[Boston.pm] Help using LWP to change password Q's?
Fellow mongers; I have a mental block! I just cannot seem to get this logic to an understandable point. Therefore, I was hoping that some of you could explain the process somewhat. I have several reasonably complex scripts that use LWP to interact with a remote secured web site. Works great and reliably. Now the remote service site has implemented expiring passwords requiring the clients (my script) to change passwords periodically before its next access. Simple I'd say! So I created a relatively short script to do just that. Here's where my brain fry comes in: Q: How does the submit button interrelate with the next URL? Example: Initial https connect to specified page : https://xxx.yyy.com/ssp/jsp/blah.jsp LWP received the resulting page successfully which contains a form that has fields for username, current password, new password, new password again. The usual stuff. By examining the received HTML code I determined the fieldnames used above so that I could load them on my next POST operation. I also noted that on the FORM statement the value of the ACTION parameter was ABC123 with NO extension. Also, the SUBMIT tag has an onClick function similar to this: onClick=return subrname(). I assume that if the LWP POST operation is performed it emulates someone clicking on the SUBMIT button. The subroutine is a javascript editing routine that issues an alert(msg) and returns false or true. Assuming the response is true... must the programmer alter the URL for the POST operation at all? Or will LWP and/or HTTP take care of manipulating the URL in combination with the ACTION value? I'm sorry for the somewhat basic basis for this query but sometimes the gray cells don't work as well as they should. Thanks for ANY help and/or advice anyone can supply (please - no harassing?). Bob - Hartford PM ++ |Bob Mariotti | Financial DataCorp | |Exec V.P. | 703 Hebron Avenue | |(860) 657-8983 | Glastonbury, CT 06033 | |email: [EMAIL PROTECTED] | |Registered Linux User #320395 | ++ ___ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Help using LWP to change password Q's?
On Tuesday, August 24, 2004, at 10:42 AM, Bob Mariotti wrote: By examining the received HTML code I determined the fieldnames used above so that I could load them on my next POST operation. I also noted that on the FORM statement the value of the ACTION parameter was ABC123 with NO extension. Also, the SUBMIT tag has an onClick function similar to this: onClick=return subrname(). I assume that if the LWP POST operation is performed it emulates someone clicking on the SUBMIT button. The subroutine is a javascript editing routine that issues an alert(msg) and returns false or true. The javascript happens solely client side, LWP controls the communication between the client and the server. So to get this to work, you need to mimic the actions that the Javascript is doing before it sends the request. When the user clicks the submit button, instead of submitting the form, it runs the javascript function subrname. Chances are, subrname performs some sort of side effects, like changing the form action. If subrname returns true, the form (in its current state, after whatever changes subrname caused) is sent to the server. I don't know what subrname looks like, or even if it is the same each time. It is possible that the site is intentionally trying to intentionally make it difficult to automate the password changing. If so, you might have an arms race on your hand. ___ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Help using LWP to change password Q's?
On Tuesday, August 24, 2004, at 10:42 AM, Bob Mariotti wrote: By examining the received HTML code I determined the fieldnames used above so that I could load them on my next POST operation. I also noted that on the FORM statement the value of the ACTION parameter was ABC123 with NO extension. Also, the SUBMIT tag has an onClick function similar to this: onClick=return subrname(). I assume that if the LWP POST operation is performed it emulates someone clicking on the SUBMIT button. The subroutine is a javascript editing routine that issues an alert(msg) and returns false or true. The javascript happens solely client side, LWP controls the communication between the client and the server. So to get this to work, you need to mimic the actions that the Javascript is doing before it sends the request. When the user clicks the submit button, instead of submitting the form, it runs the javascript function subrname. Chances are, subrname performs some sort of side effects, like changing the form action. If subrname returns true, the form (in its current state, after whatever changes subrname caused) is sent to the server. I don't know what subrname looks like, or even if it is the same each time. It is possible that the site is intentionally trying to intentionally make it difficult to automate the password changing. If so, you might have an arms race on your hand. ___ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Help using LWP to change password Q's?
On Tue, Aug 24, 2004 at 10:42:32AM -0400, Bob Mariotti wrote: Q: How does the submit button interrelate with the next URL? Example: Initial https connect to specified page : https://xxx.yyy.com/ssp/jsp/blah.jsp The submit button causes your browser to submit the contents of the form using the specified method (post or get). to the specified action URL. Since the action URL in this case is not qualified, a smart browser will prepend the base URL (in this case https://xxx.yyy.com/ssp/jsp) to the value of the action attribute and send the response, in this case, to https://xxx.yyy.com/ssp/jsp/ABC123. Note that since the action tag should either be fully qualified (begin with http or https) or be relative (begin with '/'). Neither is true in this case, so the browser has to figure out what to do. Assuming the response is true... must the programmer alter the URL for the POST operation at all? Or will LWP and/or HTTP take care of manipulating the URL in combination with the ACTION value? Since you're writing the browser, you may need to append the value of the action attribute to the base URL and post the response there. -Gyepi ___ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Help using LWP to change password Q's?
On Tue, Aug 24, 2004 at 12:25:43PM -0400, Gyepi SAM wrote: Note that since the action tag should either be fully qualified (begin with http or https) or be relative (begin with '/'). Neither is true in this case, so the browser has to figure out what to do. Aren't paths that begin with a '/' considered 'absolute'? And relative is anything else? An ACTION of ../form.cgi is a valid relative URI, isn't it? -- Dan Boger [EMAIL PROTECTED] ___ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Help using LWP to change password Q's?
On 24.Aug.2004 12:02PM -0400, Dan Boger wrote: On Tue, Aug 24, 2004 at 12:25:43PM -0400, Gyepi SAM wrote: Note that since the action tag should either be fully qualified (begin with http or https) or be relative (begin with '/'). Neither is true in this case, so the browser has to figure out what to do. Aren't paths that begin with a '/' considered 'absolute'? And relative is anything else? An ACTION of ../form.cgi is a valid relative URI, isn't it? See: http://en.wikipedia.org/wiki/Uniform_Resource_Identifier#URI_Reference -- Ian Langworth Project Guerrilla Northeastern University College of Computer and Information Science ___ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Trouble debugging a simple parse error
As this doc excerpt (from map on perlfunc) says it should: { starts both hash references and blocks, so map { ... could be either the start of map BLOCK LIST or map EXPR, LIST. Because perl doesn't look ahead for the closing } it has to take a guess at which its dealing with based what it finds just after the {. Usually it gets it right, but if it doesn't it won't realize something is wrong until it gets to the } and encounters the missing (or unexpected) comma. [...] Thanks, Bob. IMHO, the missing comma should allow the parser to back-track and make the right decision on expr-versus-block. rant Personally, I find this sort of magic syntax crap really annoying. ... Amen to that! ... Being an old Lisp hacker, I would have preferred that map always take a functional; then there's no syntax guesswork. But, being an old Lisp hacker, I also realize that I'm just a lone voice crying in the wilderness . . . /rant Not exactly lone, because I am there howling with you. :-) peace, || Byatrayanapura: Better governance thru online taxes: --{kr.pA} || http://tinyurl.com/296js -- If I have not seen farther, it is because giants have stood on my shoulders. -- V. Guhan. [with apologies to Newton, Sir Isaac.] ___ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Help using LWP to change password Q's?
On Tue, Aug 24, 2004 at 12:02:26PM -0400, Dan Boger wrote: On Tue, Aug 24, 2004 at 12:25:43PM -0400, Gyepi SAM wrote: Note that since the action tag should either be fully qualified (begin with http or https) or be relative (begin with '/'). Neither is true in this case, so the browser has to figure out what to do. Aren't paths that begin with a '/' considered 'absolute'? And relative is anything else? An ACTION of ../form.cgi is a valid relative URI, isn't it? A URI that does not begin with a scheme and net location (hostname) is considered relative. A string that begins with '/' is a relative URI but an absolute path. I should have been clearer and said fully qualified *URL* or absolute *path*. The point of the original statement was that sing a relative path as the target of an ACTION attribute is technically correct, but bad practice. -Gyepi ___ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Help using LWP to change password Q's?
On Tue, Aug 24, 2004 at 01:35:20PM -0400, Ian Langworth wrote: On 24.Aug.2004 12:02PM -0400, Dan Boger wrote: On Tue, Aug 24, 2004 at 12:25:43PM -0400, Gyepi SAM wrote: Note that since the action tag should either be fully qualified (begin with http or https) or be relative (begin with '/'). Neither is true in this case, so the browser has to figure out what to do. Aren't paths that begin with a '/' considered 'absolute'? And relative is anything else? An ACTION of ../form.cgi is a valid relative URI, isn't it? See: http://en.wikipedia.org/wiki/Uniform_Resource_Identifier#URI_Reference So I was correct? :) -- Dan Boger [EMAIL PROTECTED] ___ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
[Boston.pm] Date for next meeting?
Have we (ie Sean :-) coordinated a date with BU for the next meeting? I don't want to procrastinate too long in preparing my talk... Drew -- Drew Taylor * Web development consulting Email: [EMAIL PROTECTED] * Site implementation hosting Web : www.drewtaylor.com * perl/mod_perl/DBI/mysql/postgres ___ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Help using LWP to change password Q's?
BM == Bob Mariotti [EMAIL PROTECTED] writes: BM I have several reasonably complex scripts that use LWP to interact BM with a remote secured web site. Works great and reliably. Now BM the remote service site has implemented expiring passwords BM requiring the clients (my script) to change passwords periodically BM before its next access. BM Q: How does the submit button interrelate with the next URL? BM Example: BM Initial https connect to specified page : BM https://xxx.yyy.com/ssp/jsp/blah.jsp BM LWP received the resulting page successfully which contains a form that BM has fields for username, current password, new password, new password BM again. The usual stuff. BM By examining the received HTML code I determined the fieldnames used BM above so that I could load them on my next POST operation. I also noted BM that on the FORM statement the value of the ACTION parameter was BM ABC123 with NO extension. Also, the SUBMIT tag has an onClick BM function similar to this: onClick=return subrname(). BM I assume that if the LWP POST operation is performed it emulates someone BM clicking on the SUBMIT button. The subroutine is a javascript editing BM routine that issues an alert(msg) and returns false or true. first, i would recommend using WWW::Mechanize for this. it will remove a large chunk of your lwp code (it inherits from LWP). it makes fetching pages and filling/clicking on them much simpler. if the form tag has a URL for its action, then you can ignore the onclick. it may be calling some javascript to verify stuff but that is bogus. only the server should be doing data verification for real (anyone who uses only javascript for this has a large hole waiting to be explored). uri -- Uri Guttman -- [EMAIL PROTECTED] http://www.stemsystems.com --Perl Consulting, Stem Development, Systems Architecture, Design and Coding- Search or Offer Perl Jobs http://jobs.perl.org ___ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm
[Boston.pm] Web Development Contract Templates
I may have a small project coming up and I need a good web site development contract template. The site will be about 20 static pages, a couple of user registration/preference scripts, and a fairly simple query script. Does anybody have any recommendations? I don't mind paying, but I'd like to know that I was buying the right one. ___ Boston-pm mailing list [EMAIL PROTECTED] http://mail.pm.org/mailman/listinfo/boston-pm