Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "HttpClient User Discussion" <httpclient-users@hc.apache.org>
Received-SPF: pass (athena.apache.org: domain of david.kennedy@accenture.com
 designates 170.252.72.95 as permitted sender)
Content-class: urn:content-classes:message
Subject: RE: Login issues
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 30 Dec 2008 23:04:23 +0100
Message-ID: 
 <83778929BDA2BF4FB93A0A1A126410D403EC4B30@EMEXM1104.dir.svc.accenture.com>
Importance: normal
Priority: normal
In-Reply-To: <25aac9fc0812300824g752d0640v8ab0a16834a95cc2@mail.gmail.com>
Thread-Topic: Login issues
thread-index: Aclqm008XFC+dZQcTcGsyYbIKc5OoQALh/1A
References: 
 <83778929BDA2BF4FB93A0A1A126410D403EC4B20@EMEXM1104.dir.svc.accenture.com>
 <25aac9fc0812300824g752d0640v8ab0a16834a95cc2@mail.gmail.com>
From: <david.kennedy@accenture.com>
To: <httpclient-users@hc.apache.org>


Actually I have figured out what the issue was by checking in my browser
and for some reason when you
move through your account it doesn't show the new source of each page
but still shows the original
page. Think this is maybe an aspect of php that I don't know about.
Anyway my issue now is that
as you can see from my code below, the GET method is passed the
DETAILS_PAGE but after I do a getURI after the GET
that you can see the result isnt
http://www.mysite.co.uk/Main.php?sEvent=3DDRS&sAction=3DAmendDetails pass=
ed
in but
http://www.mysite.co.uk/Main.php?iCmsPageId=3D32

Any ideas?
Thanks

=09=09//MOVING TO THE PERSONAL DETAILS PAGE
=09=09System.out.println("New Get Target: " + DETAILS_PAGE);
=09=09GetMethod getPersonalDetails =3D new
GetMethod(DETAILS_PAGE);

=09=09client.executeMethod(getPersonalDetails);

=09=09System.out.println("Test by Getting the Personal Details
Page: " + getPersonalDetails.getStatusLine().toString());
=09=09System.out.println("Where are we after Getting Personal
Details: " + getPersonalDetails.getURI());=20

produces the result:

New Get Target:
http://www.mysite.co.uk/Main.php?sEvent=3DDRS&sAction=3DAmendDetails
Test by Getting the Personal Details Page: HTTP/1.1 200 OK
Where are we after Getting Personal Details:
http://www.mysite.co.uk/Main.php?iCmsPageId=3D32


-----Original Message-----
From: sebb [mailto:sebbaz@gmail.com]=20
Sent: 30 December 2008 16:24
To: HttpClient User Discussion
Subject: Re: Login issues

On 30/12/2008, david.kennedy@accenture.com <david.kennedy@accenture.com>
wrote:
> Hi All,
>
>  I have been trying to log into a website for the past few days but=20
> with  no luck using HTTPClient. I will now post all my findings so=20
> hopefully  someone can spot my mistakes. The form on the site has this
code:
>
>  <form onsubmit=3D"return ValidateForm(this)" method=3D"post"
>  action=3D"?iCmsPageId=3D32&amp;sAction=3DCheckLogin">
>
>  <p>Username</span>
>  <input type=3D"text" id=3D"sUsername" name=3D"sUsername" value=3D""
>  maxlength=3D"50" style=3D"width: 200px;" /></p> =20
> <p>Password</span>&nbsp;&nbsp;&nbsp;<br />  <input type=3D"password"=20
> id=3D"sPassword" name=3D"sPassword" value=3D""
>  maxlength=3D"50" style=3D"width: 200px;" /></p>
>
>   <script language=3D"JavaScript" type=3D"text/javascript">
>  <!--
>  function ValidateForm(oForm)
>  {
>   var sError =3D '';
>   if(!Empty(sError))
>   {
>   alert(sError);
>   return false;
>   }
>   return true;
>  }
>  -->
>  </script>
>
>   <div class=3D"button" >
>    <div class=3D"buttonimg">
>     <img border=3D"0" alt=3D"" src=3D"img/btn_box_arrow.jpg"/>
>    </div>
>    <div class=3D"buttontext">
>     <input class=3D"textsubmit" type=3D"submit"
>  onmouseout=3D"changeTextDecoration(this,'none');"
>  onmouseover=3D"changeTextDecoration(this,'underline');" style=3D"color=
:
>  rgb(226, 0, 110); text-decoration: none;height:16px;" value=3D"Login"/=
>
>    </div>
>   </div>
>
>  so therefore i coded the following  where LOGON_PAGE is the actual=20
> page  where login occurs rather than the root page :
>
>
>   PostMethod authpost =3D new PostMethod(LOGON_PAGE =20
> +"?iCmsPageId=3D32&amp;sAction=3DCheckLogin");

That should probably be

PostMethod authpost =3D new PostMethod(LOGON_PAGE);

>  authpost.setDoAuthentication(true);

I don't think that is needed.

>  NameValuePair action    =3D new NameValuePair("action",
>  "?iCmsPageId=3D32&sAction=3DCheckLogin");

That should be:

NameValuePair pageid    =3D new NameValuePair("iCmsPageId", "32");
NameValuePair action    =3D new NameValuePair("sAction", "CheckLogin");

>  NameValuePair username  =3D new NameValuePair("sUsername", "username")=
;

> NameValuePair password  =3D new NameValuePair("sPassword", "password");
>
>  authpost.setRequestBody( new NameValuePair[] {action, username, =20
> password});

and that should be:

authpost.setRequestBody( new NameValuePair[] {pageid, action, username,
password});

>
>         System.out.println("Login form post status: " + =20
> authpost.getStatusLine().toString());
>         //System.out.println("Page Content: " + =20
> authpost.getResponseBodyAsString());
>         System.out.println("Path: " + authpost.getPath());
>         System.out.println("Redirection: " + =20
> authpost.getFollowRedirects());
>         System.out.println("Location: " + =20
> authpost.getResponseHeader("location"));
>
>         Header[] responseHeaders =3D authpost.getResponseHeaders();
>         for (int i=3D0; i<responseHeaders.length; i++){
>             System.out.print(responseHeaders[i]);
>         }
>
>         System.out.println("Login Status Text: " + =20
> authpost.getStatusText());
>
>
>
>  and the output on the console was the following  at the very bottom .

> It  seems from the result of authpost.getStatusText() being 200 that=20
> it  posted ok but I know from tests with my browser that I should get

> another cookie when I log in (even though it is deleted after log out)

> but I never get that final cookie so it looks like the login has=20
> failed  and I also looked at the result returned from=20
> getResponseBodyAsString()  and its still the initial login page.=20
> Actually, even when I changed the  username or password to something=20
> wrong it still returns 200 from
>  getStatusText() which I find strange!  If it helps, using a plugin=20
> for  Firefox I can see that the Post that occurs when logging in using

> Firefox is:
>
>   /Main.php?iCmsPageId=3D32&sAction=3DCheckLogin
>  sUsername=3Dusername&sPassword=3Dpassword
>
>
>  so I suppose the questions are, is the PostMethod constructed=20
> properly,  does the submit button as seen in this code just below=20
> require a name  value pair when no name is specified in the html even=20
> though that login  button is the one that is pressed on the site,
>
>  <input class=3D"textsubmit" type=3D"submit"
>  onmouseout=3D"changeTextDecoration(this,'none');"
>  onmouseover=3D"changeTextDecoration(this,'underline');" style=3D"color=
:
>  rgb(226, 0, 110); text-decoration: none;height:16px;" value=3D"Login"/=
>
>
>  does the fact that javascript is required to provide validation with
>  ValidateForm(this) make a difference to the coding and finally should

> the Post text got from a login using Firefox match the result from
>
>  authpost.getQueryString() ?
>
>
>
>  Any  answers to these questions would be very welcome?
>
>  Thanks  very much
>
>   Results:
>
>   Initial set of cookies:
>
>  - PHPSESSID=3D2ofmpn88qm2ht1qs3q0gf6f902
>
>  - fcc_type=3Dbusiness
>
>  - X-Mapping-chkpfbio=3DF4A71D0EB4DBC40FBE8F477BF48CF0CF
>
>  Query: sEvent=3DDelayRepay
>
>  Login form post status: HTTP/1.1 200 OK
>
>  Path: /Main.php
>
>  Redirection: false
>
>  Location: null
>
>  Expires: Thu, 19 Nov 1981 08:52:00 GMT
>
>  Set-Cookie: fcc_type=3Dbusiness; expires=3DTue, 29-Dec-2009 13:41:18 G=
MT;

> path=3D/
>
>  Set-Cookie: X-Mapping-chkpfbio=3DF4A71D0EB4DBC40FBE8F477BF48CF0CF;=20
> path=3D/
>
>  Cache-Control: no-store, no-cache, must-revalidate, post-check=3D0, =20
> pre-check=3D0
>
>  Date: Mon, 29 Dec 2008 13:41:18 GMT
>
>  Transfer-Encoding: chunked
>
>  Connection: Keep-Alive
>
>  Server: Apache/2.0.59 (CentOS)
>
>  X-Powered-By: PHP/5.1.6
>
>  Content-Type: text/html; charset=3DUTF-8
>
>  Pragma: no-cache
>
>  Login Status Text: OK
>
>
>
>  This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information.  If you have
received it in error, please notify the sender immediately and delete
the original.  Any other use of the email by you is prohibited.
>

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


This message is for the designated recipient only and may contain privile=
ged, proprietary, or otherwise private information.  If you have received=
 it in error, please notify the sender immediately and delete the origina=
l.  Any other use of the email by you is prohibited.


This message is for the designated recipient only and may contain privile=
ged, proprietary, or otherwise private information. If you have received =
it in error, please notify the sender immediately and delete the original=
=2E Any other use of the email by you is prohibited.

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org