Re: Python to PHP Login System (HTTP Post)

On Sat, 24 Jun 2006 01:28:29 GMT, jjlee@xxxxxxxxxxxxx (John J. Lee)
wrote:

test@xxxxxxxxx writes:

On 22 Jun 2006 16:19:50 -0700, "Justin Azoff"
<justin.azoff@xxxxxxxxx> wrote:

Jeethu Rao wrote:
You need to use httplib.
http://docs.python.org/lib/httplib-examples.html

Jeethu Rao

Not at all. They need to read the documentation for urrlib:

http://docs.python.org/lib/module-urllib.html
http://docs.python.org/lib/node483.html
"The following example uses the "POST" method instead:"....

Additionally, they probably need to use cookielib, otherwise the logged
in state will not be persistant.

Or you may not be able to log in at all, for an everyday meaning of
"log in".


Here's what's strange... I tried using urllib like this:
----------------------------------------------------------------------------------
try:
msparams = urllib.urlencode({'user':
self.components.User.text, 'pass':
self.components.MagnetSharePassword.text, 'sublogin': 1})
f = urllib.urlopen("http://www.magnetshare.com/process.php";,
msparams)
fc = f.read()
fc.close()
print fc
except:
self.statusBar.text = "Disconnected"
result = dialog.alertDialog(self, 'Couldn\'t connect to
MagnetShare.com! Please check your Internet connection, and then try
again.')
else:
print fc
-----------------------------------------------------------------------------------
...and then I visited http://www.magnetshare.com/main.php to see if I
was logged in. Sure enough I was logged in, but the exception was

That's not how it works (assuming you visited that URL in a browser,
not using Python). The "logged-in-ness" comes from a "session ID"
cookie that is stored in your browser (or in your Python code). The
server sends a cookie when you log in (and usually stores your cookie
in a database). The browser keeps the cookie. When you come back
later using the same browser (maybe even after you've closed the
browser, if it's the right kind of cookie), your browser sends the
cookie back and the server looks up the session ID from that cookie in
the database, and sees it's you.

If you come back using a different browser (and your Python program is
effectively just a different browser than your copy of Firefox or IE
or whatever), then the server won't remember who you are, so you're
not logged in *in that browser session*, even if the server has you
recorded in its database as logged in from a different browser
session.

So, the fact that you saw yourself as logged in when you looked using
your web browser doesn't really help your Python program -- it's still
out in the cold.


thrown anyway. I commented out the urlopen, f, and fc lines and
tested it again. This time I made it to "else:"

I'm stumped. I'm glad that the user can log in; however, the
MagnetShare application needs to read in the response from the server,
and then decide what to do with the information.

Here's one way:

easy_install mechanize

(install easy_install first if you don't have that:

http://peak.telecommunity.com/DevCenter/EasyInstall#installing-easy-install

)

#-------------------------------
import mechanize

SHOW_COOKIES = True

br = mechanize.Browser()
if SHOW_COOKIES:
cj = mechanize.CookieJar()
br.set_cookiejar(cj)
br.open("http://www.magnetshare.com/main.php";)
br.select_form(nr=0)
br["user"] = "joe"
br["pass"] = "password"
r = br.submit()
assert "Logged In" in r.get_data()
if SHOW_COOKIES:
for cookie in cj:
print cj
#-------------------------------


(note the cookiejar is always there; you only need to create one and
pass it in in order to get at it to e.g. print out the cookies you've
collected)


John

Thanks a lot John! This "mechanize" was exactly what I was looking
for. There are some key improvements over urllib2 and also, cookies
are turned on by default.

Just an FYI for others, PHP can set $SESSIONID when the user refuses
cookies. I haven't decided whether the application will use cookies or
not, but luckily I got the login page response I was looking for. Now,
I just parse the HTML using Python, and then go to the next screen in
the MagnetShare application.

Here's the test code I used.
---------------------------------------------------------------------------------------
import mechanize

br = mechanize.Browser()
br.open("http://www.magnetshare.com/main.php";)
br.select_form(nr=0)
br["user"] = "test2"
br["pass"] = "test2"
response1 = br.submit()
fc = response1.read()
print fc
----------------------------------------------------------------------------------------

Cheers!

Ben
.

Relevant Pages

  • Re: deleting cookies and local browser time versus server time
    ... Our server ... is in a different time zone than the browser I'm developing on. ... How can I test cookie expiration with that? ...
    (comp.lang.php)
  • Re: Bypass Authentication
    ... "Joe Kaplan" wrote: ... authentication cookie back to the Server at Location 3 from Location 1. ... the Third Party application to use this program to launch the browser. ... Assuming that the server at location 3 requires a cookie to be sent to it ...
    (microsoft.public.dotnet.security)
  • Re: Bypass Authentication
    ... Joe Kaplan-MS MVP Directory Services Programming ... authentication cookie back to the Server at Location 3 from Location 1. ... the Third Party application to use this program to launch the browser. ... Assuming that the server at location 3 requires a cookie to be sent to it ...
    (microsoft.public.dotnet.security)
  • Re: password questions
    ... What's usually done in the PHP world is that the first time a browser ... goes to a site, it has no cookie, and says so when asked for one. ... server then asks for username and password, ... A cracker makes a request, trying to masquerade as the authenticated ...
    (comp.lang.java.programmer)
  • RE: forms authentication cookie problem
    ... authentication cookie. ... what's going on on the server. ... >324488 Forms Authentication and View State Fail ... >characters, the browser will still request the page, but ...
    (microsoft.public.dotnet.framework.aspnet.security)