get to this one URL, I wanted to make a shortcut right to this tool. However, this URL takes the UserID and Password in which the user signed into the portal with and puts it into the URL.

    All I'm looking to do now is to make the typing of the password not plain text and either ●●●●● or not make it look like its typing at all.

    Thursday, August 29, 2013 5:53 PM
  • But isn't the password immediately visible in the URL you're submitting?

    Just trying to understand why you wouldn't use the web server's authentication instead of trying to pass it separately.

    Bill

    Thursday, August 29, 2013 6:57 PM
  • Its not my site so instead of having to follow 8 steps, I was able to limit it down to one with this URL. While yes, it does show in the address bar, it is for a split second. The only reason I caught it was because I recording my screen.

    So again...how can I have the password field show up as the dots or make it look like its not entering at all inside my batch file.

    Thursday, September 5, 2013 1:41 PM
  • $Username = Read-Host "Username"
    $HiddenPassword = Read-Host "Password" -AsSecureString
    $ConvertPass = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($HiddenPassword)
    $TextPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto($ConvertPass)
    $URL = "https://supersample.com/srvr/logon?UserID=$UserName&Password=$TextPassword"

    That would work in Powershell... I don't think you can do this in a simple batch file.

    I'd suggest you use the built in security features of the server. It sounds like the server puts the username and password in the URL also, but those security concerns are on the IP Phone portal. When you use this script, you're taking responsibility for this security concern and if it is exploited it will be on you.

    Push back on the vendor and try to get them to support easier and more secure user authentication.

    • Proposed as answer by Bill_Stewart Thursday, September 5, 2013 7:07 PM
    • Marked as answer by Bill_Stewart Thursday, November 7, 2013 7:37 PM
    Thursday, September 5, 2013 2:14 PM