in reply to Re^2: Log In To with WWW::Mechanize
in thread Log In To with WWW::Mechanize

Still no time to work on this, but I'm curious enough to poke at it every once in a while. Between different requests to the login page, here's what changes:
[11:23am] eero:~/tmp/guardian: diff 0,12930,-1,00.html o 236c236 < <input type="hidden" name="AU_CHALLENGE" value="1117293798"><input t +ype="hidden" name="AU_CHALLENGE2" value="af7fb54d3a917e272e2b7abe1353 +bd51"></form></table></td></tr></table> --- > <input type="hidden" name="AU_CHALLENGE" value="1117293788"><input t +ype="hidden" name="AU_CHALLENGE2" value="59e3978f05fde8396395a576645c +d04b"></form></table></td></tr></table> [11:23am] eero:~/tmp/guardian:
...and here's where in the page source the work is done:
function preparePassword() { var form = document.regpss1; var dummy = '----------------------------------------'; form.AU_PASSWORD_HASH.value = binl2hex(core_hmac_md5(form. +AU_CHALLENGE2.value,form.AU_PASSWORD.value)); form.AU_PASSWORD.value = dummy.substr(0,form.AU_PASSWORD.v +alue.length); regpss_submitted = true; form.submit(); }

I'm guessing that you'll need to take your password, run it through that hashing sequence and then return that as the actual password in the post. Or something like that.

I'm surprised nobody's done this yet.

Replies are listed 'Best First'.
Re^4: Log In To with WWW::Mechanize
by Cody Pendant (Prior) on May 29, 2005 at 01:00 UTC
    Oh god. There's an even worse mea culpa coming up.

    My face is literally red.

    I didn't check whether the login was successful or not. I saw an error message and assumed that it meant the login wasn't successful. I am an idiot. If I ignore the error and continue, I am actually logged in.

    I will now dress in virtual sackcloth and do Good Works among the Less Fortunate for a year.

    ($_='kkvvttuu bbooppuuiiffss qqffssmm iibbddllffss')
    =~y~b-v~a-z~s; print
      Heh! Glad to hear you're all set.