How to bypass website login via mql4 to get data - authentication

How can I extract data from a website that is protected with a login and password via mql4?
I have the login credentials so this is not about hacking. I can get the html for any website but if a website has a login I can't get passed it.
I don't even know if login to a website is possible with mql4.
Anyone knows how to do this (if possible) ?
Many thanks

Related

Odoo11 - Force authentication of a web page

I work under Odoo11 with the Python3 language.
When the person goes to a web page, I want them to automatically connect without going through an authentication page. Is that possible? And if so, by what means? Controllers, url to change?
I don't have any code to suggest, because I don't know where to start.
Thanks for your understanding and thanks for your help!
EDIT :
I have a list on the Odoo website visible to only one user.
If I sign in with another internal user, I don't see this list.
There are several people who need to access this list. The url in question will be given only to these people.
I just want to avoid them an authentication page. It is a request made by our hierarchy.
My idea was to call a function "to disconnect" from Odoo (in case they have an open session) then pass the connection parameters (hard for example) with the username and password but only for a url.
My use_case I will say,
Url access -> Disconnect Session -> Connect Odoo session with username and password with parameters in my controller -> redirection to this url
Thank you

Form authentication for not authorised user

i'm implementing a form based authentication for my web application.
i created some users in the JDBCrealm on TomEE server and allow only particular users to access the protected jsf pages.
Now authentication works perfectly and if there is a username password mismatch it is redirected to the error page.
the problem i'm facing here is, if i try to login with the user already available in the JDBCrealm who is not authorised to access the protected the page im getting 403 error.
When I come back and try again get to protected pages i can't again login. Is it because information about my login is remembered in session and I have to invalidate session?
Even if I don't login ?
EDIT:
i ask about at forum: http://openejb.979440.n4.nabble.com/Bug-in-security-TomEE-td4665009.html
and i think its the best answer for my question
instead of trying to implement this yourself take a look to something like spring security, it provides most of the options you will need and if you need to extend it is easy as well

Joomla PHPmaker authentication

I have already created my webpage with PHPmaker. An now I have install Joomla for my Homepage. Now My client has two username and password to login with this PHPmaker and Joomla created webpage.
I want to creat a plugin for joomla as when my user login to the joomla it automatically login the PHHmaker webpage too. So that my client can login the two website with a single login page.
Please guide me.
Note :- Joomla authentication for PHPmaker webpage.
In case you REALLY want to do it this way, you can get details on how to build the remote Joomla login portion here -
Logging In To Joomla 1.5 Using External Form (not within joomla folder, but on same server)
You will need to pass login credentials to PHPMaker via script and this will create session which you can use in Joomla too or else if you have used UserTrack settings then your user session data will get stored in user table into Usertrack field you could validate your user details and use Usertrack field and use that.
Kindly let me know whether that worked for you.

My.Computer.Network.UploadFile

What should I use for the "User" parameter of this function? Is this the name of the account that the user logs in with? Computer name?
I am trying to send a file across to another computer on my network.
This is the username to pass for HTTP basic authentication.
If you're uploading to a site that gives a standard browser login dialog (not a normal login form), you should pass the username and password to this function.
Most web pages uses forms-based authentication with a normal login form; if so, you'll need to login using cookies and a separate HTTP request.

Auto login user to third party site without showing a password to him

Background
We are integrating third party email solution into our site. When a user goes to the Mail page it must be automatically authenticated at the Mail site.
For now, the Mail link points to our page which automatically submits a form with the user's login and password. After clicking submit the user is redirected to the Mail site with authentication cookie.
The problem with this approach is that we do not want the user to see his Mail password, because we generate it automatically for him and there are some sane reasons not to show it.
Question
Is there any way to receive mail authentication cookies without sending the login information to the client and performing form.submit operation from the client's browser? Is there a better way to do what I'm trying to do?
Edit
Of course "I am trying to do it programatically". Looks like that there are no sane solution except pass these login/password to the client. Looks like we must accept that user can see his mail password and somehow make sure he cannot use this information to change password to some other value we will not know.
Edit: I didn't read the post correctly, I thought he was trying to login to a remote mail application, not one hosted on his own server. Ignore this answer.
When you login to the remote third party mail website, they will create a cookie (since HTTP is stateless, it's the only way it knows the user is authenticated unless they store some kind of session ID in the url). When you send the user to that site, the site needs to know how to authenticate the user. Even if you logged in from your application and grabbed the cookie, you can set a cookie on the users browser for another website. The only way for this to work is if there is some kind of development API on the third parties website you can hook into, or they allow you to use session id's in the URL.
Possible solution but has a security risk
If they allow you to set a session_id in the URL (for instance, PHPSESSID in PHP) then you could grab the session ID and append it to the URL when sending it to the user. I don't really like this idea since if the user clicks on a link in an e-mail, the new page will be able to check the referrer and see their session ID in the URL. This can become a huge security risk.
Lookup topics related to your mail vendor and "Pass-through Authentication." You did not mention what vendor/software you are using for your web mail solution, so I can't help you very much there. Other than forwarding the user's information (in a post request) to the login handler.
Generate unique IDs before sending an email and put them as hidden instead of username/password into form. Make them disposable (usable only once or usable once before successful entering the site)