NYCPHP Meetup

NYPHP.org

[nycphp-talk] accessibility issue, how to solve?

mikesz at qualityadvantages.com mikesz at qualityadvantages.com
Fri Oct 17 09:01:16 EDT 2008 

Hello Rolan,

Friday, October 17, 2008, 8:20:37 PM, you wrote:

> mikesz at qualityadvantages.com wrote:
>> Hello NYPHP,
>>
>> I know I am going to get some heat for this one but here goes...
>>
>> Let me preface this by definitively stating that I am categorically
>> NOT making a request for information on how to hack into a system.
>> This is a legitimate programming problem that I am trying to solve.
>>
>> I have a situation where a visually impaired user needs to pass his
>> username and password to a forum via a php script (preferably) for obvious
>> reasons he can not physically pass the info himself. He is using a text
>> reader software so once he is logged in to the forum at least he is able to
>> participate or a least read the contents of the threads.
>>
>> The Forum Software provider has been pretty proactive in coding
>> "injection prevention" methods so passing the username and password
>> via a script may not be possible.
>>
>> Any accessibility experts got any suggestions on how to solve this
>> problem.
>>
>> TIA for any help.
>>
>>   
> Don't have enough information. The injection countermeasures employed by
> the forum website need to be examined. In the simplest case, a Curl 
> request might suffice.  There might be some javascript "challenge" 
> computation task or a captcha that would make things more difficult. If
> possible, I think the easier solution would be to have his browser 
> "remember" the login and password. :)


> ~Rolan
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk

> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com

> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

> __________ Information from ESET Smart Security, version of virus
> signature database 3530 (20081017) __________

> The message was checked by ESET Smart Security.

> http://www.eset.com

thanks for the reply.

That works "after" you have done the first login but if the browser
cache get cleared for what ever reason you still have to pass the
username and password somehow. I agree with the idea but I still have
to get that initial login to be automated.

The forum has a multistep compare of md5(password) + seed with stored
password in the db.

-- 
Best regards,
 mikesz                            mailto:mikesz at qualityadvantages.com

More information about the talk mailing list