Second Life Forums Archive - Script to login to external websites in SL

DG Correia

Registered User

Join date: 10 Feb 2009

Posts: 2

02-24-2009 22:49

Hey guys,

I'm kinda new to the LSL so I was just wondering if its possible to develop a script that allows a user to login to an external website in SL. I'm doing this little project where the user can login into an external learning tool website and retrieve data that would be used to populate objects on SL. For example, the student logins via SL to this educational website, and we'll have other scripts that will communicate with the website to find out what sort of courses this student has registered for and display them.

I've read somewhere there's a HTTPRequest function we can use but I'm a little uncertain how that works. I've also read that a local webserver is needed?

Can anyone spare a few pointers for a newbie?

Thanks.

Lazink Maeterlinck

Registered User

Join date: 8 Nov 2005

Posts: 332

02-25-2009 01:33

Here are some links to this forum for you about llHTTPRequest....

/54/5f/303183/1.html
/54/0d/308221/1.html
/54/a6/308107/1.html

Just a few for you to read, and I'm sure there are a lot more. For future reference, try doing a search first, and if you don't see what you are looking for there, then ask. Just so you know, each one of those threads is no more then 3 days old, since the last reply, so your not alone in asking about this.

Pedro McMillan

SLOODLE Developer

Join date: 28 Jul 2007

Posts: 231

02-25-2009 01:59

Warning: shameless plug ahead!

Sounds like you might like to check out the SLOODLE project at some point (www.sloodle.org). We're an open source project integrating SL with the Moodle learning management system, making educational resources and activities available in-world. It's pretty big now (it's been developing since 2006), so you'll need to have some familiarity with LSL and whatnot before you can get into it properly, but you are more than welcome to pick it apart and ask how stuff works.

ElQ Homewood

Sleeps Professionally

Join date: 25 Apr 2007

Posts: 280

02-25-2009 04:41

yeah, you want to check out llHTTPRequest, http_response, and xml-rpc in the wiki pages and scripting portal. There WAS a decent script at the Scripting Library on it that I learned from when I was first working on LSL<->Web communication but doggone if I can find it now..just spent a half hour searching for it lol

Sounds like a good project - good luck!

Papalopulus Kobolowski

working mind

Join date: 11 Aug 2006

Posts: 326

02-25-2009 09:02

Go here and look at a simple http request example.

/54/0d/308221/1.html

_____________________

RAW terrain files - terraform your SIM!!
http://www.wishland.info/
PD:the wiki its your friend

http://wiki.secondlife.com/wiki/LSL_Portal

Hewee Zetkin

Registered User

Join date: 20 Jul 2006

Posts: 2,702

02-25-2009 12:51

It may be that folks have misconstrued the OP's question. If the intent was to simply ask about ACCESSING an external website, the answers above are good ones.

If, on the other hand, the OP means "login" in the normal sense of the word, this usually involves some sort of authentication. Unfortunately you cannot send user-generated HTTP headers from LSL, nor are cookies stored. So if a site you are interested in will accept some kind of login through HTTP GET or POST parameters, and return you some kind of session ID without relying on cookies, you MIGHT be able to do this. Otherwise, you're probably out of luck unless you can find some kind of proxy to take care of it for you.

Void Singer

Int vSelf = Sing(void);

Join date: 24 Sep 2005

Posts: 6,973

02-25-2009 16:47

a few sites will accept logins in the format of

CODE

http://name:password@site.com

not many though

_____________________

|
| . "Cat-Like Typing Detected"
| . This post may contain errors in logic, spelling, and
| . grammar known to the SL populace to cause confusion
|
| - Please Use PHP tags when posting scripts/code, Thanks.
| - Can't See PHP or URL Tags Correctly? Check Out This Link...
| -

DG Correia

Registered User

Join date: 10 Feb 2009

Posts: 2

Thanks

02-26-2009 00:36

To (Lazink , ElQ, Papalopulus)
Thanks for the input guys, I've actually been through those threads before posting this. Just wanted to check if I missed out anything.

To Void,
Unfortunately, our external website was programmed with JSP.

To Hewee,
I think you got my point. Hmmm... I think the external learning management tool uses sessions, will try to figure it out. If I get it to work, I'll post the script here.

To Pedro,
I'll go look up your website! If I have any questions I'll PM you.

Thanks guys

ElQ Homewood

Sleeps Professionally

Join date: 25 Apr 2007

Posts: 280

02-26-2009 03:52

lol sorry! I just assumed he was writing his own site, so would get logins however he wanted to..

Void Singer

Int vSelf = Sing(void);

Join date: 24 Sep 2005

Posts: 6,973

02-26-2009 04:58

if it's only by session, you might be able to set up some sort of php pass through that handles it. IIRC httprequest doesn't keep the connection alive, so it definitely wouldn't work directly.

_____________________

|
| . "Cat-Like Typing Detected"
| . This post may contain errors in logic, spelling, and
| . grammar known to the SL populace to cause confusion
|
| - Please Use PHP tags when posting scripts/code, Thanks.
| - Can't See PHP or URL Tags Correctly? Check Out This Link...
| -

Pedro McMillan

SLOODLE Developer

Join date: 28 Jul 2007

Posts: 231

02-26-2009 05:55

In my experience, sessions tend to work in one of 2 ways: cookies, and GET parameters. Normally, the session key will be stored in a cookie by the user's browser, but where that is not possible, the session key can be encoded as a GET parameter in every URL. (The server-side script would need to supply that key to the LSL script when the session is first started, I guess.)

I don't think the connection needs to persist in that case -- there will simply be a pre-defined timeout, after which the session is closed. I could be wrong though, so I'd be very interested to see the results.

EDIT: btw, for SLOODLE, the learning management system normally requires session-based login too. However, we get around that by implementing our own security system, where internal passwords are dynamically generated and passed in-world, but have to be authorised by a real person who logs-in the normal way in their web-browser. It's... erm... complicated. I think there's a paper about it coming out soon... keep tabs on: http://www.sloodle.org/research

Void Singer

Int vSelf = Sing(void);

Join date: 24 Sep 2005

Posts: 6,973

02-26-2009 15:09

apologies, Pedro is of course right, I had persistence on the brain, which is a browser feature (that I believe can be mimicked by a pass through, though I've never tried myself)

_____________________

|
| . "Cat-Like Typing Detected"
| . This post may contain errors in logic, spelling, and
| . grammar known to the SL populace to cause confusion
|
| - Please Use PHP tags when posting scripts/code, Thanks.
| - Can't See PHP or URL Tags Correctly? Check Out This Link...
| -

Ferd Frederix

Registered User

Join date: 19 Dec 2007

Posts: 5

02-27-2009 08:43

From: Void Singer

a few sites will accept logins in the format of

CODE

http://name:password@site.com

not many though

Web servers that us BASIC authentication are subject to attacks and exposed passwords in plain text. Web server admins usually disable this so you can no longer directly enter User ID's and password. IE and other browsers have also patched out this behaviour:

http://support.microsoft.com/default.aspx?scid=kb;[LN];834489

The patch reasoning was to help prevent Phishing scams, where the syntax http://userID

assword@yourdomain.com could be reworked to fool you into believing you were going to another site.

A URL http://www.paypal.com:notreallyapasswordbutverylongsoyoucantseetherestof theline@hackorzdomain.com could be made to fool you into believing you were going to another site.

My two bits: The 'simple' way is to run a perl or PHP proxy. The downside is your UserID and Passwords will be sent from the sim to the proxy via plain text and are subject to intermediary attacks as they pass thru various ISP's. You can reduce this risk by using some form of encryption between the prim and the proxy. XML-RPC http://wiki.secondlife.com/wiki/Category:LSL_XML-RPC or the http protocols mentioned elsewhere can be used.

I would use perl and the LWP module and the SASL module for authentication to establish a secure session from the proxy to the Educational site. Perl is free, and web servers are too, even a brain-dead XP box can serve up perl from Activestate for basically nothing.

If anyone is interested, I can post some sample code.

Script to login to external websites in SL
DG Correia Registered User Join date: 10 Feb 2009 Posts: 2	02-24-2009 22:49 Hey guys, I'm kinda new to the LSL so I was just wondering if its possible to develop a script that allows a user to login to an external website in SL. I'm doing this little project where the user can login into an external learning tool website and retrieve data that would be used to populate objects on SL. For example, the student logins via SL to this educational website, and we'll have other scripts that will communicate with the website to find out what sort of courses this student has registered for and display them. I've read somewhere there's a HTTPRequest function we can use but I'm a little uncertain how that works. I've also read that a local webserver is needed? Can anyone spare a few pointers for a newbie? Thanks.
Lazink Maeterlinck Registered User Join date: 8 Nov 2005 Posts: 332	02-25-2009 01:33 Here are some links to this forum for you about llHTTPRequest.... /54/5f/303183/1.html /54/0d/308221/1.html /54/a6/308107/1.html Just a few for you to read, and I'm sure there are a lot more. For future reference, try doing a search first, and if you don't see what you are looking for there, then ask. Just so you know, each one of those threads is no more then 3 days old, since the last reply, so your not alone in asking about this.
Pedro McMillan SLOODLE Developer Join date: 28 Jul 2007 Posts: 231	02-25-2009 01:59 Warning: shameless plug ahead! Sounds like you might like to check out the SLOODLE project at some point (www.sloodle.org). We're an open source project integrating SL with the Moodle learning management system, making educational resources and activities available in-world. It's pretty big now (it's been developing since 2006), so you'll need to have some familiarity with LSL and whatnot before you can get into it properly, but you are more than welcome to pick it apart and ask how stuff works.
ElQ Homewood Sleeps Professionally Join date: 25 Apr 2007 Posts: 280	02-25-2009 04:41 yeah, you want to check out llHTTPRequest, http_response, and xml-rpc in the wiki pages and scripting portal. There WAS a decent script at the Scripting Library on it that I learned from when I was first working on LSL<->Web communication but doggone if I can find it now..just spent a half hour searching for it lol Sounds like a good project - good luck!
Papalopulus Kobolowski working mind Join date: 11 Aug 2006 Posts: 326	02-25-2009 09:02 Go here and look at a simple http request example. /54/0d/308221/1.html _____________________ RAW terrain files - terraform your SIM!! http://www.wishland.info/ PD:the wiki its your friend http://wiki.secondlife.com/wiki/LSL_Portal
Hewee Zetkin Registered User Join date: 20 Jul 2006 Posts: 2,702	02-25-2009 12:51 It may be that folks have misconstrued the OP's question. If the intent was to simply ask about ACCESSING an external website, the answers above are good ones. If, on the other hand, the OP means "login" in the normal sense of the word, this usually involves some sort of authentication. Unfortunately you cannot send user-generated HTTP headers from LSL, nor are cookies stored. So if a site you are interested in will accept some kind of login through HTTP GET or POST parameters, and return you some kind of session ID without relying on cookies, you MIGHT be able to do this. Otherwise, you're probably out of luck unless you can find some kind of proxy to take care of it for you.
Void Singer Int vSelf = Sing(void); Join date: 24 Sep 2005 Posts: 6,973	02-25-2009 16:47 a few sites will accept logins in the format of CODE http://name:password@site.com not many though _____________________ \| \| . "Cat-Like Typing Detected" \| . This post may contain errors in logic, spelling, and \| . grammar known to the SL populace to cause confusion \| \| - Please Use PHP tags when posting scripts/code, Thanks. \| - Can't See PHP or URL Tags Correctly? Check Out This Link... \| -
DG Correia Registered User Join date: 10 Feb 2009 Posts: 2	Thanks 02-26-2009 00:36 To (Lazink , ElQ, Papalopulus) Thanks for the input guys, I've actually been through those threads before posting this. Just wanted to check if I missed out anything. To Void, Unfortunately, our external website was programmed with JSP. To Hewee, I think you got my point. Hmmm... I think the external learning management tool uses sessions, will try to figure it out. If I get it to work, I'll post the script here. To Pedro, I'll go look up your website! If I have any questions I'll PM you. Thanks guys
ElQ Homewood Sleeps Professionally Join date: 25 Apr 2007 Posts: 280	02-26-2009 03:52 lol sorry! I just assumed he was writing his own site, so would get logins however he wanted to..
Void Singer Int vSelf = Sing(void); Join date: 24 Sep 2005 Posts: 6,973	02-26-2009 04:58 if it's only by session, you might be able to set up some sort of php pass through that handles it. IIRC httprequest doesn't keep the connection alive, so it definitely wouldn't work directly. _____________________ \| \| . "Cat-Like Typing Detected" \| . This post may contain errors in logic, spelling, and \| . grammar known to the SL populace to cause confusion \| \| - Please Use PHP tags when posting scripts/code, Thanks. \| - Can't See PHP or URL Tags Correctly? Check Out This Link... \| -
Pedro McMillan SLOODLE Developer Join date: 28 Jul 2007 Posts: 231	02-26-2009 05:55 In my experience, sessions tend to work in one of 2 ways: cookies, and GET parameters. Normally, the session key will be stored in a cookie by the user's browser, but where that is not possible, the session key can be encoded as a GET parameter in every URL. (The server-side script would need to supply that key to the LSL script when the session is first started, I guess.) I don't think the connection needs to persist in that case -- there will simply be a pre-defined timeout, after which the session is closed. I could be wrong though, so I'd be very interested to see the results. EDIT: btw, for SLOODLE, the learning management system normally requires session-based login too. However, we get around that by implementing our own security system, where internal passwords are dynamically generated and passed in-world, but have to be authorised by a real person who logs-in the normal way in their web-browser. It's... erm... complicated. I think there's a paper about it coming out soon... keep tabs on: http://www.sloodle.org/research
Void Singer Int vSelf = Sing(void); Join date: 24 Sep 2005 Posts: 6,973	02-26-2009 15:09 apologies, Pedro is of course right, I had persistence on the brain, which is a browser feature (that I believe can be mimicked by a pass through, though I've never tried myself) _____________________ \| \| . "Cat-Like Typing Detected" \| . This post may contain errors in logic, spelling, and \| . grammar known to the SL populace to cause confusion \| \| - Please Use PHP tags when posting scripts/code, Thanks. \| - Can't See PHP or URL Tags Correctly? Check Out This Link... \| -
Ferd Frederix Registered User Join date: 19 Dec 2007 Posts: 5	02-27-2009 08:43 From: Void Singer a few sites will accept logins in the format of CODE http://name:password@site.com not many though Web servers that us BASIC authentication are subject to attacks and exposed passwords in plain text. Web server admins usually disable this so you can no longer directly enter User ID's and password. IE and other browsers have also patched out this behaviour: http://support.microsoft.com/default.aspx?scid=kb;[LN];834489 The patch reasoning was to help prevent Phishing scams, where the syntax http://userIDassword@yourdomain.com could be reworked to fool you into believing you were going to another site. A URL http://www.paypal.com:notreallyapasswordbutverylongsoyoucantseetherestof theline@hackorzdomain.com could be made to fool you into believing you were going to another site. My two bits: The 'simple' way is to run a perl or PHP proxy. The downside is your UserID and Passwords will be sent from the sim to the proxy via plain text and are subject to intermediary attacks as they pass thru various ISP's. You can reduce this risk by using some form of encryption between the prim and the proxy. XML-RPC http://wiki.secondlife.com/wiki/Category:LSL_XML-RPC or the http protocols mentioned elsewhere can be used. I would use perl and the LWP module and the SASL module for authentication to establish a secure session from the proxy to the Educational site. Perl is free, and web servers are too, even a brain-dead XP box can serve up perl from Activestate for basically nothing. If anyone is interested, I can post some sample code.

Welcome to the Second Life Forums Archive

Script to login to external websites in SL