A script that logs to multiple websites at the same time. CURL and PHP have tried.

I am running a computer lab for high school students (3-14 years old) and would like to create a desktop / dashboard page composed of multiple frames, each one pointing to a different external website (for which we have created individual accounts for each child) ; and when the child logs in (to the dashboard) the script will log in to those websites so it doesn't need to.

I have 1 server and 20 workstations, I will call them "myserver" and "mybrowser" (s) respectively. All of this behind the same router (dynamic IP).

The child goes to the "mybrowser" workstation, launches Firefox and launches desktop.php (hosted in "myserver") and receives a login screen (for "myserver")

'mybrowser' --- http ---> 'myserver'

Once logged in, "myserver" will retrieve a set of username and password stored in its database and run a CURL script to send them to the "external web server".

'mybrowser' --- http ---> 'myserver' --- curl ---> 'external web server'

SUCCESSFULLY, well, I thought. Turns off CURL when "myserver" is running, writes to "myserver" instead of "mybrowser". The session inside the iframe, after the update, is still not registered. Now I know.

Then I thought about grabbing cookies from "myserver" and setting it to "mybrowser" so that "mybrowser" can now be viewed (in an iframe) as a logged in user. After all, we (all "mybrowsers") are behind the same router as "myserver", thus the same IP address.

In other words, I only need "myserver" for a user to log in to multiple external websites at the same time, and after you take control of individual users' browsers.

I hope the answer does not resort to using CURL to display and manipulate external websites for the entire session, other than it will be drag and drop which will lead to some other sticky issues.

I get a clue that this is not allowed due to security issues, but what if all "mybrowsers" and "myserver" are behind the same router? Assuming there is a way to copy the login cookies from "myserver" to "mybrowsers", will the "external web server" know that the request is coming from different computers?

Can this be done? Thank.


source to share

1 answer

The problem you are facing is related to the principles of cookie security. You cannot set cookies for other domains, which means you myserver

cannot set cookies for facebook.com for example.

You can configure the server to start an HTTP proxy and make it such that all requests are made through your server and do some sort of URL translation (like facebook.com => facebook.myserver) which then in turn allows you to set cookies for clients (since you are on facebook.myserver) and then translate the cookies you receive from clients and send them to third party websites.

An example of an opaque proxy you can start with: http://www.phpmyproxy.com/

Transparent proxies (in which URLs remain "correct" / untranslated) may be worth considering. Squid is quite popular. I can't say how easy it would be.

After all this, you will still need to create a local script for myserver

that will take care of the login process, but at least the proxy should do its best.

If you have any words about the login process, it may be easier to configure all services to use OpenID or similar login services, StackOverflow and its subsites are a prime example of how easy it is to log into multiple sites on the system.



All Articles