Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

connect to website providing login & pwd

12 views
Skip to first unread message

(-:fs)

unread,
Sep 30, 2001, 12:38:59 AM9/30/01
to
hi,

i'm rather new to python and try to connect to a webpage
this works fine (i get the html-text) when the page is not secured

when it is a secure page, which requires a login and a password, how can i
provide these ???

i use the code from httplib like this

V V V V V V V V V V V V V V V V V V V V

import httplib
import sys
import getopt
import string

opts, args = getopt.getopt(sys.argv[1:], 'd')
dl = 0
for o, a in opts:
if o == '-d': dl = dl + 1

host = '192.168.11.13:8080'
selector = '/test/manage/' >>>>>>>>>>> trying to call the manage
window of a ZOPE server

if args[0:]: host = args[0]
if args[1:]: selector = args[1]

h = httplib.HTTP()

h.set_debuglevel(dl)
h.connect(host)

h.putrequest('GET', selector)

h.putheader("login", "test") >>>>>>>>>>>>> ??????????????? doesn't
h.putheader("password", "test") >>>>>>>>>>>> ??????????????? work

h.endheaders()
status, reason, headers = h.getreply()
print 'status =', status
print 'reason =', reason
print
if headers:
for header in headers.headers: print string.strip(header)
print

print h.getfile().read()

V V V V V V V V V V V V V V V V V V V V

thanks for any help

steindl friedrich
(-:fs)

Gerhard Häring

unread,
Sep 30, 2001, 2:23:01 AM9/30/01
to pytho...@python.org
On Sun, Sep 30, 2001 at 06:38:59AM +0200, (-:fs) wrote:
> hi,
>
> i'm rather new to python and try to connect to a webpage
> this works fine (i get the html-text) when the page is not secured
>
> when it is a secure page, which requires a login and a password, how can i
> provide these ???
> [...]

Hope this helps somewhat. The following works for me:

import urllib
print urllib.urlopen("http://admin:myadminpasswd@localhost:8080/manage/").read()

The $%~]\ Zope then prints an error page saying I need a frame
compatible browser to access this page. So you can either trick Zope by
feeding it the headers it wants (most probably User-Agent) or hack the
DTML/HTML source of the page. Good luck!

I'm currently trying to unit-test a Zope Dababase Adapter. If testing is
your aim, I found useful stuff by using the keywords "unit testing" in
the Zope search engine at www.zope.org.

Gerhard
--
mail: gerhard <at> bigfoot <dot> de registered Linux user #64239
web: http://www.cs.fhm.edu/~ifw00065/ OpenPGP public key id 86AB43C0
public key fingerprint: DEC1 1D02 5743 1159 CD20 A4B6 7B22 6575 86AB 43C0
reduce(lambda x,y:x+y,map(lambda x:chr(ord(x)^42),tuple('zS^BED\nX_FOY\x0b')))

Janko Hauser

unread,
Sep 30, 2001, 4:31:21 AM9/30/01
to
Have you tried to call manage_main instead of manage? This is normally
the way if you try to look up Zope without a frame-capable browser.

HTH,
__Janko

--
Institut fuer Meereskunde phone: 49-431-597 3989
Dept. Theoretical Oceanography fax : 49-431-565876
Duesternbrooker Weg 20 email: jha...@ifm.uni-kiel.de
24105 Kiel, Germany

(-:fs)

unread,
Sep 30, 2001, 10:08:40 AM9/30/01
to
1.) to JANKO

manage_main brings the same result

V V V V V V V V V V V V V

>>> status = 401
reason = Unauthorized

Server: Zope/Zope 2.3.1 (binary release, python 1.5.2, win32-x86)
ZServer/1.1b1
Date: Sun, 30 Sep 2001 13:23:39 GMT
WWW-Authenticate: basic realm="Zope"
Bobo-Exception-File: P:\floSoft\lib\python\ZPublisher\HTTPResponse.py
Bobo-Exception-Type: Unauthorized
Content-Type: text/html
Connection: close
Bobo-Exception-Value: <strong>You are not authorized to access this
resource.</strong><p> No Authorization header found.
Content-Length: 1364
Bobo-Exception-Line: 588

V V V V V V V V V V V V V

"no authorization header found"

i think my problem is to provide a correct authorization (login, pwd)

-----------------------------------------------------------------------

"Janko Hauser" <jha...@ifm.uni-kiel.de> schrieb im Newsbeitrag
news:87adzdf...@lisboa.ifm.uni-kiel.de...


> Have you tried to call manage_main instead of manage? This is normally
> the way if you try to look up Zope without a frame-capable browser.
>
> HTH,
> __Janko

===========================================================

2.) to GERHARD

print
urllib.urlopen("http://admin:myadminpasswd@localhost:8080/manage").read()

WORKS FINE with my zope (test)server

when i try to automate asking my internet-provider for my traffic until now
i get the following login-window

V V V V V V V V V V V V V V V V V V V

<form method="POST" action="accounting.cgi">
<br>
<table border="0" cellpadding="4">
<tr>
<td align="right">Login</td>
<td align="center"><input type="text" name="login"></td>
</tr>
<tr>
<td align="right">Passwort</td>
<td align="center"><input type="password" name="passwort"></td>
</tr>
<tr> <td colspan="2" align="center">
<br><input type="submit" value="Anfrage" name="B1">
</td>
</tr>

</table>
</form>

V V V V V V V V V V V V V V V V V V V

i want to provide now this "login" and "passwort" programmatically
of course to react to the answer ("danger - you are surfing to much this
month ;-)

this is a special example,
but the job to put authorization information to a webpage must be a very
common task

hmm,

thx for your answers (until now and further)

steindl friedrich, vienna
(-:fs)


Martin von Loewis

unread,
Sep 30, 2001, 12:11:21 PM9/30/01
to
"\(-:fs\)" <f...@floSoft.net> writes:

> i want to provide now this "login" and "passwort" programmatically
> of course to react to the answer ("danger - you are surfing to much this
> month ;-)
>
> this is a special example,
> but the job to put authorization information to a webpage must be a very
> common task

Unfortunately, numerous schemes for authentication are in use, and
each requires a different programmatic action. It is surprising that
the Web browsers manage to operate correctly within this chaos.

One scheme is called "HTTP authentication", which has different modes
of operation, the common one being "Basic" authentication. With that,
the browser will open a window and asking for authentication. On the
wire, the first access gives an HTTP error (authentication
required). In response, the client submits additional headers to give
the password.

In your case, it appears that this scheme is *not* used. Instead, some
form mechanism is used. Most likely, the server will send back a
Cookie, which the client then has to resubmit in later requests.

To submit username and password, you have to fill out the form
programmatically. This involves the following operations

params = {'login:'myname', 'passwort':'mypwd'}
#notice how the keys are the name= fields of the form

h = HTTP("<host>")
h.connect()
h.putrequest("POST","<url of form>")
h.putheader("Content-type", "application/x-www-form-urlencoded")
params = urllib.urlencode(dict)
for k,v in hdrs:
h.putheader(k,v)
h.putheader("Content-length", "%d" % len(params))
h.endheaders()
h.send(params)
reply, msg, hdrs = h.getreply()

Now, in the reply, you should expect a Set-Cookie header:

cookie = hdrs['Set-Cookie'].split(";")[0]

You may have a look at the full cookie content, howevery you are
supposed to send back only the first part. In all further requests,
send the Cookie: header, with cookie as the value.

There are many many more schemes in use (encoding the session in the
URL, putting hidden fields into each form, etc) - you really have to
analyse in detail how your server operates.

Hope this helps,
Martin

(-:fs)

unread,
Sep 30, 2001, 4:04:38 PM9/30/01
to
"Martin von Loewis" <loe...@informatik.hu-berlin.de> schrieb im Newsbeitrag
news:j4g0943...@informatik.hu-berlin.de...

> "\(-:fs\)" <f...@floSoft.net> writes:
> In your case, it appears that this scheme is *not* used. Instead, some
> form mechanism is used. Most likely, the server will send back a
> Cookie, which the client then has to resubmit in later requests.

thank for any ideas until now

what i found out

1.) the whole thing works *without* cookies
(i blocked them, with same results)

2.) the shortest way to call the correct page is this

V V V V V V V V V V V V V V V V V V

import httplib

host = 'accounting.ewave.at'

h = httplib.HTTP()
h.connect(host)

h.putrequest('GET', '/accounting.cgi')
h.endheaders()

status, reason, headers = h.getreply()

print status
print reason
print headers

print h.getfile().read()

V V V V V V V V V V V V V V V V V V

the result is of course "no login-name provided"

everybody is invited to provide some login with pwd
to change the result to "wrong username" or "wrong password"

the exact (german) result you can check out easily by typing somthing into
the form at accounting.ewave.at

thanks for spending your time

fritz
(-:fs)


(-:fs)

unread,
Oct 1, 2001, 5:25:26 AM10/1/01
to
SOLUTION

import httplib
import urllib

#notice that the keys are the name=fields of the login-form
params = {'login':'myLoginName', 'passwort':'myPassword'}
params = urllib.urlencode(params)
h = httplib.HTTP("<host>")
h.connect()

# the cgi-action of the login-form
h.putrequest('POST', '/doSomthing.cgi')


h.putheader("Content-type", "application/x-www-form-urlencoded")

h.putheader("Content-length", "%d" % len(params))
h.endheaders()
h.send(params)

status, reason, headers = h.getreply()


print status
print reason
print headers
print h.getfile().read()

----------------------------------------------------------------------

this works in my case, where obviously no security is implemented,
but only the fillings of two textfields are sent to the server

THX TO ALL INVOLVED

steindl friedrich
(-:fs)


0 new messages