I submit

hoodoo has asked for the wisdom of the Perl Monks concerning the following question:

but then I'm confused!

After 10 years of unix administration, I recently quit my jobby-job to manage the growth of my own new web company. Then, after 7 months of using up savings I've decided to get some supplementary income. I've done this by taking a local end-user support job, which is interesting for me. At this local support job, we often have to walk a user through logging into a popular remote desktop site using a username and password that belongs to one of our techs. This can be a maddening experience for us, and I was hoping to use perl to make it slightly more "end-user-proof". We especially have problems getting them to type the correct user/pass as dictated to them over the phone.

I've created a little something with WWW::Mechanize to login to this site, and it works magnificently! What I'd like to do now is somehow redirect the user to this already-logged in version. Am I crazy? Is there some kind geek out there who's got an idea for me? I've also been thinking about the option of just loading the page for them and auto-filling the form as a silver medal.

Suggestions will be doted upon.
Thanks in advance!

Comment on I submit

Replies are listed 'Best First'.
Re: I submit by CountZero (Bishop) on Aug 30, 2008 at 07:44 UTC
There exist probably some black hat hacking tricks to steal away one user's authenticated session and pass it on to someone else, but I would not know them. I see only one other solution but it depend on the type of authentication used. If it is basic authentication then you might use a specially crafted URL to log-in: `http://username:password@host.domain` [download] and you could email that url to the user. A standard Apache server using basic authentication will accept this to authenticate a user rather than having the browser pop-up the "Username / login" dialog box. If it is a more sophisticated scheme that will not work. If that doesn't work you can still PAR-package your WWW::Mechanize script (or slim it down as much as possible to have fewer dependencies) and give that to the user and let him run it to log in. CountZero A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James	[reply] [d/l]
Re: I submit by LesleyB (Friar) on Aug 30, 2008 at 12:46 UTC
Somewhat OT I fail to understand why your users can't use their own user names and passwords. While I have an MPhil and have been lucky enoughht to work in mathematical research for over 10 years of my life, I have also worked at the lower skill level, showing people how to use websites, how to use a browser and what the component parts of a computer are. Maybe I'm getting something wrong here but my attitude was if they couldn't follow the instructions given then there was at least something wrong with my understanding of where they were in their learning and I needed to correct that expectation to be able to help them further. I've also worked as a software developer, sometimes with user contact. Again, if there was something wrong with the user's understanding then work was done to correct the way information was presented to enable and empower the user to gain understanding and the skill to make good decisions on their own. I take it this is out of fashion in the world of user support these days?	[reply]
Re: I submit by scorpio17 (Canon) on Aug 30, 2008 at 17:43 UTC
Here's an idea - I'm not sure I would actually recommend DOING this, for security reasons, but it will do what you have asked for... Most web-based logins use a session id, which is stored on the client side (browser) as a cookie. People go to much effort to generate unique session ids, since chaos will ensue if multiple people have, for example, access to the same shopping cart at the same time. But in your case, you could create one session, with a session ID of "1", and write this out to every client. This makes EVERYBODY look like "user 1" to the server. As long as the users do "read only" type operations, this may work. If they can read and write - then you may have a lot of problems. Note that most cross-site-scripting attacks basically involve a bad-guy stealing someone else's session id, and thus taking over their identity. So... Also, keep in mind that over the years, programmers have tried really hard to develop idiot-proof applications, but the forces of evolution keep producing better idiots...	[reply]
Re: I submit by Anonymous Monk on Aug 31, 2008 at 04:36 UTC
Not strictly on topic but.... Once upon a time I had a similar problem. When in a polite mood I referred to certain end-users as "novice" and in less polite moods as "severely challenged". :) Usernames/passwords are the reason my hair line moved back an inch. Part of the problem is that people believe they are gifted typists... they aren't. A technique I used successfully time and time again was this: First I had them get a pen and paper and write down the username and password. Then I instructed the end-user to position their keyboard rotated 180 degrees. Then I tell them to carefully enter the user/pass and say aloud each letter/number as they press the key. With the keyboard upside down they are forced to actually focus and hunt for each key. Then by saying it aloud the odds they are getting it correct are increased. Even with all that I still sometimes had to have them go get a neighbor...	[reply]
Re: I submit by Anonymous Monk on Aug 31, 2008 at 12:12 UTC
Provide a virtual keyboard and force them to use it (move mouse click a $ ... )	[reply]