[username:password@yourdomain.com...]

Replace username w/your login name. Replace password with your password.

Please note this is not very secure but it is handy at times.

Thanks for the quick reply!

I tried testing it with excite and it doesn't seem to work?

Another quick question on this topic:

what if the login page is a http:// (with no www) rather than a www.? Seems like the link [username:password@site.com...] doesn't work right?

[username:password@site.com...]

Any other ways to do this? Doesn't seem to be working...

Works fine for me...

What's the error you're getting?

I just seem to go to the login page and the username and password haven't been entered and submitted. Basically just going to www.site.com?

You don't want to go to the login page. You want go to the page that requires you to already be authenticated. That might solve your problem. Then again, I suppose it's possible Excite filters this out as they consider it a security issue. Let us know how it goes. Good luck.

mrutkowski, you mentioned a submit button. The solutions being recommended here are for "401 Authorization required response" (like having an htaccess protected directory, like when you go to the web page and an additional pop-up window prompts you for a username and password).

When you get to the page you are trying to bypass, is it a web page with the username and password login already on the page, or does a window pop up prompting you for authentication?

You have to determine the authentication method being requested before a solution can be (possibly) recommended.

Thanks for that clarification.

The situation here is that the username and password are just on a webpage, with a "submit" button below. There is no additional pop-up to enter the username and password.

So, is there even a universal method that MIGHT work for webpage submit forms that aren't associcated with an additional pop-up window?

Not a great idea. You are leaving a huge hole in the security. Just imagine if google indexed it.

Using it in a link to a friend, not on a webpage. (Even still, if it was a webpage, I would just use a robots "noidex, nofollow" command. Or is that not 100% sure to not get indexed?)

Is it possibly something like:

[sitename.com...]

with the "member.php", "login", "membername", and "password" all potentially being named something different depending on the site?

Possibly. You could try that. By viewing the source for the login page you are referring to, you can find the FORM INPUT names and try passing the values this way to the FORM ACTION handler.

If the FORM is of method POST, and the PHP programmer has programmed the handler program to retrieve only POSTed values, then the method you attempt ( [sitename.com...] ) will not work as it is a GET method.

NOTE:
-----
As stated earlier, you are attempting to bypass security mechanisms placed here intentionally by the programmer(s); not a good practice.

o.k., last question then. How would the link be rephrased, if possible, to be a POST method rather than a GET method?

Taking the security issue into consideration too, don't think it will be an issue for me.

If you can pass login info through a url then it is an issue. It may not be a big issue since you probably are not protecting personal info, but it is not protected. Why not just tell your friend the login?

Post method does not move through the query string so you really can't use post here.

You're right, I can just pass the login info to my friend. Just got caught up in the challenge of getting this to work out!

if you really wanted to do it then you could probaly set up a page with a list of links to logged in sections.

When they clicked on that link it could grab the login info for that link, open a socket or curl session and then log them in.

Not really an easy solution but I imagine it would word just fine. Then you may have to get around the possibility that the login script may only accept connections from it's own domain. etc, etc, etc

just give them the login info. ;)

One other security issue just came to mind when someone mentioned Google. If you use the URL method and your friend has the Google toolbar installed, won't that URL get transmitted to Google? That would get it indexed, complete with your userid and password!

Also, if you use the URL method and your log files are public then anyone can see them and know what your userid and password are.

IMO, you're right about making this more complicated than it needs to be. Just give your friend the userid and password and let him/her login properly. Assuming your friend is trustworthy (not a blabber-mouth or one who's prone to writing userid and password info on a Post-It Note stuck to the monitor) this will eliminate nearly all security issues associated with passing the details via a URL.

Most sites have a TOS that restrict you to not reveal, publish, pass-on, or lend, your login information to anyone else. Beware.