On Thu, Feb 4, 2010 at 12:03 AM, Maximilian Rausch <maxrau...@gmail.com>wrote:
> From: William Betts <william.betts_at_gmail.com> > Date: Wed, 3 Feb 2010 19:14:44 -0800 > > On Wed, Feb 3, 2010 at 11:10 AM, Maximilian Rausch > <maxrausch_at_gmail.com>wrote: > > > I need to curl data that is on a password protected site and I am > > first trying to get by the login page so that I can store the cookies > > which will allow me to get to the password protected data with a > > second call to curl. The login webpage is > > > > https://secure.ngx.com/sso/login > > > > However when the submit button is clicked on the login page it posts a > > hidden variable "lt" which changes every time the page reloads (so you > > can't curl the login page once and parse it to find the value and then > > post it the next time). You can see this by taking a look at the > > source code of the page. I have tried a live HTTP replay ( a function > > of the live http headers plugin for firefox) but the replay does not > > successfully login because I think that the the new page has a > > different value for "lt" while the replay is posting the old value. > > > > I can not figure out how to get the value of 'lt' the first time I > > curl the page so that I can post it along with the username, password, > > and other necessary variables. > > > > Max > > > > >Hello, > > > >After looking at the login page I assume you're talking about "<input > >type="hidden" name="lt" > > >value="_cDA353F3E-64C2-4DF8-A7C6-6478B2BAC095_k3808E2D5-62BA-0552-1E53-C2AC9C4E71AE"/>". > > > >First you'll want to fetch the login page and store it in some variable. > >Then run the regex below on it. The example is in PHP, but the regex > should > >work for other languages as well. The regular expression works, but could > >probably be made better. > > > >preg_match_all('<input\s*type="hidden"\s*name="lt"\s*value="(.*?)"\s*\/>', > >$html, $matches); > > > >Best of Luck, > >William > > That is correct I am looking for that value and this idea is what I > had originally thought of as a solution but there is a problem with > it. > > I curl the page and use a regex to find the value of 'it', but then > how do I submit the form with this value in the same call to curl? > > If you reload the page (or call curl again with the value of 'lt' from > which I found previously) then the login will not work. This is > because when you reload the page the value of 'lt' changes every time. > > I tried saving the session ID cookie but the value of 'lt' still > changes every time the page is reloaded. > > Does anyone know of another way to accomplish a login to this website > using curl? > It's a form, so you need to do a POST to submit the form, not a GET, which just gets you a fresh copy of the original page. If you're doing this in C, it's something like this, with appropriate replacements for XXXX, YYYY & ZZZZ: curl_easy_setopt(hnd, CURLOPT_URL, " https://secure.ngx.com/sso/login;jsessionid=02C40047EDC6229287C1264D2EE9808A "); curl_easy_setopt(handle, CURLOPT_POSTFIELDS, "username=XXXX&password=YYYY<=ZZZZ&_eventId=submit&submit=Login"); curl_easy_setopt(handle, CURLOPT_POST, 1); though I haven't done a lot with libcurl, so I've probably left out some stuff. Ralph Mitchell
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
