|
Re: How to check if successfully logged in?
by toolic (Bishop) on Mar 12, 2013 at 14:41 UTC
|
| [reply] |
|
|
STATUS METHODS always back true statement..
| [reply] |
Re: How to check if successfully logged in?
by kennethk (Abbot) on Mar 12, 2013 at 14:44 UTC
|
In addition to toolic's suggestion, consider how you can tell you've successfully logged in when you do it manually. Then read my sig.
HTML::Parser may be helpful for this approach. Or Mojo::DOM.
#11929 First ask yourself `How would I do this without a computer?' Then have the computer do it the same way.
| [reply] |
Re: How to check if successfully logged in?
by Anonymous Monk on Mar 12, 2013 at 15:00 UTC
|
Cross post at stack overflow, why do you want to automate a login to a board of site defacing script kiddies? Google search "hacked by kapija.org" "defaced by kapija.org". | [reply] |
|
|
Script kiddies don't make script thay just use it ;) I trying to make security scanner for SQLI, I never deface someone site if he don't deserves it.
| [reply] |
|
|
And who are you to judge if someone "deserves" it? You can't even code your own basic perl scripts! Not something we want round here.
| [reply] |
Re: How to check if successfully logged in?
by hwnd (Initiate) on Mar 12, 2013 at 21:29 UTC
|
Why not just create a database to store your user id and passwords for the page/site and use DBI and Server Side Sessions to verify. Something like below:
sub authenticate {
my $username = shift;
my $password = shift;
return 0 unless $username && $password;
my $dbh = DBI->connect("DBI:mysql:[DATABASE NAME]:[HOSTNAME]"
"*****", "*****", { RaiseError => 1 }) or die
+ $DBI::errstr;
my $sth = $dbh->prepare("SELECT id from table
WHERE name = ? AND pass = ? LIMIT 1");
$sth->execute($username, $password);
my ( $id ) = $sth->fetchrow_array();
$dbh->disconnect;
return ($id) ? 1 : 0
}
| [reply]
[d/l] |
Re: How to check if successfully logged in?
by sundialsvc4 (Abbot) on Mar 12, 2013 at 17:05 UTC
|
Every real-world mechanize script has to, first and foremost, make no assumption as to which screen actually will pop-up next. (It’s not enough merely to check for HTTP 202.) You have to identify the screen: did “The Monastery Gates” really appear? And so on. The next follow-on question is to be sure that you are (still) logged in ... a peculiarly frequent problem with this particular site, sometimes. You do this by explicitly checking, every time, that you do indeed find text like “Log my_userid Out” at the expected spot, vs. “Log In” at that same spot.
A mechanize-script in actual production is not quite as simple as it first appears: it must be a finite-state machine (FSM) design, because in the final analysis the host web-site is driving the bus. Your logic must send the HTTP messages that you expect will work, but you always have to reconcile this with what actually comes back. “Kilroy was an optimist” sometimes.
Fact of the matter is, a production mechanize-script is often two FSMs: one which tracks the state of the host, and the second which tracks the state of what you are trying to do.
| |
|
|
"The next follow-on question is to be sure that you are (still) logged in ... a peculiarly frequent problem with this particular site, sometimes. You do this by explicitly checking, every time, that you do indeed find text like “Log my_userid Out” at the expected spot, vs. “Log In” at that same spot. "
Are you suggesting that this site has logged you out? In years of using the site I've never experienced this.
| [reply] |
|
|
Are you suggesting that this site has logged you out? In years of using the site I've never experienced this. sure you have, when you click a link to a different domain -- weak nit to pick, of all the piles of nonsense created by sundialsvc4
| [reply] |