adding a variable with in a url

By Jim Ruby on 10 Jan 2008 at 00:11 UTC

Hi,
I hope this is not a dumn question or a security problem. Only authenticated users will have access to this and I am the only one who will be creating accounts on this site. What I need is a way to have the username of the person logged inserted in to the url. an example would be

http://example.com?id=00000&username=[user]&pass=password
I'm not real consurned about password showing up, but I guess it would be visible, but if there is a way to do this It would be just so wonderful as drupal has done everything else I have needed so far.

modules I currently have installed
path
pathauto
tokens

trying to insert [user-raw] or [user] just adds [user-raw] or [user] and does not expand the variable.

Thanks.

Comments

I am going to ask why

nevets commented 10 January 2008 at 01:17

That is why do you need that information in the URL (they maybe another approach). I as because that opens a gapping security hole since someone sniffy a connection would be able to see the information and then login.

reason why

Jim Ruby commented 10 January 2008 at 20:11

I have a conference room I want my users to be able to log in to. If there is another way I am for it, but the only way Is to use a link and add on the usr name and password. the password could be of my choosing because I know this would be a security risk if I was to try and use their password they used to log in to my web site with.

I just don't want them to have to Login to my web site, then go to the conference room and have to log in again and by providing the conference room link http://example.com?id=0000&username=[username]&password=[password] they will be able to just click on the link and go right in to the room seemlessly.

Interested in your other approach

Jim Ruby commented 11 January 2008 at 13:29

Hi,

I am interested in your other approach, please share it with me. This is the only thing holding the site back from going in to production.

Are the login/password for Drupal or the conference room?

nevets commented 11 January 2008 at 15:19

It is not clear what a "Conference room" is and it's relation to Drupal is. So it is not clear what the login/password apply to.

conference room

Jim Ruby commented 11 January 2008 at 21:08

The conference room is software that calles a pease of software and enters them in to a chat room. so what I am wanting is to have drupal pass the username to the conference room password would be good too, but if that is a security issue thenI would just setup one myself.

for example.
1. user logs in to drupal
2. they want to enter the conference room to talk, they would click the link enter conference room.
this would form the link:
http://domain.com?id=conferenceroomid&user=username&password=password.
This would go to the domain.com site and cause the conference software to lauch and log in to the room using the username and password variable from drupal.

That would be a question for the conference software

nevets commented 11 January 2008 at 21:21

Since you can provide a link to anything from Drupal it is really a question if the conference software supports such a link (or possible an API for remote login). You may also want to check out some of the chat modules available for Drupal such as the Chat Room or Chat Flash for example

no I'm not understanding here

Jim Ruby commented 11 January 2008 at 22:17

I know what the conference software needs, I know what I need and want to send to it via a http link. My problem is getting at it via the with in drupal I know http://domain.com/roomid=roomid&username=drupalusername&password=drupalv... or one that I'll just place here manually with in any code.

So my problem and lack of understanding on my part is getting drupal to put the or expand the username and or password in my url.

I must use this conference software because it lends itself to the blind and it is what everyone wants and is using. a drupal chat or flash chat module is not an option because it is not accessible and it is not what they wish to change to.

So if this can be done wonderful, if you could point me to directions on how to do it I would be forever greatful.

Thank you

From above

nevets commented 11 January 2008 at 22:21

From above you have

1. user logs in to drupal
2. they want to enter the conference room to talk, they would click the link enter conference room.

and step 2 is what we are talking about. Unless the login/password change you could just use a static link on a page.

just use static link

Jim Ruby commented 12 January 2008 at 02:03

ye step 2.

so they login to drupal
then they go to the conference room and again have to login
very redundent and not what I am after.

From what I gather this can not be done.

If not I guess I'm back on the cms hunt again.
People should not have to
1. login in to the cms
then login again in to the conference room. Heck the cms has all the information to pass a couple of variables. but if not then it might look like I invested a lot of time only to fin something else for my site.

Thanks for your time.

Block with PHP

garyabbott commented 12 January 2008 at 05:46

I think you can do what you want by creating a block with php allowed filter on.

Put code like this in for the block:

<?php
global $user;
$message .= " . t('&#60;a href="http://domain.com/?id=conferenceroomid&user=@user&password=password"&#62;Conference Room&#60;/a&#62;', array('@user' => $user->name)) . ";
?>
<?php print $message ?>

This will create a link to the website with everything hardcoded except the username (@user replaced by users username). I think hardcoded single password for chat is best rather than passing main site password and you said that was acceptable.

thank you, one step further please

Jim Ruby commented 12 January 2008 at 23:04

Thank you, I was not thinking, wile this will work if I can not do this, right now I have the conference room links setup as a menu item. Would there be a way to some how be able to do it with in the menu area or not. I see no place do use php there, if not its ok, I can make this work I'll just have to change the design a bit.

To be clear, right now I have a menu item Conference Rooms and they click on this and it expands to display the child menu and this is direct links to the different rooms. So is there a way I can still doing it this way or must I use this in a page. Sorry if this seems a bit lame, I'm still a bit green, but I'm learning.

Thanks.

tried the code and received an error

Jim Ruby commented 12 January 2008 at 23:31

I redceived a parce error unexpected t string. I can recreate the block and try it again if you need the exact error.

Apostrophes instead of quotes

garyabbott commented 13 January 2008 at 00:22

Sorry, replace the .="with .=' '(space not needed) and )) . "; with )) .' '; (space not needed). Those two should have been apostrophes instead of quotes.

I can't help with your menu questions.

still the same error

Jim Ruby commented 13 January 2008 at 02:14

Here is what I used:

global $user;
$message .= ' . t('<a href="http://domain.com/room.asp?id=rs53de8aae96e1&username=@user&password=password">Conference Room</a>', array('@user' => $user->name)) . ';

print $message
returns error:
Parse error: syntax error, unexpected T_STRING in
/home/medtrans/public_html/d/includes/common.inc(1352) : eval()'d code
on line 3

two apostrophes

garyabbott commented 13 January 2008 at 05:15

I just cleaned up the code (I had modified some code from else where and it had extra stuff in it). This seems to work fine for what you want.

<?php
global $user;
$message.=t('&lt;a href="http://domain.com/?id=conferenceroomid&user=@user&password=password"&gt;Conference Room&lt;/a&gt;', array('@user' => $user->name));
 print $message ?>

yes thank you

Jim Ruby commented 13 January 2008 at 06:06

If I need to add the password would I just add in or I should say duplicate where is says global user and make it global password etc. in my testing it looks like I may have to grab that too since some of the people enter the room with different access. so for example
Joe smith logs in to my site he is only a user, so he enters the conference room as a user
now
Jim logs in to the site and enters the conference room, but he is a moderator. I would want to avoid having a user and moderator configured in the conference room with the same password. the user can see thier password because they know what it is anyway.

Sorry aout this, should of thought it out better, but though just using a hard coded password would work, but it looks like it will not.

Also if anyone knows if this could be done with the menu system that would be great, but I can live with this on the page. I appreciate the time you have taken to help me out.

passwords

garyabbott commented 13 January 2008 at 15:48

To pass Drupal passwords is more difficult as they are encoded. You would have to research the forums more on this.

It all depends on what sort of security you are looking for. For a site of mine which has a casual chat room, we don't use passwords with the chat software and mods are set in the chat software. It is certainly open to abuse but we have had no issues in a year although we do not discuss confidential issues there.

If the chat software and Drupal are not tightly coupled you will be forever dealing with password changes occuring in one place and not the other.

If you want to link Drupal with chat software I believe there are modules that do that.

You could also research a adding a field in the user profile with a chat password (text field) and pass it, or if security is not that big a deal just use the username for the chat password.

I'm afraid the rest of these solutions are beyond what I can help you with. Good Luck!

thank you and one last thing

Jim Ruby commented 13 January 2008 at 16:01

Hi, thank you for all your help, one last thing. in stead of a link, could we use a redirect, that would help this way I could.
1 make a page with the php code
2 make a menu option poinging to that page
In this way I can have a menu item go to that page and the page just builds the url and sends them on there way.
I have one redirect script, but not sure if it will work, here is what It looks like:

header("Location: http://domain.com");

Oh and I agree I don't think security would be a big issue at this point, I think this would be enough and again thank you for your time and help.

PHP node with header call

garyabbott commented 13 January 2008 at 17:15

Try this php code in node content, then just link the node to menu . You would need a node per conference room.

<?php
global $user;
header ("Location: http://domain.com/?id_conferenceroomid&user=" . $user->name . "&password=password");
 ?>

I'll try this code too

Jim Ruby commented 13 January 2008 at 18:03

I have the other code working as each room is a node, but the only thing I don't like is the browser is left at the last link showing username and password. probably not a big deal since this is a closed system, but.

Other then that it is working great. Thanks again your help is appreciated:).