It would be great if it were possible for the system to accept $ _GET variables for log-in.

This would allow new members to log in from the new member email like this:

http://yourEEsite.com/?ACT=9&username=sue&password=123123

Perhaps a CP setting could be added ‘Allow URL login’…

That seems like it would be horribly insecure.

Evil Spy: I don’t think it it would be any less secure than the current method, unless you have your site set up to use https (and thus member login info is encrypted when sent)

I have looked at mod.member_auth.php and it seems it it would be a simple matter of catching either the $POST or $GET login info and then assigning it to local variables for login purposes…

Could we please get some feed back from EE about this?  There are posts from other users wanting the same functionality.

thanks

GET is not innately less secure than POST, as either can be manipulated, sniffed, etc., but in the case of logins, no, we will not be adding GET support.  Consider people using EE from public terminals.  Their entire site could be compromised from accidentally leaving the link in the browser history after logging out.

You could still start playing around with this for your purposes using EE hooks, you might have a look at ‘login_authenticate_start’

Derek Jones - 15 June 2008 09:23 PM

GET is not innately less secure than POST, as either can be manipulated, sniffed, etc., but in the case of logins, no, we will not be adding GET support.  Consider people using EE from public terminals.  Their entire site could be compromised from accidentally leaving the link in the browser history after logging out.

That’s the particular case I was thinking of, actually. Basically leaving your username and password pair in your browser’s history seems like a bad idea.