0

I'd very much like a qr code that does the following thing when being scanned, e.g. with a camera on the new IOS 11:

  1. Go to a specific website
  2. Enter login information on that website, including username and password. It should not press the actual login button.

As far as I understand scanning a QR code basically mimics the keyboard, as such I'd assume this to be possible. However, the websites I use to generate a QR code can only generate one for a website, and I am not able to find anyone who have tried this problem before.

I thought that a potential way to do this would be to keep everything in the URL string and then redirect it to a script that automatically parses information into the login boxes, depending on the URL string. However, to be frank I am fairly lost on this.

Any and all help is appreciated.

John Doe Python
  • 1
  • 1
  • 1
  • 2
  • eg: guest user account for wi-fi??? so person do not need to type in... – yjs Jan 02 '18 at 10:53
  • This question is too broad, please take a look at [How to ask](https://stackoverflow.com/help/how-to-ask) – imTachu Jan 02 '18 at 10:54
  • @JohnDoePython You can do exactly this way.... https://stackoverflow.com/questions/5422265/how-can-i-pre-populate-html-form-input-fields-from-url-parameters But it should be separate QR codes anyway...Without any security risk you can do it. – yjs Jan 02 '18 at 11:02
  • @yjs perfect thank you so much! – John Doe Python Jan 02 '18 at 11:13

2 Answers2

2

QR codes do not mimic the keyboard. They contain data. When you scan a QR code, it may have a URL in it, such as http://example.com. Your phone then automatically opens this URL in your web browser. Therefore, it is not possible to embed username and password data into a QR code which can be used on any website.

Also, this would create a huge security risk as anyone could scan the QR code and get your login details!

As pointed out by the comments, it is technically possible to put the username and password in the url, or even to embed an OAuth token, but this would be like sticking your front door keys to your front door.

dangee1705
  • 3,445
  • 1
  • 21
  • 40
  • 1
    This is correct up until the last sentence. It *is* possible to embed a username and password into a URL, with the notation `https://user@pass:url` (though, as you say, not necessarily advisable). It wouldn't do precisely what the OP was asking for, but it would be embeddable in a QR code. – IMSoP Jan 02 '18 at 10:53
  • yes or you could put them as GET parameters, but still really not advisable :) – dangee1705 Jan 02 '18 at 10:53
  • 1
    Data could be anything - your website's OAuth token or cookie, for example. Some websites do it with links embedded into emails. And yes - it is a big security risk, though. – Vladimir Jan 02 '18 at 10:55
0

You can do exactly this way.... eg: http://domainname.com/getAuth.php?id=1234

That will read the id from DB and get user and password and redirect to another page with username and password in result page. So we do not need to pass credentials over url.

But it should be separate QR codes anyway... Without any security risk you can do it.

In your QR, you need to mention a ID related to your user AUTH.

NOTE: It will work on scenarios like Wi-fi cards etc...since it will be personal/unique to buyer.

yjs
  • 692
  • 3
  • 11