On 30/12/2008, [email protected] <[email protected]> wrote:
> Hi All,
>
> I have been trying to log into a website for the past few days but with
> no luck using HTTPClient. I will now post all my findings so hopefully
> someone can spot my mistakes. The form on the site has this code:
>
> <form onsubmit="return ValidateForm(this)" method="post"
> action="?iCmsPageId=32&sAction=CheckLogin">
>
> <p>Username</span>
> <input type="text" id="sUsername" name="sUsername" value=""
> maxlength="50" style="width: 200px;" /></p>
> <p>Password</span> <br />
> <input type="password" id="sPassword" name="sPassword" value=""
> maxlength="50" style="width: 200px;" /></p>
>
> <script language="JavaScript" type="text/javascript">
> <!--
> function ValidateForm(oForm)
> {
> var sError = '';
> if(!Empty(sError))
> {
> alert(sError);
> return false;
> }
> return true;
> }
> -->
> </script>
>
> <div class="button" >
> <div class="buttonimg">
> <img border="0" alt="" src="img/btn_box_arrow.jpg"/>
> </div>
> <div class="buttontext">
> <input class="textsubmit" type="submit"
> onmouseout="changeTextDecoration(this,'none');"
> onmouseover="changeTextDecoration(this,'underline');" style="color:
> rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
> </div>
> </div>
>
> so therefore i coded the following where LOGON_PAGE is the actual page
> where login occurs rather than the root page :
>
>
> PostMethod authpost = new PostMethod(LOGON_PAGE
> +"?iCmsPageId=32&sAction=CheckLogin");
That should probably be
PostMethod authpost = new PostMethod(LOGON_PAGE);
> authpost.setDoAuthentication(true);
I don't think that is needed.
> NameValuePair action = new NameValuePair("action",
> "?iCmsPageId=32&sAction=CheckLogin");
That should be:
NameValuePair pageid = new NameValuePair("iCmsPageId", "32");
NameValuePair action = new NameValuePair("sAction", "CheckLogin");
> NameValuePair username = new NameValuePair("sUsername", "username");
> NameValuePair password = new NameValuePair("sPassword", "password");
>
> authpost.setRequestBody( new NameValuePair[] {action, username,
> password});
and that should be:
authpost.setRequestBody( new NameValuePair[] {pageid, action,
username, password});
>
> System.out.println("Login form post status: " +
> authpost.getStatusLine().toString());
> //System.out.println("Page Content: " +
> authpost.getResponseBodyAsString());
> System.out.println("Path: " + authpost.getPath());
> System.out.println("Redirection: " +
> authpost.getFollowRedirects());
> System.out.println("Location: " +
> authpost.getResponseHeader("location"));
>
> Header[] responseHeaders = authpost.getResponseHeaders();
> for (int i=0; i<responseHeaders.length; i++){
> System.out.print(responseHeaders[i]);
> }
>
> System.out.println("Login Status Text: " +
> authpost.getStatusText());
>
>
>
> and the output on the console was the following at the very bottom . It
> seems from the result of authpost.getStatusText() being 200 that it
> posted ok but I know from tests with my browser that I should get
> another cookie when I log in (even though it is deleted after log out)
> but I never get that final cookie so it looks like the login has failed
> and I also looked at the result returned from getResponseBodyAsString()
> and its still the initial login page. Actually, even when I changed the
> username or password to something wrong it still returns 200 from
> getStatusText() which I find strange! If it helps, using a plugin for
> Firefox I can see that the Post that occurs when logging in using
> Firefox is:
>
> /Main.php?iCmsPageId=32&sAction=CheckLogin
> sUsername=username&sPassword=password
>
>
> so I suppose the questions are, is the PostMethod constructed properly,
> does the submit button as seen in this code just below require a name
> value pair when no name is specified in the html even though that login
> button is the one that is pressed on the site,
>
> <input class="textsubmit" type="submit"
> onmouseout="changeTextDecoration(this,'none');"
> onmouseover="changeTextDecoration(this,'underline');" style="color:
> rgb(226, 0, 110); text-decoration: none;height:16px;" value="Login"/>
>
> does the fact that javascript is required to provide validation with
> ValidateForm(this) make a difference to the coding and finally should
> the Post text got from a login using Firefox match the result from
>
> authpost.getQueryString() ?
>
>
>
> Any answers to these questions would be very welcome?
>
> Thanks very much
>
> Results:
>
> Initial set of cookies:
>
> - PHPSESSID=2ofmpn88qm2ht1qs3q0gf6f902
>
> - fcc_type=business
>
> - X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF
>
> Query: sEvent=DelayRepay
>
> Login form post status: HTTP/1.1 200 OK
>
> Path: /Main.php
>
> Redirection: false
>
> Location: null
>
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
>
> Set-Cookie: fcc_type=business; expires=Tue, 29-Dec-2009 13:41:18 GMT;
> path=/
>
> Set-Cookie: X-Mapping-chkpfbio=F4A71D0EB4DBC40FBE8F477BF48CF0CF; path=/
>
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
> pre-check=0
>
> Date: Mon, 29 Dec 2008 13:41:18 GMT
>
> Transfer-Encoding: chunked
>
> Connection: Keep-Alive
>
> Server: Apache/2.0.59 (CentOS)
>
> X-Powered-By: PHP/5.1.6
>
> Content-Type: text/html; charset=UTF-8
>
> Pragma: no-cache
>
> Login Status Text: OK
>
>
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the email by you is prohibited.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
