connect to website providing login & pwd

Martin von Loewis loewis at informatik.hu-berlin.de
Sun Sep 30 12:11:21 EDT 2001 

"\(-:fs\)" <fs at floSoft.net> writes:

> i want to provide now this "login" and "passwort" programmatically
> of course to react to the answer ("danger - you are surfing to much this
> month ;-)
> 
> this is a special example,
> but the job to put authorization information to a webpage must be a very
> common task

Unfortunately, numerous schemes for authentication are in use, and
each requires a different programmatic action. It is surprising that
the Web browsers manage to operate correctly within this chaos.

One scheme is called "HTTP authentication", which has different modes
of operation, the common one being "Basic" authentication. With that,
the browser will open a window and asking for authentication. On the
wire, the first access gives an HTTP error (authentication
required). In response, the client submits additional headers to give
the password.

In your case, it appears that this scheme is *not* used. Instead, some
form mechanism is used. Most likely, the server will send back a
Cookie, which the client then has to resubmit in later requests.

To submit username and password, you have to fill out the form
programmatically. This involves the following operations

    params = {'login:'myname', 'passwort':'mypwd'}
    #notice how the keys are the name= fields of the form

    h = HTTP("<host>")
    h.connect()
    h.putrequest("POST","<url of form>")
    h.putheader("Content-type", "application/x-www-form-urlencoded")
    params = urllib.urlencode(dict)
    for k,v in hdrs:
        h.putheader(k,v)
    h.putheader("Content-length", "%d" % len(params))
    h.endheaders()
    h.send(params)
    reply, msg, hdrs = h.getreply()

Now, in the reply, you should expect a Set-Cookie header:

    cookie = hdrs['Set-Cookie'].split(";")[0]

You may have a look at the full cookie content, howevery you are
supposed to send back only the first part. In all further requests,
send the Cookie: header, with cookie as the value.

There are many many more schemes in use (encoding the session in the
URL, putting hidden fields into each form, etc) - you really have to
analyse in detail how your server operates.

Hope this helps,
Martin

More information about the Python-list mailing list