Hi.
Maybe, it'll be useful to know, that if you pass such an url:
http://www.example.com/index.php?id=1&logintype=login&user={login}&pass={password}&pid={pid}
TYPO3 core will take care about authentication. Felogin uses such a
possibility, passes parameters via POST by it's login form and just checks
the results of authentication.