[Boston.pm] Help using LWP to change password Q's?

2004-08-24 Thread Bob Mariotti
Fellow mongers;
I have a mental block!  I just cannot seem to get this logic to an 
understandable point.  Therefore, I was hoping that some of you could 
explain the process somewhat.

I have several reasonably complex scripts that use LWP to interact with 
a remote secured web site.  Works great and reliably.  Now the remote 
service site has implemented expiring passwords requiring the clients 
(my script) to change passwords periodically before its next access.

Simple I'd say!  So I created a relatively short script to do just that.
Here's where my brain fry comes in:
Q: How does the submit button interrelate with the next URL?
Example:
Initial https connect to specified page : 
https://xxx.yyy.com/ssp/jsp/blah.jsp

LWP received the resulting page successfully which contains a form that 
has fields for username, current password, new password, new password 
again.  The usual stuff.

By examining the received HTML code I determined the fieldnames used 
above so that I could load them on my next POST operation.  I also noted 
that on the FORM statement the value of the ACTION parameter was 
ABC123 with NO extension.   Also, the SUBMIT tag has an onClick 
function similar to this:  onClick=return subrname().

I assume that if the LWP POST operation is performed it emulates someone 
clicking on the SUBMIT button.  The subroutine is a javascript editing 
routine that issues an alert(msg) and returns false or true.

Assuming the response is true... must the programmer alter the URL for 
the POST operation at all?  Or will LWP and/or HTTP take care of 
manipulating the URL in combination with the ACTION value?

I'm sorry for the somewhat basic basis for this query but sometimes the 
gray cells don't work as well as they should.

Thanks for ANY help and/or advice anyone can supply (please - no 
harassing?).

Bob - Hartford PM
++
|Bob Mariotti   | Financial DataCorp |
|Exec V.P.  | 703 Hebron Avenue  |
|(860) 657-8983 | Glastonbury, CT 06033  |
|email: [EMAIL PROTECTED] |
|Registered Linux User #320395   |
++
___
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm


Re: [Boston.pm] Help using LWP to change password Q's?

2004-08-24 Thread Andrew Langmead
On Tuesday, August 24, 2004, at 10:42  AM, Bob Mariotti wrote:
By examining the received HTML code I determined the fieldnames used 
above so that I could load them on my next POST operation.  I also 
noted that on the FORM statement the value of the ACTION parameter was 
ABC123 with NO extension.   Also, the SUBMIT tag has an onClick 
function similar to this:  onClick=return subrname().

I assume that if the LWP POST operation is performed it emulates 
someone clicking on the SUBMIT button.  The subroutine is a javascript 
editing routine that issues an alert(msg) and returns false or true.
The javascript happens solely client side, LWP controls the 
communication between the client and the server. So to get this to 
work, you need to mimic the actions that the Javascript is doing before 
it sends the request.

When the user clicks the submit button, instead of submitting the form, 
it runs the javascript function subrname. Chances are, subrname 
performs some sort of side effects, like changing the form action. If 
subrname returns true, the form (in its current state, after whatever 
changes subrname caused)  is sent to the server.

I don't know what subrname looks like, or even if it is the same each 
time. It is possible that the  site is intentionally trying to 
intentionally make it difficult to automate the password changing. If 
so, you might have an arms race on your hand.

___
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm


Re: [Boston.pm] Help using LWP to change password Q's?

2004-08-24 Thread Andrew Langmead
On Tuesday, August 24, 2004, at 10:42  AM, Bob Mariotti wrote:
By examining the received HTML code I determined the fieldnames used 
above so that I could load them on my next POST operation.  I also 
noted that on the FORM statement the value of the ACTION parameter was 
ABC123 with NO extension.   Also, the SUBMIT tag has an onClick 
function similar to this:  onClick=return subrname().

I assume that if the LWP POST operation is performed it emulates 
someone clicking on the SUBMIT button.  The subroutine is a javascript 
editing routine that issues an alert(msg) and returns false or true.
The javascript happens solely client side, LWP controls the 
communication between the client and the server. So to get this to 
work, you need to mimic the actions that the Javascript is doing before 
it sends the request.

When the user clicks the submit button, instead of submitting the form, 
it runs the javascript function subrname. Chances are, subrname 
performs some sort of side effects, like changing the form action. If 
subrname returns true, the form (in its current state, after whatever 
changes subrname caused)  is sent to the server.

I don't know what subrname looks like, or even if it is the same each 
time. It is possible that the  site is intentionally trying to 
intentionally make it difficult to automate the password changing. If 
so, you might have an arms race on your hand.

___
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm


Re: [Boston.pm] Help using LWP to change password Q's?

2004-08-24 Thread Gyepi SAM
On Tue, Aug 24, 2004 at 10:42:32AM -0400, Bob Mariotti wrote:
 Q: How does the submit button interrelate with the next URL?
 
 Example:
 
 Initial https connect to specified page : 
 https://xxx.yyy.com/ssp/jsp/blah.jsp

The submit button causes your browser to submit the contents of the form
using the specified method (post or get). to the specified action URL.
Since the action URL in this case is not qualified, a smart browser will
prepend the base URL (in this case https://xxx.yyy.com/ssp/jsp)
to the value of the action attribute and send the response, in this case, to
https://xxx.yyy.com/ssp/jsp/ABC123. Note that since
the action tag should either be fully qualified (begin with http or https) or
be relative (begin with '/'). Neither is true in this case, so the browser has
to figure out what to do. 

 Assuming the response is true... must the programmer alter the URL for 
 the POST operation at all?  Or will LWP and/or HTTP take care of 
 manipulating the URL in combination with the ACTION value?

Since you're writing the browser, you may need to append the value of the
action attribute to the base URL and post the response there.

-Gyepi

___
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm


Re: [Boston.pm] Help using LWP to change password Q's?

2004-08-24 Thread Dan Boger
On Tue, Aug 24, 2004 at 12:25:43PM -0400, Gyepi SAM wrote:
 Note that since the action tag should either be fully qualified (begin
 with http or https) or be relative (begin with '/'). Neither is true
 in this case, so the browser has to figure out what to do.

Aren't paths that begin with a '/' considered 'absolute'?  And relative
is anything else?  An ACTION of ../form.cgi is a valid relative URI,
isn't it?

-- 
Dan Boger
[EMAIL PROTECTED]
___
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm


Re: [Boston.pm] Help using LWP to change password Q's?

2004-08-24 Thread Ian Langworth
On 24.Aug.2004 12:02PM -0400, Dan Boger wrote:

 On Tue, Aug 24, 2004 at 12:25:43PM -0400, Gyepi SAM wrote:
  Note that since the action tag should either be fully
  qualified (begin with http or https) or be relative (begin
  with '/'). Neither is true in this case, so the browser has
  to figure out what to do.
 
 Aren't paths that begin with a '/' considered 'absolute'?  And
 relative is anything else?  An ACTION of ../form.cgi is
 a valid relative URI, isn't it?

See:

http://en.wikipedia.org/wiki/Uniform_Resource_Identifier#URI_Reference

-- 
Ian Langworth
Project Guerrilla
Northeastern University
College of Computer and Information Science

___
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm


Re: [Boston.pm] Trouble debugging a simple parse error

2004-08-24 Thread Kripa Sundar
 As this doc excerpt (from map on perlfunc) says it should:
 
{ starts both hash references and blocks, so map { ...
could be either the start of map BLOCK LIST or map EXPR, LIST.
Because perl doesn't look ahead for the closing } it has to
take a guess at which its dealing with based what it finds just
after the {. Usually it gets it right, but if it doesn't it
won't realize something is wrong until it gets to the } and
encounters the missing (or unexpected)
comma. [...]

Thanks, Bob.

IMHO, the missing comma should allow the parser to back-track
and make the right decision on expr-versus-block.



 rant Personally, I find this sort of magic syntax crap really
 annoying. ...

Amen to that!

 ... Being an old Lisp hacker, I would have preferred that map
 always take a functional; then there's no syntax guesswork.  But, being
 an old Lisp hacker, I also realize that I'm just a lone voice crying in
 the wilderness . . . /rant

Not exactly lone, because I am there howling with you.  :-)

peace,  || Byatrayanapura: Better governance thru online taxes:
--{kr.pA}   || http://tinyurl.com/296js
-- 
If I have not seen farther, it is because giants have stood on my shoulders.
-- V. Guhan.  [with apologies to Newton, Sir Isaac.]
___
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm


Re: [Boston.pm] Help using LWP to change password Q's?

2004-08-24 Thread Gyepi SAM
On Tue, Aug 24, 2004 at 12:02:26PM -0400, Dan Boger wrote:
 On Tue, Aug 24, 2004 at 12:25:43PM -0400, Gyepi SAM wrote:
  Note that since the action tag should either be fully qualified (begin
  with http or https) or be relative (begin with '/'). Neither is true
  in this case, so the browser has to figure out what to do.
 
 Aren't paths that begin with a '/' considered 'absolute'?  And relative
 is anything else?  An ACTION of ../form.cgi is a valid relative URI,
 isn't it?

A URI that does not begin with a scheme and net location (hostname) is considered
relative. A string that begins with '/' is a relative URI but an absolute path.

I should have been clearer and said fully qualified *URL* or absolute *path*.

The point of the original statement was that sing a relative path as the
target of an ACTION attribute is technically correct, but bad practice.

-Gyepi
___
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm


Re: [Boston.pm] Help using LWP to change password Q's?

2004-08-24 Thread Dan Boger
On Tue, Aug 24, 2004 at 01:35:20PM -0400, Ian Langworth wrote:
 On 24.Aug.2004 12:02PM -0400, Dan Boger wrote:
 
  On Tue, Aug 24, 2004 at 12:25:43PM -0400, Gyepi SAM wrote:
   Note that since the action tag should either be fully
   qualified (begin with http or https) or be relative (begin
   with '/'). Neither is true in this case, so the browser has
   to figure out what to do.
  
  Aren't paths that begin with a '/' considered 'absolute'?  And
  relative is anything else?  An ACTION of ../form.cgi is
  a valid relative URI, isn't it?
 
 See:
 
 http://en.wikipedia.org/wiki/Uniform_Resource_Identifier#URI_Reference

So I was correct?  :)

-- 
Dan Boger
[EMAIL PROTECTED]
___
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm


[Boston.pm] Date for next meeting?

2004-08-24 Thread Drew Taylor
Have we (ie Sean :-) coordinated a date with BU for the next meeting? I 
don't want to procrastinate too long in preparing my talk...

Drew
--

Drew Taylor *  Web development  consulting
Email: [EMAIL PROTECTED]  *  Site implementation  hosting
Web  : www.drewtaylor.com   *  perl/mod_perl/DBI/mysql/postgres

___
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm


Re: [Boston.pm] Help using LWP to change password Q's?

2004-08-24 Thread Uri Guttman
 BM == Bob Mariotti [EMAIL PROTECTED] writes:

  BM I have several reasonably complex scripts that use LWP to interact
  BM with a remote secured web site.  Works great and reliably.  Now
  BM the remote service site has implemented expiring passwords
  BM requiring the clients (my script) to change passwords periodically
  BM before its next access.

  BM Q: How does the submit button interrelate with the next URL?

  BM Example:

  BM Initial https connect to specified page :
  BM https://xxx.yyy.com/ssp/jsp/blah.jsp

  BM LWP received the resulting page successfully which contains a form that
  BM has fields for username, current password, new password, new password
  BM again.  The usual stuff.

  BM By examining the received HTML code I determined the fieldnames used
  BM above so that I could load them on my next POST operation.  I also noted
  BM that on the FORM statement the value of the ACTION parameter was
  BM ABC123 with NO extension.   Also, the SUBMIT tag has an onClick
  BM function similar to this:  onClick=return subrname().

  BM I assume that if the LWP POST operation is performed it emulates someone
  BM clicking on the SUBMIT button.  The subroutine is a javascript editing
  BM routine that issues an alert(msg) and returns false or true.

first, i would recommend using WWW::Mechanize for this. it will remove a
large chunk of your lwp code (it inherits from LWP). it makes fetching
pages and filling/clicking on them much simpler.

if the form tag has a URL for its action, then you can ignore the
onclick. it may be calling some javascript to verify stuff but that is
bogus. only the server should be doing data verification for real
(anyone who uses only javascript for this has a large hole waiting to be
explored).

uri

-- 
Uri Guttman  --  [EMAIL PROTECTED]   http://www.stemsystems.com
--Perl Consulting, Stem Development, Systems Architecture, Design and Coding-
Search or Offer Perl Jobs    http://jobs.perl.org
___
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm


[Boston.pm] Web Development Contract Templates

2004-08-24 Thread Joel Gwynn
I may have a small project coming up and I need a good web site 
development contract template.  The site will be about 20 static pages, 
a couple of  user registration/preference  scripts, and a fairly simple 
query script.

Does anybody have any recommendations?  I don't mind paying, but I'd 
like to know that I was buying the right one.
___
Boston-pm mailing list
[EMAIL PROTECTED]
http://mail.pm.org/mailman/listinfo/boston-pm