Store user and pass in phone?

Help
2004-09-21
2013-04-25
  • I assume that you have installed this application on your own server, therefore you could just modify the code to hardcode your login/password information.

    Or there is another way I guess, which would be to bookmark on your phone the following url
    http://yourserver/main.php?login=yourlogin&sum=1&pass=yourpassword&tz=yourtimezone

    that should work.
    Gaston

     
  • Thanks so much! This worked great. I do have this installed on my own server, but I had given the address out to some of my family so they could check their mail. So I opted for putting the address into my phone. I have a SE t610, so I was actually able to map the side button to the gmail-mobile address. I now have 1 touch access to my gmail account through my phone!! Its really amazing. Thanks again for the help.

     
  • I'd like to point out that this is somewhat of a security risk. Being that your username name and password is hardcoded into your page, anyone accessing your URL could then read your email, and determine what password you're using.

    I have gone a bit of a step further, I've coded my U/P into my page, and then I've set an .htaccess file to DENY all but my cell phones IP address. No matter who or where, the only IP allowed to access my page is my cell phone, thus protecting my data.

    I've also taken the forms out, so that I have a clean :

    "Login Account #1
    Login Account #2"

    and all i ahve to do is click one or the other.

    Experiment a little bit, and I'm sure you'll find a good solution, but I'd definitely take my advise as far as the security with .htaccess is concerned.

    - whisperium
    AT no Spammin'
    Gmail.com

     
  • whisperium,

    Is your phone's IP fairly static?  Mine seems to be all over the place (Verizon Wireless).  I get IPs in the 74... and 216... and some others.  I wanted to use .htaccess to filter out IPs as well (for proxy access), but I keep filtering out my own!

     
  • Yes, my SprintPCS phone has been static for the last month. Perhaps it'll change, but I don't foresee it changing too soon. My wife's has been static, as well.

     
  • neerav
    neerav
    2005-04-01

    Be careful with the IP address fix too!  I don't know about all mobile carriers, but for some/many, the IP address visible to a website is that of the service provider's WAP gateway(s). That means ANYONE using the same mobile carrier and wap gateway will have the same IP, and thus... even more security risk!!  (of course someone in that group would have to know your site AND that you have such a set up.  But still a very big risk...)

    Supporting evidence: Of the thousands of unique visitors to my wapsite, I have logged only 843 unique ip addresses in over 6 months.  Further support: logs show access from the same ip address but two or more mobiles (agent) AT THE SAME TIME.

    I would suggest creating a random string of 20+ characters in your bookmark.  Then check that only a url with this string will display the "account #1, etc" page, otherwise display the standard login screen.  Only 99.5% foolproof.  the other 0.5% would be some sort of attack on your site trying to guess that random character string.

     
  • Ryan
    Ryan
    2005-04-11

    Neerav,

    I've found that you are indeed correct! I have since simply saved my password in the URl and bookmarked it, removing it from my WAP portal altogether.

    Thanks for the advice.

    - Ryan

     
  • neerav
    neerav
    2005-05-05

    Yeah, I forgot to mention that it's been changed in the newer versions! :-)  I'll add it to the next release.  Any one willing to help improve the README?

    http://yourserver/index.php?login=yourlogin&pass=yourpassword&timezone=yourtimezone

    (the timezone MUST have a + or - otherwise it will default to zero or the timezone set in the configuration)

    This will automatically fill in the fields in the login screen.  Click Login and you're set to go!  To make sure your cell phone forgets the password, click logout when you are done.  Of course, you can easily log in again, since your bookmark already has the password in it!

     
  • FWIW

    I can't find the equals key on my phone, so I sent the url as a txt message...I can access the entire url in the message, but I cannot save it as a bookmark, because it has more than 32 characters.

     
  • I've tried the newly recommended direct link with gmail-mobile-0.3 & i am getting error message 10

    [http://yourserver/index.php?login=yourlogin&pass=yourpassword&timezone=yourtimezone ]

    everything works fine when manually logging on (both tested with a siemens s55 phone and opera browser/xp)

     
  • neerav
    neerav
    2005-05-05

    If you can't bookmark more than 32 characters, then it's difficult to save the login information.  Just the http://, average server name, and a good password will exceed that limit, let alone the username and time zone and the variable names....

    I have a "solution": to download the "bookmark" as a service message.  Would that be useful or practical for anyone?  If it is, login to sourceforge and put it in "trackers -> feature request".

    As for the error 10, you probably have non-alphanumeric characters in your password (which is very good!).  You'll have to encode them in their ASCII equivalents.  For example:

    ! is %21
    # is %23
    $ is %24
    % is %25
    @ is %40
    etc.

    anyone want to rewrite the README?!? :-)

     
  • BTW, I can send this complete (filled out) url to my phone as an SMS message and launch it from there...beats having to type in the password/user by hand. 

    (I am the one with the 32 character limit)

     
  • neerav
    neerav
    2005-05-08

    It's a great thing that launching from sms works for you, but I'm thinking of the inconvenience.  I have 70 sms messages and ...  I shudder.  Well, at least it works!  I'm just trying to think of other ways around that limitation.

    And for the password in the url problem.  I just realized that even after escaping the password, it still might not work in all cases (+ or & are the first ones that come to mind).  The new release will be out today, so this is something that will be fixed in the next release.

     
  • Added by dave...

    i have noticed when i put in the url detail into a browser (opera) it does put in the password but ony for 1 second then the field empties. Therefore no entry for password so i need to put it in manually.

     
  • neerav
    neerav
    2005-05-10

    Dave, can you please fill a bug report for this?  I'm a little baffled, but when you mentioned what opera is doing, I think there is a bug or least a way around this.

     
  • brett p
    brett p
    2005-08-07

    http://yourserver/index.php?login=yourlogin&sum=1&pass=yourpassword&tz=yourtimezone

    I had success with this. I had to change "main.php" to "index.php" then it worked. 

    The only thing that didn't work was the timezone. I have "yourtimezone" set to "+9" because I live in Japan, but it won't recognize it. Am I doing something wrong?

     
    • neerav
      neerav
      2005-08-07

      bdmp, which version of Gmail Mobile are you using?

      You should update to 0.9.  And also check out the README for the current url format.  tz was changed to timezone long ago, but you can also use tz if you change $_POST['timezone']  to $_POST['tz'] in index.php.  I have just added both for the next release.

      --Neerav

       
  • neerav
    neerav
    2005-08-10

    I have recently finished implementing a PIN code signin feature.  It balances security with convenience.  In addition, it is a config option, so one can turn the feature on/off.

    The PIN system is being tested and should be rolled out onto my site in a few days.

    The system works as thus.  When signing in, you have the option to enter a PIN code.  If signin is successful, the pin code, username, password, timezone, signin time, and incorrect PIN signin attempts are encoded and stored.  In the future, using a simple bookmark, you will only need to enter a PIN code (no username or timezone).  The PIN will expire in 4 days or 3 incorrect PIN signin attempts.

    This feature will allow us to keep complicated and secure passwords for Gmail, yet signin easily through Gmail Mobile.

    --Neerav

     
  • is it possible to access the summary page directly without entering user, password, etc.?
    for example index.php?user....

    The informations are saved in the bookmark.

    I know it is unsure, but in my position, it doesn't matter... ;-)