You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by da...@accenture.com on 2008/12/30 00:54:19 UTC

Login issues

Hi All,
 
I have been trying to log into a website but with no luck using
HTTPClient. I will now post all my findings so hopefully someone can
spot my mistakes. The form on the site has this code:
 
<form onsubmit="return ValidateForm(this)" method="post"
action="?iCmsPageId=32&amp;sAction=CheckLogin">
 
<p>Username</span>
<input type="text" id="sUsername" name="sUsername" value=""
maxlength="50" style="width: 200px;" /></p>
<p>Password</span>&nbsp;&nbsp;&nbsp;<br />
<input type="password" id="sPassword" name="sPassword" value=""
maxlength="50" style="width: 200px;" /></p> 
 
 <script language="JavaScript" type="text/javascript">
<!--
function ValidateForm(oForm)
{
 var sError = '';
 if(!Empty(sError))
 {
  alert(sError);
  return false;
 }
 return true;
}
-->
</script>
  
  <div class="button" >
   <div class="buttonimg">
    <img border="0" alt="" src="img/btn_box_arrow.jpg"/>
   </div>
   <div class="buttontext">
    <input class="textsubmit" type="submit"
onmouseout="changeTextDecoration(this,'none');"
onmouseover="changeTextDecoration(this,'underline');" style="color:
rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
   </div>
  </div> 
 
so therefore i coded the following  where LOGON_PAGE is the actual page
where login occurs rather than the root page :
 
 
 PostMethod authpost = new PostMethod(LOGON_PAGE
+"?iCmsPageId=32&amp;sAction=CheckLogin");

authpost.setDoAuthentication(true);

NameValuePair action    = new NameValuePair("action",
"?iCmsPageId=32&sAction=CheckLogin");        
NameValuePair username  = new NameValuePair("sUsername", "username");
NameValuePair password  = new NameValuePair("sPassword", "password");
 
authpost.setRequestBody( new NameValuePair[] {action, username,
password});
 
        System.out.println("Login form post status: " +
authpost.getStatusLine().toString());
        //System.out.println("Page Content: " +
authpost.getResponseBodyAsString());
        System.out.println("Path: " + authpost.getPath());
        System.out.println("Name: " + authpost.getFollowRedirects());
        System.out.println("Location: " +
authpost.getResponseHeader("location"));
        
        Header[] responseHeaders = authpost.getResponseHeaders();
        for (int i=0; i<responseHeaders.length; i++){
            System.out.print(responseHeaders[i]);
        }
        
        System.out.println("Login Status Text: " +
authpost.getStatusText());
 
and the output on the console was the following  at the very bottom . It
seems from the result of authpost.getStatusText() being 200 that it
posted ok but I know from tests with my browser that I should get
another cookie when I log in (even though it is deleted after login) but
I never get that final cookie so it looks like the login has failed  and
I also looked at the result returned from getResponseBodyAsString().
Actually, even when I changed the username or password to something
wrong it still returns 200 from getStatusText() which I find strange!
If it helps, using a plugin for Firefox I can see that the Post that
occurs when logging in is:
 
POST /Main.php?iCmsPageId=32&sAction=CheckLogin
sUsername=username&sPassword=password
 
so I suppose the questions are, is the PostMethod constructed properly,
does the submit button as seen in this code just below require a name
value pair when no name is specified even though that is what is clicked
on to log in, 
 
<input class="textsubmit" type="submit"
onmouseout="changeTextDecoration(this,'none');"
onmouseover="changeTextDecoration(this,'underline');" style="color:
rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
 
does the fact that javascript is required to provide validation with
ValidateForm(this) make a difference to the coding and finally should
the Post text got from Firefox match the result from 

authpost.getQueryString() ? 



Any  answers to these questions would be very welcome?
 
Thanks  very much 
 
 Results:

 Initial set of cookies:

- PHPSESSID=2ofmpn88qm2ht1qs3q0gf6f902

- fcc_type=business

- X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF

Query: sEvent=DelayRepay

Login form post status: HTTP/1.1 200 OK

Path: /Main.php

Name: false

Location: null

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Set-Cookie: fcc_type=business; expires=Tue, 29-Dec-2009 13:41:18 GMT;
path=/

Set-Cookie: X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF; path=/

Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0

Date: Mon, 29 Dec 2008 13:41:18 GMT

Transfer-Encoding: chunked

Connection: Keep-Alive

Server: Apache/2.0.59 (CentOS)

X-Powered-By: PHP/5.1.6

Content-Type: text/html; charset=UTF-8

Pragma: no-cache

Login Status Text: OK



This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information.  If you have received it in error, please notify the sender immediately and delete the original.  Any other use of the email by you is prohibited.