Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Secure login (https + Certificate) using Perl

by Finch (Initiate)
on Oct 13, 2007 at 14:38 UTC ( #644637=perlquestion: print w/ replies, xml ) Need Help??
Finch has asked for the wisdom of the Perl Monks concerning the following question:

Hi there,
I want to logon to a secure site which is using https and a secure certificate.
My script doesn't return any error, but I can't log in. After I submitted the form using my code, I get a html-site that's telling my "Username or password wrong...".
But username and passwort is correct. If I copy and paste from my script to the corresponding fields in a browser and submit the form, it works fine.

Here the shortened HTML-Form of my site ' https://mySite.de/admin ':
<form action="/admin/index.php?action=login" method="post" name="actio +n"> <input type="hidden" name="ADMIN" value="f23af307ea00b284fb9e74c4cb +abfbdf" /> <input type="text" name="username" size="12" value=""> <input type="password" name="password" size="12"> <input type="submit" name="login" value="Login"> </form>

Here my script:
01: use WWW::Mechanize; 02: use LWP::Debug qw(+); 03: 04: $username = "xxx"; 05: $password = "xxx"; 06: 07: my $mech = WWW::Mechanize->new(); 08: 09: $mech->cookie_jar(HTTP::Cookies->new()); 10: $mech->get( "https://mySite.de/admin" ); 11: 12: #Get ADMIN-ID 13: $mech->content() =~ /name=\"ADMIN\" value=\"([^\"]+)/g; 14: $hiddenField = $1; 15: 16: #Fill form 17: $mech->submit_form( 18: form_name => "action", 19: fields => { 20: ADMIN => $hiddenField, 21: username => $username, 22: password => $password}, 23: button => 'login'); 24: 25: #Print site 26: print $mech->content(); 27:

My first though was 'Maybe I'm getting redirected!?" I checked that and it's not the case.
Here the results from'LWP::Debug qw(+)':
LWP::UserAgent::new: () LWP::UserAgent::request: () HTTP::Cookies::add_cookie_header: Checking <<URL>> for cookies LWP::UserAgent::send_request: GET https://mySite/admin LWP::UserAgent::_need_proxy: Not proxied LWP::Protocol::http::request: () LWP::Protocol::collect: read 242 bytes LWP::UserAgent::request: Simple response: Moved Permanently LWP::UserAgent::request: () HTTP::Cookies::add_cookie_header: Checking <<URL>> for cookies LWP::UserAgent::send_request: GET https://mySite/admin LWP::UserAgent::_need_proxy: Not proxied LWP::Protocol::http::request: () LWP::Protocol::collect: read 4096 bytes LWP::Protocol::collect: read 965 bytes HTTP::Cookies::extract_cookies: Set cookie ADMIN => 829052f0173388362a +649d8fe980081b LWP::UserAgent::request: Simple response: OK LWP::UserAgent::request: () HTTP::Cookies::add_cookie_header: Checking <<URL>> for cookies HTTP::Cookies::add_cookie_header: - checking cookie path=/ HTTP::Cookies::add_cookie_header: - checking cookie ADMIN=829052f0173 +388362a649d8fe980081b HTTP::Cookies::add_cookie_header: it's a match HTTP::Cookies::add_cookie_header: Checking <<URL>> for cookies LWP::UserAgent::send_request: POST https://mySite/admin/index.php?acti +on=login LWP::UserAgent::_need_proxy: Not proxied LWP::Protocol::http::request: () LWP::Protocol::collect: read 238 bytes LWP::Protocol::collect: read 540 bytes LWP::Protocol::collect: read 2348 bytes LWP::Protocol::collect: read 219 bytes LWP::Protocol::collect: read 419 bytes LWP::Protocol::collect: read 160 bytes LWP::Protocol::collect: read 1122 bytes LWP::UserAgent::request: Simple response: OK

Comment on Secure login (https + Certificate) using Perl
Select or Download Code
Re: Secure login (https + Certificate) using Perl
by Krambambuli (Deacon) on Oct 13, 2007 at 15:15 UTC
    Can you look into the server's httpd log ? With a bit of luck, you'll find at least a hint already...

    If not, you might set/increase some of the debugging aids on _server side_ and then get some help about why login is refused.

    Hth.
Re: Secure login (https + Certificate) using Perl
by Finch (Initiate) on Oct 13, 2007 at 21:48 UTC
    Hi,

    thanks for your reply.
    I also figured it could be a server-side problem. It's not my own server, but I think I can get a hold on the 'hoster'. Once I got some more info (maybe even a solution), I will post it here.

    Finch.
Re: Secure login (https + Certificate) using Perl
by Cody Pendant (Prior) on Oct 14, 2007 at 07:21 UTC
    Why are you getting the hidden field value out of the form, then putting it back in? The whole point of WWW::Mechanize is you don't have to do stuff like that.

    As to why it doesn't work, the answer is probably in the HTML you took out to show us the "shortened" form. Is there any JavaScript involved, for instance?



    Nobody says perl looks like line-noise any more
    kids today don't know what line-noise IS ...
      Hi,

      thanks for your reply.
      How would I get the ADMIN-ID using WWW::Mechanize?

      And I SOLVED THE PROBLEM!!!
      It wasn't in the HTML I took out.
      I used 'LiveHTTPHeaders' to see what's realy being sent and received. That's when I noticed that the last character of my password is cut off.
      I ajusted my script, deleting the last character of my passwort and BANG! it works. :-)

      Finch.
        >How would I get the ADMIN-ID using WWW::Mechanize?

        You don't have to. The module handles hidden fields for you.



        Nobody says perl looks like line-noise any more
        kids today don't know what line-noise IS ...

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://644637]
Approved by moritz
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (11)
As of 2014-10-20 21:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (92 votes), past polls