You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by da...@accenture.com on 2008/12/30 16:59:36 UTC
Login issues
Hi All,
I have been trying to log into a website for the past few days but with
no luck using HTTPClient. I will now post all my findings so hopefully
someone can spot my mistakes. The form on the site has this code:
<form onsubmit="return ValidateForm(this)" method="post"
action="?iCmsPageId=32&sAction=CheckLogin">
<p>Username</span>
<input type="text" id="sUsername" name="sUsername" value=""
maxlength="50" style="width: 200px;" /></p>
<p>Password</span> <br />
<input type="password" id="sPassword" name="sPassword" value=""
maxlength="50" style="width: 200px;" /></p>
<script language="JavaScript" type="text/javascript">
<!--
function ValidateForm(oForm)
{
var sError = '';
if(!Empty(sError))
{
alert(sError);
return false;
}
return true;
}
-->
</script>
<div class="button" >
<div class="buttonimg">
<img border="0" alt="" src="img/btn_box_arrow.jpg"/>
</div>
<div class="buttontext">
<input class="textsubmit" type="submit"
onmouseout="changeTextDecoration(this,'none');"
onmouseover="changeTextDecoration(this,'underline');" style="color:
rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
</div>
</div>
so therefore i coded the following where LOGON_PAGE is the actual page
where login occurs rather than the root page :
PostMethod authpost = new PostMethod(LOGON_PAGE
+"?iCmsPageId=32&sAction=CheckLogin");
authpost.setDoAuthentication(true);
NameValuePair action = new NameValuePair("action",
"?iCmsPageId=32&sAction=CheckLogin");
NameValuePair username = new NameValuePair("sUsername", "username");
NameValuePair password = new NameValuePair("sPassword", "password");
authpost.setRequestBody( new NameValuePair[] {action, username,
password});
System.out.println("Login form post status: " +
authpost.getStatusLine().toString());
//System.out.println("Page Content: " +
authpost.getResponseBodyAsString());
System.out.println("Path: " + authpost.getPath());
System.out.println("Redirection: " +
authpost.getFollowRedirects());
System.out.println("Location: " +
authpost.getResponseHeader("location"));
Header[] responseHeaders = authpost.getResponseHeaders();
for (int i=0; i<responseHeaders.length; i++){
System.out.print(responseHeaders[i]);
}
System.out.println("Login Status Text: " +
authpost.getStatusText());
and the output on the console was the following at the very bottom . It
seems from the result of authpost.getStatusText() being 200 that it
posted ok but I know from tests with my browser that I should get
another cookie when I log in (even though it is deleted after log out)
but I never get that final cookie so it looks like the login has failed
and I also looked at the result returned from getResponseBodyAsString()
and its still the initial login page. Actually, even when I changed the
username or password to something wrong it still returns 200 from
getStatusText() which I find strange! If it helps, using a plugin for
Firefox I can see that the Post that occurs when logging in using
Firefox is:
/Main.php?iCmsPageId=32&sAction=CheckLogin
sUsername=username&sPassword=password
so I suppose the questions are, is the PostMethod constructed properly,
does the submit button as seen in this code just below require a name
value pair when no name is specified in the html even though that login
button is the one that is pressed on the site,
<input class="textsubmit" type="submit"
onmouseout="changeTextDecoration(this,'none');"
onmouseover="changeTextDecoration(this,'underline');" style="color:
rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
does the fact that javascript is required to provide validation with
ValidateForm(this) make a difference to the coding and finally should
the Post text got from a login using Firefox match the result from
authpost.getQueryString() ?
Any answers to these questions would be very welcome?
Thanks very much
Results:
Initial set of cookies:
- PHPSESSID=2ofmpn88qm2ht1qs3q0gf6f902
- fcc_type=business
- X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF
Query: sEvent=DelayRepay
Login form post status: HTTP/1.1 200 OK
Path: /Main.php
Redirection: false
Location: null
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: fcc_type=business; expires=Tue, 29-Dec-2009 13:41:18 GMT;
path=/
Set-Cookie: X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF; path=/
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Date: Mon, 29 Dec 2008 13:41:18 GMT
Transfer-Encoding: chunked
Connection: Keep-Alive
Server: Apache/2.0.59 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Login Status Text: OK
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
RE: Login issues
Posted by da...@accenture.com.
Thanks Seb that is legendary and I have now logged in and received the
login cookie so thanks very much.
After the login I then check for s status code and it is 301 and so I
create a redirect from newuri below which
contains the account page I should be moved to next. The redirect status
comes back as 200 after I do the Get
but when I look at test.html its still showing the initial page and not
my account page.
Any ideas?
Thanks
Dave
// Usually a successful form-based login results in a redirect to
// another url
int statuscode = authpost.getStatusCode();
if ((statuscode == HttpStatus.SC_MOVED_TEMPORARILY) ||
(statuscode == HttpStatus.SC_MOVED_PERMANENTLY) ||
(statuscode == HttpStatus.SC_SEE_OTHER) ||
(statuscode == HttpStatus.SC_TEMPORARY_REDIRECT)) {
Header header = authpost.getResponseHeader("location");
if (header != null) {
String newuri = header.getValue();
if ((newuri == null) || (newuri.equals(""))) {
newuri = "/";
}
System.out.println("Redirect target: " + newuri);
GetMethod redirect = new GetMethod(newuri);
int statusCode = client.executeMethod(redirect);
System.out.println("Redirect: " +
redirect.getStatusLine().toString());
if( statusCode != -1 ) {
String contents =
redirect.getResponseBodyAsString();
File name = new File("C:/test.html");
FileWriter fw = new FileWriter(name);
try {
fw.write(contents);
} catch (IOException e) {
}
redirect.releaseConnection();
fw.close();
}
-----Original Message-----
From: sebb [mailto:sebbaz@gmail.com]
Sent: 30 December 2008 16:24
To: HttpClient User Discussion
Subject: Re: Login issues
On 30/12/2008, david.kennedy@accenture.com <da...@accenture.com>
wrote:
> Hi All,
>
> I have been trying to log into a website for the past few days but
> with no luck using HTTPClient. I will now post all my findings so
> hopefully someone can spot my mistakes. The form on the site has this
code:
>
> <form onsubmit="return ValidateForm(this)" method="post"
> action="?iCmsPageId=32&sAction=CheckLogin">
>
> <p>Username</span>
> <input type="text" id="sUsername" name="sUsername" value=""
> maxlength="50" style="width: 200px;" /></p>
> <p>Password</span> <br /> <input type="password"
> id="sPassword" name="sPassword" value=""
> maxlength="50" style="width: 200px;" /></p>
>
> <script language="JavaScript" type="text/javascript">
> <!--
> function ValidateForm(oForm)
> {
> var sError = '';
> if(!Empty(sError))
> {
> alert(sError);
> return false;
> }
> return true;
> }
> -->
> </script>
>
> <div class="button" >
> <div class="buttonimg">
> <img border="0" alt="" src="img/btn_box_arrow.jpg"/>
> </div>
> <div class="buttontext">
> <input class="textsubmit" type="submit"
> onmouseout="changeTextDecoration(this,'none');"
> onmouseover="changeTextDecoration(this,'underline');" style="color:
> rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
> </div>
> </div>
>
> so therefore i coded the following where LOGON_PAGE is the actual
> page where login occurs rather than the root page :
>
>
> PostMethod authpost = new PostMethod(LOGON_PAGE
> +"?iCmsPageId=32&sAction=CheckLogin");
That should probably be
PostMethod authpost = new PostMethod(LOGON_PAGE);
> authpost.setDoAuthentication(true);
I don't think that is needed.
> NameValuePair action = new NameValuePair("action",
> "?iCmsPageId=32&sAction=CheckLogin");
That should be:
NameValuePair pageid = new NameValuePair("iCmsPageId", "32");
NameValuePair action = new NameValuePair("sAction", "CheckLogin");
> NameValuePair username = new NameValuePair("sUsername", "username");
> NameValuePair password = new NameValuePair("sPassword", "password");
>
> authpost.setRequestBody( new NameValuePair[] {action, username,
> password});
and that should be:
authpost.setRequestBody( new NameValuePair[] {pageid, action, username,
password});
>
> System.out.println("Login form post status: " +
> authpost.getStatusLine().toString());
> //System.out.println("Page Content: " +
> authpost.getResponseBodyAsString());
> System.out.println("Path: " + authpost.getPath());
> System.out.println("Redirection: " +
> authpost.getFollowRedirects());
> System.out.println("Location: " +
> authpost.getResponseHeader("location"));
>
> Header[] responseHeaders = authpost.getResponseHeaders();
> for (int i=0; i<responseHeaders.length; i++){
> System.out.print(responseHeaders[i]);
> }
>
> System.out.println("Login Status Text: " +
> authpost.getStatusText());
>
>
>
> and the output on the console was the following at the very bottom .
> It seems from the result of authpost.getStatusText() being 200 that
> it posted ok but I know from tests with my browser that I should get
> another cookie when I log in (even though it is deleted after log out)
> but I never get that final cookie so it looks like the login has
> failed and I also looked at the result returned from
> getResponseBodyAsString() and its still the initial login page.
> Actually, even when I changed the username or password to something
> wrong it still returns 200 from
> getStatusText() which I find strange! If it helps, using a plugin
> for Firefox I can see that the Post that occurs when logging in using
> Firefox is:
>
> /Main.php?iCmsPageId=32&sAction=CheckLogin
> sUsername=username&sPassword=password
>
>
> so I suppose the questions are, is the PostMethod constructed
> properly, does the submit button as seen in this code just below
> require a name value pair when no name is specified in the html even
> though that login button is the one that is pressed on the site,
>
> <input class="textsubmit" type="submit"
> onmouseout="changeTextDecoration(this,'none');"
> onmouseover="changeTextDecoration(this,'underline');" style="color:
> rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
>
> does the fact that javascript is required to provide validation with
> ValidateForm(this) make a difference to the coding and finally should
> the Post text got from a login using Firefox match the result from
>
> authpost.getQueryString() ?
>
>
>
> Any answers to these questions would be very welcome?
>
> Thanks very much
>
> Results:
>
> Initial set of cookies:
>
> - PHPSESSID=2ofmpn88qm2ht1qs3q0gf6f902
>
> - fcc_type=business
>
> - X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF
>
> Query: sEvent=DelayRepay
>
> Login form post status: HTTP/1.1 200 OK
>
> Path: /Main.php
>
> Redirection: false
>
> Location: null
>
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
>
> Set-Cookie: fcc_type=business; expires=Tue, 29-Dec-2009 13:41:18 GMT;
> path=/
>
> Set-Cookie: X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF;
> path=/
>
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
> pre-check=0
>
> Date: Mon, 29 Dec 2008 13:41:18 GMT
>
> Transfer-Encoding: chunked
>
> Connection: Keep-Alive
>
> Server: Apache/2.0.59 (CentOS)
>
> X-Powered-By: PHP/5.1.6
>
> Content-Type: text/html; charset=UTF-8
>
> Pragma: no-cache
>
> Login Status Text: OK
>
>
>
> This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you have
received it in error, please notify the sender immediately and delete
the original. Any other use of the email by you is prohibited.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: Login issues
Posted by da...@accenture.com.
Hi Brian,
I think you are correct and that it was a mistake on my part. Its
strange though, I issue a post command but when I do a getURI()
afterwards it shows me that it has in fact gone to the new URI but when
I look at the responsebody() it doesn't show the new URI body but the
one previous, what could this be?! As for the CMS. You could be right
but I am unsure as its not my server.
Thanks
-----Original Message-----
From: Brian Johnson [mailto:brj@u.washington.edu]
Sent: 30 December 2008 22:36
To: HttpClient User Discussion
Subject: RE: Login issues
David, In my experience, PHP doesn't automagically tweak URLS. Does the
"iCmsPageId" perhaps imply the use of a "content management system"
(CMS)?? If so, _it_ might be doing something automagic... (and, yes, it
might be using PHP to do it... but it's not an inherent PHP feature, I
routinely use GET parameters to control PHP sites).
-Brian Johnson, Dept of Architecture, University of Washington,
Seattle
On Tue, 30 Dec 2008, david.kennedy@accenture.com wrote:
>
> Actually I have figured out what the issue was by checking in my
> browser and for some reason when you move through your account it
> doesn't show the new source of each page but still shows the original
> page. Think this is maybe an aspect of php that I don't know about.
> Anyway my issue now is that
> as you can see from my code below, the GET method is passed the
> DETAILS_PAGE but after I do a getURI after the GET that you can see
> the result isnt
> http://www.mysite.co.uk/Main.php?sEvent=DRS&sAction=AmendDetails
> passed in but
> http://www.mysite.co.uk/Main.php?iCmsPageId=32
>
> Any ideas?
> Thanks
>
> //MOVING TO THE PERSONAL DETAILS PAGE
> System.out.println("New Get Target: " + DETAILS_PAGE);
> GetMethod getPersonalDetails = new
> GetMethod(DETAILS_PAGE);
>
> client.executeMethod(getPersonalDetails);
>
> System.out.println("Test by Getting the Personal Details
> Page: " + getPersonalDetails.getStatusLine().toString());
> System.out.println("Where are we after Getting Personal
> Details: " + getPersonalDetails.getURI());
>
> produces the result:
>
> New Get Target:
> http://www.mysite.co.uk/Main.php?sEvent=DRS&sAction=AmendDetails
> Test by Getting the Personal Details Page: HTTP/1.1 200 OK Where are
> we after Getting Personal Details:
> http://www.mysite.co.uk/Main.php?iCmsPageId=32
>
>
>
> -----Original Message-----
> From: sebb [mailto:sebbaz@gmail.com]
> Sent: 30 December 2008 16:24
> To: HttpClient User Discussion
> Subject: Re: Login issues
>
> On 30/12/2008, david.kennedy@accenture.com
> <da...@accenture.com>
> wrote:
>> Hi All,
>>
>> I have been trying to log into a website for the past few days but
>> with no luck using HTTPClient. I will now post all my findings so
>> hopefully someone can spot my mistakes. The form on the site has
>> this
> code:
>>
>> <form onsubmit="return ValidateForm(this)" method="post"
>> action="?iCmsPageId=32&sAction=CheckLogin">
>>
>> <p>Username</span>
>> <input type="text" id="sUsername" name="sUsername" value=""
>> maxlength="50" style="width: 200px;" /></p>
>> <p>Password</span> <br /> <input type="password"
>> id="sPassword" name="sPassword" value=""
>> maxlength="50" style="width: 200px;" /></p>
>>
>> <script language="JavaScript" type="text/javascript">
>> <!--
>> function ValidateForm(oForm)
>> {
>> var sError = '';
>> if(!Empty(sError))
>> {
>> alert(sError);
>> return false;
>> }
>> return true;
>> }
>> -->
>> </script>
>>
>> <div class="button" >
>> <div class="buttonimg">
>> <img border="0" alt="" src="img/btn_box_arrow.jpg"/>
>> </div>
>> <div class="buttontext">
>> <input class="textsubmit" type="submit"
>> onmouseout="changeTextDecoration(this,'none');"
>> onmouseover="changeTextDecoration(this,'underline');" style="color:
>> rgb(226, 0, 110); text-decoration: none;height:16px;"
value="Login"/>
>> </div>
>> </div>
>>
>> so therefore i coded the following where LOGON_PAGE is the actual
>> page where login occurs rather than the root page :
>>
>>
>> PostMethod authpost = new PostMethod(LOGON_PAGE
>> +"?iCmsPageId=32&sAction=CheckLogin");
>
> That should probably be
>
> PostMethod authpost = new PostMethod(LOGON_PAGE);
>
>> authpost.setDoAuthentication(true);
>
> I don't think that is needed.
>
>> NameValuePair action = new NameValuePair("action",
>> "?iCmsPageId=32&sAction=CheckLogin");
>
> That should be:
>
> NameValuePair pageid = new NameValuePair("iCmsPageId", "32");
> NameValuePair action = new NameValuePair("sAction", "CheckLogin");
>
>> NameValuePair username = new NameValuePair("sUsername",
>> "username");
>
>> NameValuePair password = new NameValuePair("sPassword", "password");
>>
>> authpost.setRequestBody( new NameValuePair[] {action, username,
>> password});
>
> and that should be:
>
> authpost.setRequestBody( new NameValuePair[] {pageid, action,
> username, password});
>
>>
>> System.out.println("Login form post status: " +
>> authpost.getStatusLine().toString());
>> //System.out.println("Page Content: " +
>> authpost.getResponseBodyAsString());
>> System.out.println("Path: " + authpost.getPath());
>> System.out.println("Redirection: " +
>> authpost.getFollowRedirects());
>> System.out.println("Location: " +
>> authpost.getResponseHeader("location"));
>>
>> Header[] responseHeaders = authpost.getResponseHeaders();
>> for (int i=0; i<responseHeaders.length; i++){
>> System.out.print(responseHeaders[i]);
>> }
>>
>> System.out.println("Login Status Text: " +
>> authpost.getStatusText());
>>
>>
>>
>> and the output on the console was the following at the very bottom
.
>
>> It seems from the result of authpost.getStatusText() being 200 that
>> it posted ok but I know from tests with my browser that I should get
>
>> another cookie when I log in (even though it is deleted after log
>> out)
>
>> but I never get that final cookie so it looks like the login has
>> failed and I also looked at the result returned from
>> getResponseBodyAsString() and its still the initial login page.
>> Actually, even when I changed the username or password to something
>> wrong it still returns 200 from
>> getStatusText() which I find strange! If it helps, using a plugin
>> for Firefox I can see that the Post that occurs when logging in
>> using
>
>> Firefox is:
>>
>> /Main.php?iCmsPageId=32&sAction=CheckLogin
>> sUsername=username&sPassword=password
>>
>>
>> so I suppose the questions are, is the PostMethod constructed
>> properly, does the submit button as seen in this code just below
>> require a name value pair when no name is specified in the html even
>> though that login button is the one that is pressed on the site,
>>
>> <input class="textsubmit" type="submit"
>> onmouseout="changeTextDecoration(this,'none');"
>> onmouseover="changeTextDecoration(this,'underline');" style="color:
>> rgb(226, 0, 110); text-decoration: none;height:16px;"
>> value="Login"/>
>>
>> does the fact that javascript is required to provide validation with
>> ValidateForm(this) make a difference to the coding and finally
>> should
>
>> the Post text got from a login using Firefox match the result from
>>
>> authpost.getQueryString() ?
>>
>>
>>
>> Any answers to these questions would be very welcome?
>>
>> Thanks very much
>>
>> Results:
>>
>> Initial set of cookies:
>>
>> - PHPSESSID=2ofmpn88qm2ht1qs3q0gf6f902
>>
>> - fcc_type=business
>>
>> - X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF
>>
>> Query: sEvent=DelayRepay
>>
>> Login form post status: HTTP/1.1 200 OK
>>
>> Path: /Main.php
>>
>> Redirection: false
>>
>> Location: null
>>
>> Expires: Thu, 19 Nov 1981 08:52:00 GMT
>>
>> Set-Cookie: fcc_type=business; expires=Tue, 29-Dec-2009 13:41:18
>> GMT;
>
>> path=/
>>
>> Set-Cookie: X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF;
>> path=/
>>
>> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
>> pre-check=0
>>
>> Date: Mon, 29 Dec 2008 13:41:18 GMT
>>
>> Transfer-Encoding: chunked
>>
>> Connection: Keep-Alive
>>
>> Server: Apache/2.0.59 (CentOS)
>>
>> X-Powered-By: PHP/5.1.6
>>
>> Content-Type: text/html; charset=UTF-8
>>
>> Pragma: no-cache
>>
>> Login Status Text: OK
>>
>>
>>
>> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information. If you
> have received it in error, please notify the sender immediately and
> delete the original. Any other use of the email by you is prohibited.
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
>
>
> This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you have
received it in error, please notify the sender immediately and delete
the original. Any other use of the email by you is prohibited.
>
>
> This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you have
received it in error, please notify the sender immediately and delete
the original. Any other use of the email by you is prohibited.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: Login issues
Posted by Brian Johnson <br...@u.washington.edu>.
David, In my experience, PHP doesn't automagically tweak URLS. Does the
"iCmsPageId" perhaps imply the use of a "content management system"
(CMS)?? If so, _it_ might be doing something automagic... (and, yes, it
might be using PHP to do it... but it's not an inherent PHP feature, I
routinely use GET parameters to control PHP sites).
-Brian Johnson, Dept of Architecture, University of Washington, Seattle
On Tue, 30 Dec 2008, david.kennedy@accenture.com wrote:
>
> Actually I have figured out what the issue was by checking in my browser
> and for some reason when you
> move through your account it doesn't show the new source of each page
> but still shows the original
> page. Think this is maybe an aspect of php that I don't know about.
> Anyway my issue now is that
> as you can see from my code below, the GET method is passed the
> DETAILS_PAGE but after I do a getURI after the GET
> that you can see the result isnt
> http://www.mysite.co.uk/Main.php?sEvent=DRS&sAction=AmendDetails passed
> in but
> http://www.mysite.co.uk/Main.php?iCmsPageId=32
>
> Any ideas?
> Thanks
>
> //MOVING TO THE PERSONAL DETAILS PAGE
> System.out.println("New Get Target: " + DETAILS_PAGE);
> GetMethod getPersonalDetails = new
> GetMethod(DETAILS_PAGE);
>
> client.executeMethod(getPersonalDetails);
>
> System.out.println("Test by Getting the Personal Details
> Page: " + getPersonalDetails.getStatusLine().toString());
> System.out.println("Where are we after Getting Personal
> Details: " + getPersonalDetails.getURI());
>
> produces the result:
>
> New Get Target:
> http://www.mysite.co.uk/Main.php?sEvent=DRS&sAction=AmendDetails
> Test by Getting the Personal Details Page: HTTP/1.1 200 OK
> Where are we after Getting Personal Details:
> http://www.mysite.co.uk/Main.php?iCmsPageId=32
>
>
>
> -----Original Message-----
> From: sebb [mailto:sebbaz@gmail.com]
> Sent: 30 December 2008 16:24
> To: HttpClient User Discussion
> Subject: Re: Login issues
>
> On 30/12/2008, david.kennedy@accenture.com <da...@accenture.com>
> wrote:
>> Hi All,
>>
>> I have been trying to log into a website for the past few days but
>> with no luck using HTTPClient. I will now post all my findings so
>> hopefully someone can spot my mistakes. The form on the site has this
> code:
>>
>> <form onsubmit="return ValidateForm(this)" method="post"
>> action="?iCmsPageId=32&sAction=CheckLogin">
>>
>> <p>Username</span>
>> <input type="text" id="sUsername" name="sUsername" value=""
>> maxlength="50" style="width: 200px;" /></p>
>> <p>Password</span> <br /> <input type="password"
>> id="sPassword" name="sPassword" value=""
>> maxlength="50" style="width: 200px;" /></p>
>>
>> <script language="JavaScript" type="text/javascript">
>> <!--
>> function ValidateForm(oForm)
>> {
>> var sError = '';
>> if(!Empty(sError))
>> {
>> alert(sError);
>> return false;
>> }
>> return true;
>> }
>> -->
>> </script>
>>
>> <div class="button" >
>> <div class="buttonimg">
>> <img border="0" alt="" src="img/btn_box_arrow.jpg"/>
>> </div>
>> <div class="buttontext">
>> <input class="textsubmit" type="submit"
>> onmouseout="changeTextDecoration(this,'none');"
>> onmouseover="changeTextDecoration(this,'underline');" style="color:
>> rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
>> </div>
>> </div>
>>
>> so therefore i coded the following where LOGON_PAGE is the actual
>> page where login occurs rather than the root page :
>>
>>
>> PostMethod authpost = new PostMethod(LOGON_PAGE
>> +"?iCmsPageId=32&sAction=CheckLogin");
>
> That should probably be
>
> PostMethod authpost = new PostMethod(LOGON_PAGE);
>
>> authpost.setDoAuthentication(true);
>
> I don't think that is needed.
>
>> NameValuePair action = new NameValuePair("action",
>> "?iCmsPageId=32&sAction=CheckLogin");
>
> That should be:
>
> NameValuePair pageid = new NameValuePair("iCmsPageId", "32");
> NameValuePair action = new NameValuePair("sAction", "CheckLogin");
>
>> NameValuePair username = new NameValuePair("sUsername", "username");
>
>> NameValuePair password = new NameValuePair("sPassword", "password");
>>
>> authpost.setRequestBody( new NameValuePair[] {action, username,
>> password});
>
> and that should be:
>
> authpost.setRequestBody( new NameValuePair[] {pageid, action, username,
> password});
>
>>
>> System.out.println("Login form post status: " +
>> authpost.getStatusLine().toString());
>> //System.out.println("Page Content: " +
>> authpost.getResponseBodyAsString());
>> System.out.println("Path: " + authpost.getPath());
>> System.out.println("Redirection: " +
>> authpost.getFollowRedirects());
>> System.out.println("Location: " +
>> authpost.getResponseHeader("location"));
>>
>> Header[] responseHeaders = authpost.getResponseHeaders();
>> for (int i=0; i<responseHeaders.length; i++){
>> System.out.print(responseHeaders[i]);
>> }
>>
>> System.out.println("Login Status Text: " +
>> authpost.getStatusText());
>>
>>
>>
>> and the output on the console was the following at the very bottom .
>
>> It seems from the result of authpost.getStatusText() being 200 that
>> it posted ok but I know from tests with my browser that I should get
>
>> another cookie when I log in (even though it is deleted after log out)
>
>> but I never get that final cookie so it looks like the login has
>> failed and I also looked at the result returned from
>> getResponseBodyAsString() and its still the initial login page.
>> Actually, even when I changed the username or password to something
>> wrong it still returns 200 from
>> getStatusText() which I find strange! If it helps, using a plugin
>> for Firefox I can see that the Post that occurs when logging in using
>
>> Firefox is:
>>
>> /Main.php?iCmsPageId=32&sAction=CheckLogin
>> sUsername=username&sPassword=password
>>
>>
>> so I suppose the questions are, is the PostMethod constructed
>> properly, does the submit button as seen in this code just below
>> require a name value pair when no name is specified in the html even
>> though that login button is the one that is pressed on the site,
>>
>> <input class="textsubmit" type="submit"
>> onmouseout="changeTextDecoration(this,'none');"
>> onmouseover="changeTextDecoration(this,'underline');" style="color:
>> rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
>>
>> does the fact that javascript is required to provide validation with
>> ValidateForm(this) make a difference to the coding and finally should
>
>> the Post text got from a login using Firefox match the result from
>>
>> authpost.getQueryString() ?
>>
>>
>>
>> Any answers to these questions would be very welcome?
>>
>> Thanks very much
>>
>> Results:
>>
>> Initial set of cookies:
>>
>> - PHPSESSID=2ofmpn88qm2ht1qs3q0gf6f902
>>
>> - fcc_type=business
>>
>> - X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF
>>
>> Query: sEvent=DelayRepay
>>
>> Login form post status: HTTP/1.1 200 OK
>>
>> Path: /Main.php
>>
>> Redirection: false
>>
>> Location: null
>>
>> Expires: Thu, 19 Nov 1981 08:52:00 GMT
>>
>> Set-Cookie: fcc_type=business; expires=Tue, 29-Dec-2009 13:41:18 GMT;
>
>> path=/
>>
>> Set-Cookie: X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF;
>> path=/
>>
>> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
>> pre-check=0
>>
>> Date: Mon, 29 Dec 2008 13:41:18 GMT
>>
>> Transfer-Encoding: chunked
>>
>> Connection: Keep-Alive
>>
>> Server: Apache/2.0.59 (CentOS)
>>
>> X-Powered-By: PHP/5.1.6
>>
>> Content-Type: text/html; charset=UTF-8
>>
>> Pragma: no-cache
>>
>> Login Status Text: OK
>>
>>
>>
>> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information. If you have
> received it in error, please notify the sender immediately and delete
> the original. Any other use of the email by you is prohibited.
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
>
>
> This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
>
>
> This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: Login issues
Posted by da...@accenture.com.
Actually I have figured out what the issue was by checking in my browser
and for some reason when you
move through your account it doesn't show the new source of each page
but still shows the original
page. Think this is maybe an aspect of php that I don't know about.
Anyway my issue now is that
as you can see from my code below, the GET method is passed the
DETAILS_PAGE but after I do a getURI after the GET
that you can see the result isnt
http://www.mysite.co.uk/Main.php?sEvent=DRS&sAction=AmendDetails passed
in but
http://www.mysite.co.uk/Main.php?iCmsPageId=32
Any ideas?
Thanks
//MOVING TO THE PERSONAL DETAILS PAGE
System.out.println("New Get Target: " + DETAILS_PAGE);
GetMethod getPersonalDetails = new
GetMethod(DETAILS_PAGE);
client.executeMethod(getPersonalDetails);
System.out.println("Test by Getting the Personal Details
Page: " + getPersonalDetails.getStatusLine().toString());
System.out.println("Where are we after Getting Personal
Details: " + getPersonalDetails.getURI());
produces the result:
New Get Target:
http://www.mysite.co.uk/Main.php?sEvent=DRS&sAction=AmendDetails
Test by Getting the Personal Details Page: HTTP/1.1 200 OK
Where are we after Getting Personal Details:
http://www.mysite.co.uk/Main.php?iCmsPageId=32
-----Original Message-----
From: sebb [mailto:sebbaz@gmail.com]
Sent: 30 December 2008 16:24
To: HttpClient User Discussion
Subject: Re: Login issues
On 30/12/2008, david.kennedy@accenture.com <da...@accenture.com>
wrote:
> Hi All,
>
> I have been trying to log into a website for the past few days but
> with no luck using HTTPClient. I will now post all my findings so
> hopefully someone can spot my mistakes. The form on the site has this
code:
>
> <form onsubmit="return ValidateForm(this)" method="post"
> action="?iCmsPageId=32&sAction=CheckLogin">
>
> <p>Username</span>
> <input type="text" id="sUsername" name="sUsername" value=""
> maxlength="50" style="width: 200px;" /></p>
> <p>Password</span> <br /> <input type="password"
> id="sPassword" name="sPassword" value=""
> maxlength="50" style="width: 200px;" /></p>
>
> <script language="JavaScript" type="text/javascript">
> <!--
> function ValidateForm(oForm)
> {
> var sError = '';
> if(!Empty(sError))
> {
> alert(sError);
> return false;
> }
> return true;
> }
> -->
> </script>
>
> <div class="button" >
> <div class="buttonimg">
> <img border="0" alt="" src="img/btn_box_arrow.jpg"/>
> </div>
> <div class="buttontext">
> <input class="textsubmit" type="submit"
> onmouseout="changeTextDecoration(this,'none');"
> onmouseover="changeTextDecoration(this,'underline');" style="color:
> rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
> </div>
> </div>
>
> so therefore i coded the following where LOGON_PAGE is the actual
> page where login occurs rather than the root page :
>
>
> PostMethod authpost = new PostMethod(LOGON_PAGE
> +"?iCmsPageId=32&sAction=CheckLogin");
That should probably be
PostMethod authpost = new PostMethod(LOGON_PAGE);
> authpost.setDoAuthentication(true);
I don't think that is needed.
> NameValuePair action = new NameValuePair("action",
> "?iCmsPageId=32&sAction=CheckLogin");
That should be:
NameValuePair pageid = new NameValuePair("iCmsPageId", "32");
NameValuePair action = new NameValuePair("sAction", "CheckLogin");
> NameValuePair username = new NameValuePair("sUsername", "username");
> NameValuePair password = new NameValuePair("sPassword", "password");
>
> authpost.setRequestBody( new NameValuePair[] {action, username,
> password});
and that should be:
authpost.setRequestBody( new NameValuePair[] {pageid, action, username,
password});
>
> System.out.println("Login form post status: " +
> authpost.getStatusLine().toString());
> //System.out.println("Page Content: " +
> authpost.getResponseBodyAsString());
> System.out.println("Path: " + authpost.getPath());
> System.out.println("Redirection: " +
> authpost.getFollowRedirects());
> System.out.println("Location: " +
> authpost.getResponseHeader("location"));
>
> Header[] responseHeaders = authpost.getResponseHeaders();
> for (int i=0; i<responseHeaders.length; i++){
> System.out.print(responseHeaders[i]);
> }
>
> System.out.println("Login Status Text: " +
> authpost.getStatusText());
>
>
>
> and the output on the console was the following at the very bottom .
> It seems from the result of authpost.getStatusText() being 200 that
> it posted ok but I know from tests with my browser that I should get
> another cookie when I log in (even though it is deleted after log out)
> but I never get that final cookie so it looks like the login has
> failed and I also looked at the result returned from
> getResponseBodyAsString() and its still the initial login page.
> Actually, even when I changed the username or password to something
> wrong it still returns 200 from
> getStatusText() which I find strange! If it helps, using a plugin
> for Firefox I can see that the Post that occurs when logging in using
> Firefox is:
>
> /Main.php?iCmsPageId=32&sAction=CheckLogin
> sUsername=username&sPassword=password
>
>
> so I suppose the questions are, is the PostMethod constructed
> properly, does the submit button as seen in this code just below
> require a name value pair when no name is specified in the html even
> though that login button is the one that is pressed on the site,
>
> <input class="textsubmit" type="submit"
> onmouseout="changeTextDecoration(this,'none');"
> onmouseover="changeTextDecoration(this,'underline');" style="color:
> rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
>
> does the fact that javascript is required to provide validation with
> ValidateForm(this) make a difference to the coding and finally should
> the Post text got from a login using Firefox match the result from
>
> authpost.getQueryString() ?
>
>
>
> Any answers to these questions would be very welcome?
>
> Thanks very much
>
> Results:
>
> Initial set of cookies:
>
> - PHPSESSID=2ofmpn88qm2ht1qs3q0gf6f902
>
> - fcc_type=business
>
> - X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF
>
> Query: sEvent=DelayRepay
>
> Login form post status: HTTP/1.1 200 OK
>
> Path: /Main.php
>
> Redirection: false
>
> Location: null
>
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
>
> Set-Cookie: fcc_type=business; expires=Tue, 29-Dec-2009 13:41:18 GMT;
> path=/
>
> Set-Cookie: X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF;
> path=/
>
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
> pre-check=0
>
> Date: Mon, 29 Dec 2008 13:41:18 GMT
>
> Transfer-Encoding: chunked
>
> Connection: Keep-Alive
>
> Server: Apache/2.0.59 (CentOS)
>
> X-Powered-By: PHP/5.1.6
>
> Content-Type: text/html; charset=UTF-8
>
> Pragma: no-cache
>
> Login Status Text: OK
>
>
>
> This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you have
received it in error, please notify the sender immediately and delete
the original. Any other use of the email by you is prohibited.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Login issues
Posted by sebb <se...@gmail.com>.
On 30/12/2008, david.kennedy@accenture.com <da...@accenture.com> wrote:
> Hi All,
>
> I have been trying to log into a website for the past few days but with
> no luck using HTTPClient. I will now post all my findings so hopefully
> someone can spot my mistakes. The form on the site has this code:
>
> <form onsubmit="return ValidateForm(this)" method="post"
> action="?iCmsPageId=32&sAction=CheckLogin">
>
> <p>Username</span>
> <input type="text" id="sUsername" name="sUsername" value=""
> maxlength="50" style="width: 200px;" /></p>
> <p>Password</span> <br />
> <input type="password" id="sPassword" name="sPassword" value=""
> maxlength="50" style="width: 200px;" /></p>
>
> <script language="JavaScript" type="text/javascript">
> <!--
> function ValidateForm(oForm)
> {
> var sError = '';
> if(!Empty(sError))
> {
> alert(sError);
> return false;
> }
> return true;
> }
> -->
> </script>
>
> <div class="button" >
> <div class="buttonimg">
> <img border="0" alt="" src="img/btn_box_arrow.jpg"/>
> </div>
> <div class="buttontext">
> <input class="textsubmit" type="submit"
> onmouseout="changeTextDecoration(this,'none');"
> onmouseover="changeTextDecoration(this,'underline');" style="color:
> rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
> </div>
> </div>
>
> so therefore i coded the following where LOGON_PAGE is the actual page
> where login occurs rather than the root page :
>
>
> PostMethod authpost = new PostMethod(LOGON_PAGE
> +"?iCmsPageId=32&sAction=CheckLogin");
That should probably be
PostMethod authpost = new PostMethod(LOGON_PAGE);
> authpost.setDoAuthentication(true);
I don't think that is needed.
> NameValuePair action = new NameValuePair("action",
> "?iCmsPageId=32&sAction=CheckLogin");
That should be:
NameValuePair pageid = new NameValuePair("iCmsPageId", "32");
NameValuePair action = new NameValuePair("sAction", "CheckLogin");
> NameValuePair username = new NameValuePair("sUsername", "username");
> NameValuePair password = new NameValuePair("sPassword", "password");
>
> authpost.setRequestBody( new NameValuePair[] {action, username,
> password});
and that should be:
authpost.setRequestBody( new NameValuePair[] {pageid, action,
username, password});
>
> System.out.println("Login form post status: " +
> authpost.getStatusLine().toString());
> //System.out.println("Page Content: " +
> authpost.getResponseBodyAsString());
> System.out.println("Path: " + authpost.getPath());
> System.out.println("Redirection: " +
> authpost.getFollowRedirects());
> System.out.println("Location: " +
> authpost.getResponseHeader("location"));
>
> Header[] responseHeaders = authpost.getResponseHeaders();
> for (int i=0; i<responseHeaders.length; i++){
> System.out.print(responseHeaders[i]);
> }
>
> System.out.println("Login Status Text: " +
> authpost.getStatusText());
>
>
>
> and the output on the console was the following at the very bottom . It
> seems from the result of authpost.getStatusText() being 200 that it
> posted ok but I know from tests with my browser that I should get
> another cookie when I log in (even though it is deleted after log out)
> but I never get that final cookie so it looks like the login has failed
> and I also looked at the result returned from getResponseBodyAsString()
> and its still the initial login page. Actually, even when I changed the
> username or password to something wrong it still returns 200 from
> getStatusText() which I find strange! If it helps, using a plugin for
> Firefox I can see that the Post that occurs when logging in using
> Firefox is:
>
> /Main.php?iCmsPageId=32&sAction=CheckLogin
> sUsername=username&sPassword=password
>
>
> so I suppose the questions are, is the PostMethod constructed properly,
> does the submit button as seen in this code just below require a name
> value pair when no name is specified in the html even though that login
> button is the one that is pressed on the site,
>
> <input class="textsubmit" type="submit"
> onmouseout="changeTextDecoration(this,'none');"
> onmouseover="changeTextDecoration(this,'underline');" style="color:
> rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
>
> does the fact that javascript is required to provide validation with
> ValidateForm(this) make a difference to the coding and finally should
> the Post text got from a login using Firefox match the result from
>
> authpost.getQueryString() ?
>
>
>
> Any answers to these questions would be very welcome?
>
> Thanks very much
>
> Results:
>
> Initial set of cookies:
>
> - PHPSESSID=2ofmpn88qm2ht1qs3q0gf6f902
>
> - fcc_type=business
>
> - X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF
>
> Query: sEvent=DelayRepay
>
> Login form post status: HTTP/1.1 200 OK
>
> Path: /Main.php
>
> Redirection: false
>
> Location: null
>
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
>
> Set-Cookie: fcc_type=business; expires=Tue, 29-Dec-2009 13:41:18 GMT;
> path=/
>
> Set-Cookie: X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF; path=/
>
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
> pre-check=0
>
> Date: Mon, 29 Dec 2008 13:41:18 GMT
>
> Transfer-Encoding: chunked
>
> Connection: Keep-Alive
>
> Server: Apache/2.0.59 (CentOS)
>
> X-Powered-By: PHP/5.1.6
>
> Content-Type: text/html; charset=UTF-8
>
> Pragma: no-cache
>
> Login Status Text: OK
>
>
>
> This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org