AutoAuth is a PHPCredLocker plugin providing a one-click login option for certain CredTypes. By providing the relevant form id's (presets are available), superadmins can configure a credential type to display a 'Log In' button for all associated credentials.

AutoAuth is known to work with

  • CPanel/WHM
  • Webmin
  • WordPress
  • Drupal

AutoAuth doesn't currently work with Joomla! as it requires a correct form token to be included in the request.

You can see AutoAuth in action in the PHPCredLocker demo.

See below for the Plugin's README




About AutoAuth

AutoAuth Plugin is a plugin allowing system admins to configure PHPCredLocker to display a 'Log In' button for specific credtypes. When enabled, the plugin simply generates a form containing the credentials so that users can log into linked systems with one click.

Thanks to Joomla User Group Suffolk (JUGS) for the feature suggestion!

Plugin Configuration

The configuration file contains two options

  • active - Is the plugin enabled?
  • warnredirect - Should a Javascript confirm box be displayed before redirecting the user

CredType Configuration

When enabled, the plugin will display additional fields when adding or editing a Credential Type. The settings specified in these will define how credentials are passed to the login script of the linked system, getting them wrong will result in a failed login.

  • Enable Auto Login button: Should the plugin be enabled for this CredType?
  • Additional address path: Specifies any additional URL params that need to be specified to enable login
  • User Field: The field name used by the login form of the linked system
  • Password Field: The field name use by the login form of the linked system
  • Requires Cookies: Some systems require a specific cookie to exist. If this is checked, the target page will be loaded as part of the form (the user won't see it) to ensure all relevant cookies are set.
  • Additional Fields: Some systems require additional hidden fields to be submitted. This field allows you to specify names and values in CSV format using key=value (i.e. page=home,action=login)


Example configurations

Note: These examples assume you've stored the address of the server without a trailing slash (i.e. mysite:2082 rather than mysite:2082/)

  CPanel Webmin WordPress
Additional Address Path /login /session_login.cgi /wp-login.php
User Field user user log
Password Field pass pass pwd
Requires Cookie No Yes Yes
Additional Fields none page=/,

Known Incompatible

Systems known not to be compatible with AutoAuth's one-click login are

  • Joomla! - Requires a unique form token to be submitted
  • PHPCredLocker - Requires a unique form token to be submitted

Any system which requires a unique form token to be submitted (such as Joomla!) cannot be supported as the token changes with each session/request. Systems which simply require a specific cookie to be set (such as Webmin) are supported however, as are those which allow login details to be submitted without further information (such as CPanel/WHM).

The plugin may fail to work where an invalid SSL certificate has been used on the linked system. The browser will deny access until the user has specifically accepted the suspicious certificate, preventing automatic setting of cookies prior to the login request being sent.

Login button not displaying

There are essentially three reasons why the login button may not display after a user has clicked 'Display Password'.

  1. Plugin not enabled - Check plugins.conf and conf/plugins/AutoAuth/config.php
  2. Required field not included - Credential must have URL, User and Password stored for the plugin to trigger
  3. Internal plugin fault - Sorry! These have been well tested for, but it's possible something's been missed



You can purchase AutoAuth from my shop.