Page 1 of 1

How to Check if a .NET Passport is valid

Posted: Fri Jan 28, 2005 6:23 pm
by ice!
How to Check if a .NET Passport is valid before accepting the user.

Hi,

I am wondering how to make a PHP Script so when someone enters their email address (.NET Passport) and password on my own webpage it verifies it with http://www.hotmail.com (http://login.passport.net/uilogin.srf?id=2) to check if the account and password is real. If the address is real it passes them to another page or something…

I just started PHP not very long ago so my PHP skiils are not the best so please help. :wink:

Thanks in advance,
Peter :)

Posted: Fri Jan 28, 2005 6:25 pm
by feyd
you want your script to log into their passport account? What makes you think a user would give you their password?

Posted: Fri Jan 28, 2005 6:28 pm
by hunterhp
I doubt just anyone can check if .NET passport users. I think Passport is a Microsoft product, so I think you have to pay before using it.

Of course, I haven't researched this, but given the websites that use Passport, it seems what I said is right...

Posted: Fri Jan 28, 2005 6:32 pm
by qads
.NET passports are not always hotmail accounts, i.e. mine is my ISP email address.

It is possible but unsure myself how-to do it

Posted: Fri Jan 28, 2005 6:36 pm
by ice!
It is possible, eBay used to let their clients used their .NET Passport (email address) to login.

Also to back this up I know it is possible because I have done it before with Visual Basic. I don’t know enough about the functions of PHP to do it in PHP though.

Is it possible to use a POST/GET-REQUEST to http://www.hotmail.com (http://login.passport.net/uilogin.srf?id=2) and check for the words “Invalid Password” and return the address as invalid, and if the page doesn’t return “Invalid Password” then return that the password and email address is correct???

Posted: Fri Jan 28, 2005 6:39 pm
by feyd
it's possible.. using curl or fsockopen.. however I still don't see why a user would give you their password, that's asking for abuse.

It would have to be done through the Passport site, not hotmail. Hotmail is a client of the Passport system.

Posted: Fri Jan 28, 2005 6:48 pm
by ice!
Uhmm I don’t need to use it for abuse. To use my site you need to log-in to verify the user in order for the add-on I created on Visual Basic that relies on custom HTML pages to work correctly.

Posted: Fri Jan 28, 2005 6:57 pm
by feyd
have fun convincing users to give you their passwords.. :roll:

Posted: Fri Jan 28, 2005 7:08 pm
by ice!
feyd wrote:have fun convincing users to give you their passwords.. :roll:
For the last time their not giving me their passwords, the PHP script checks if for validity and redirects them to the appropriate page. None of the passwords are stored on the server. No offence but I expected a appropriate answer from an Admin.

Posted: Fri Jan 28, 2005 7:19 pm
by feyd
in order to validate the user, you'd need to know their password. You appeared to be asking for an automated verification method. For which I told you some paths. You never said anything about redirection to the .Net Passport site.

Posted: Fri Jan 28, 2005 7:29 pm
by ice!
feyd wrote:in order to validate the user, you'd need to know their password. You appeared to be asking for an automated verification method. For which I told you some paths. You never said anything about redirection to the .Net Passport site.
ohh okay sorry... Im wishing to have something like they used to have on eBay about 2 years ago.

Posted: Fri Jan 28, 2005 7:40 pm
by feyd
I gave you some direction if you reread my posts. Those suggestions were based on exactly what you wre asking about: post and get request capability.

Posted: Sat Jan 29, 2005 12:02 am
by itsmani1
Well guys Microsoft .Net provides some thing to confirm .Net Passport account.
i hav't used that but heard about that.