Python to PHP Login System (HTTP Post)

Discussion in 'Python' started by test@test.test, Jun 22, 2006.

  1. Guest

    Hi everyone,

    I'm creating a desktop Python application that requires web-based
    authentication for accessing additional application features.

    HTTP GET is really simple.
    HTTP POST is not (at least for me anyway) ;)

    I have tried a few different sources, but I cannot get HTTP POST to
    successfully log in. I can login using FireFox at
    http://www.magnetshare.com/main.php

    I suggest you register a dummy login to see what I mean (don't enter
    your real e-mail address).

    Now here's some code:
    ------------------------------------------------------------------------------
    msparams = urllib.urlencode({'user': self.components.User.text,
    'pass': self.components.MagnetSharePassword.text, 'sublogin': '1'})
    try:
    f = urllib() ***What should go here?***
    fc = f.read()
    fc.close()
    except:
    self.statusBar.text = "Disconnected"
    result = dialog.alertDialog(self, 'Couldn\'t connect to
    MagnetShare.com! Please check your Internet connection, and then try
    again.')
    else:
    print fc
    -------------------------------------------------------------------------------

    Also, could you let us know what modules we should import?
    Thanks for checking this out!

    By the way, the PHP system I'm using is super easy to set up:

    http://www.evolt.org/article/PHP_Login_System_with_Admin_Features/17/60384/index.html
     
    , Jun 22, 2006
    #1
    1. Advertising

  2. Jeethu Rao Guest

    Jeethu Rao, Jun 22, 2006
    #2
    1. Advertising

  3. Justin Azoff Guest

    Justin Azoff, Jun 23, 2006
    #3
  4. Guest

    On 22 Jun 2006 16:19:50 -0700, "Justin Azoff"
    <> wrote:

    >Jeethu Rao wrote:
    >> You need to use httplib.
    >> http://docs.python.org/lib/httplib-examples.html
    >>
    >> Jeethu Rao

    >
    >Not at all. They need to read the documentation for urrlib:
    >
    >http://docs.python.org/lib/module-urllib.html
    >http://docs.python.org/lib/node483.html
    >"The following example uses the "POST" method instead:"....
    >
    >Additionally, they probably need to use cookielib, otherwise the logged
    >in state will not be persistant.


    Here's what's strange... I tried using urllib like this:
    ----------------------------------------------------------------------------------
    try:
    msparams = urllib.urlencode({'user':
    self.components.User.text, 'pass':
    self.components.MagnetSharePassword.text, 'sublogin': 1})
    f = urllib.urlopen("http://www.magnetshare.com/process.php",
    msparams)
    fc = f.read()
    fc.close()
    print fc
    except:
    self.statusBar.text = "Disconnected"
    result = dialog.alertDialog(self, 'Couldn\'t connect to
    MagnetShare.com! Please check your Internet connection, and then try
    again.')
    else:
    print fc
    -----------------------------------------------------------------------------------
    ....and then I visited http://www.magnetshare.com/main.php to see if I
    was logged in. Sure enough I was logged in, but the exception was
    thrown anyway. I commented out the urlopen, f, and fc lines and
    tested it again. This time I made it to "else:"

    I'm stumped. I'm glad that the user can log in; however, the
    MagnetShare application needs to read in the response from the server,
    and then decide what to do with the information.
     
    , Jun 23, 2006
    #4
  5. John J. Lee Guest

    writes:

    > On 22 Jun 2006 16:19:50 -0700, "Justin Azoff"
    > <> wrote:
    >
    > >Jeethu Rao wrote:
    > >> You need to use httplib.
    > >> http://docs.python.org/lib/httplib-examples.html
    > >>
    > >> Jeethu Rao

    > >
    > >Not at all. They need to read the documentation for urrlib:
    > >
    > >http://docs.python.org/lib/module-urllib.html
    > >http://docs.python.org/lib/node483.html
    > >"The following example uses the "POST" method instead:"....
    > >
    > >Additionally, they probably need to use cookielib, otherwise the logged
    > >in state will not be persistant.


    Or you may not be able to log in at all, for an everyday meaning of
    "log in".


    > Here's what's strange... I tried using urllib like this:
    > ----------------------------------------------------------------------------------
    > try:
    > msparams = urllib.urlencode({'user':
    > self.components.User.text, 'pass':
    > self.components.MagnetSharePassword.text, 'sublogin': 1})
    > f = urllib.urlopen("http://www.magnetshare.com/process.php",
    > msparams)
    > fc = f.read()
    > fc.close()
    > print fc
    > except:
    > self.statusBar.text = "Disconnected"
    > result = dialog.alertDialog(self, 'Couldn\'t connect to
    > MagnetShare.com! Please check your Internet connection, and then try
    > again.')
    > else:
    > print fc
    > -----------------------------------------------------------------------------------
    > ...and then I visited http://www.magnetshare.com/main.php to see if I
    > was logged in. Sure enough I was logged in, but the exception was


    That's not how it works (assuming you visited that URL in a browser,
    not using Python). The "logged-in-ness" comes from a "session ID"
    cookie that is stored in your browser (or in your Python code). The
    server sends a cookie when you log in (and usually stores your cookie
    in a database). The browser keeps the cookie. When you come back
    later using the same browser (maybe even after you've closed the
    browser, if it's the right kind of cookie), your browser sends the
    cookie back and the server looks up the session ID from that cookie in
    the database, and sees it's you.

    If you come back using a different browser (and your Python program is
    effectively just a different browser than your copy of Firefox or IE
    or whatever), then the server won't remember who you are, so you're
    not logged in *in that browser session*, even if the server has you
    recorded in its database as logged in from a different browser
    session.

    So, the fact that you saw yourself as logged in when you looked using
    your web browser doesn't really help your Python program -- it's still
    out in the cold.


    > thrown anyway. I commented out the urlopen, f, and fc lines and
    > tested it again. This time I made it to "else:"
    >
    > I'm stumped. I'm glad that the user can log in; however, the
    > MagnetShare application needs to read in the response from the server,
    > and then decide what to do with the information.


    Here's one way:

    easy_install mechanize

    (install easy_install first if you don't have that:

    http://peak.telecommunity.com/DevCenter/EasyInstall#installing-easy-install

    )

    #-------------------------------
    import mechanize

    SHOW_COOKIES = True

    br = mechanize.Browser()
    if SHOW_COOKIES:
    cj = mechanize.CookieJar()
    br.set_cookiejar(cj)
    br.open("http://www.magnetshare.com/main.php")
    br.select_form(nr=0)
    br["user"] = "joe"
    br["pass"] = "password"
    r = br.submit()
    assert "Logged In" in r.get_data()
    if SHOW_COOKIES:
    for cookie in cj:
    print cj
    #-------------------------------


    (note the cookiejar is always there; you only need to create one and
    pass it in in order to get at it to e.g. print out the cookies you've
    collected)


    John
     
    John J. Lee, Jun 24, 2006
    #5
  6. Guest

    On Sat, 24 Jun 2006 01:28:29 GMT, (John J. Lee)
    wrote:

    > writes:
    >
    >> On 22 Jun 2006 16:19:50 -0700, "Justin Azoff"
    >> <> wrote:
    >>
    >> >Jeethu Rao wrote:
    >> >> You need to use httplib.
    >> >> http://docs.python.org/lib/httplib-examples.html
    >> >>
    >> >> Jeethu Rao
    >> >
    >> >Not at all. They need to read the documentation for urrlib:
    >> >
    >> >http://docs.python.org/lib/module-urllib.html
    >> >http://docs.python.org/lib/node483.html
    >> >"The following example uses the "POST" method instead:"....
    >> >
    >> >Additionally, they probably need to use cookielib, otherwise the logged
    >> >in state will not be persistant.

    >
    >Or you may not be able to log in at all, for an everyday meaning of
    >"log in".
    >
    >
    >> Here's what's strange... I tried using urllib like this:
    >> ----------------------------------------------------------------------------------
    >> try:
    >> msparams = urllib.urlencode({'user':
    >> self.components.User.text, 'pass':
    >> self.components.MagnetSharePassword.text, 'sublogin': 1})
    >> f = urllib.urlopen("http://www.magnetshare.com/process.php",
    >> msparams)
    >> fc = f.read()
    >> fc.close()
    >> print fc
    >> except:
    >> self.statusBar.text = "Disconnected"
    >> result = dialog.alertDialog(self, 'Couldn\'t connect to
    >> MagnetShare.com! Please check your Internet connection, and then try
    >> again.')
    >> else:
    >> print fc
    >> -----------------------------------------------------------------------------------
    >> ...and then I visited http://www.magnetshare.com/main.php to see if I
    >> was logged in. Sure enough I was logged in, but the exception was

    >
    >That's not how it works (assuming you visited that URL in a browser,
    >not using Python). The "logged-in-ness" comes from a "session ID"
    >cookie that is stored in your browser (or in your Python code). The
    >server sends a cookie when you log in (and usually stores your cookie
    >in a database). The browser keeps the cookie. When you come back
    >later using the same browser (maybe even after you've closed the
    >browser, if it's the right kind of cookie), your browser sends the
    >cookie back and the server looks up the session ID from that cookie in
    >the database, and sees it's you.
    >
    >If you come back using a different browser (and your Python program is
    >effectively just a different browser than your copy of Firefox or IE
    >or whatever), then the server won't remember who you are, so you're
    >not logged in *in that browser session*, even if the server has you
    >recorded in its database as logged in from a different browser
    >session.
    >
    >So, the fact that you saw yourself as logged in when you looked using
    >your web browser doesn't really help your Python program -- it's still
    >out in the cold.
    >
    >
    >> thrown anyway. I commented out the urlopen, f, and fc lines and
    >> tested it again. This time I made it to "else:"
    >>
    >> I'm stumped. I'm glad that the user can log in; however, the
    >> MagnetShare application needs to read in the response from the server,
    >> and then decide what to do with the information.

    >
    >Here's one way:
    >
    >easy_install mechanize
    >
    >(install easy_install first if you don't have that:
    >
    >http://peak.telecommunity.com/DevCenter/EasyInstall#installing-easy-install
    >
    >)
    >
    >#-------------------------------
    >import mechanize
    >
    >SHOW_COOKIES = True
    >
    >br = mechanize.Browser()
    >if SHOW_COOKIES:
    > cj = mechanize.CookieJar()
    > br.set_cookiejar(cj)
    >br.open("http://www.magnetshare.com/main.php")
    >br.select_form(nr=0)
    >br["user"] = "joe"
    >br["pass"] = "password"
    >r = br.submit()
    >assert "Logged In" in r.get_data()
    >if SHOW_COOKIES:
    > for cookie in cj:
    > print cj
    >#-------------------------------
    >
    >
    >(note the cookiejar is always there; you only need to create one and
    >pass it in in order to get at it to e.g. print out the cookies you've
    >collected)
    >
    >
    >John


    Thanks a lot John! This "mechanize" was exactly what I was looking
    for. There are some key improvements over urllib2 and also, cookies
    are turned on by default.

    Just an FYI for others, PHP can set $SESSIONID when the user refuses
    cookies. I haven't decided whether the application will use cookies or
    not, but luckily I got the login page response I was looking for. Now,
    I just parse the HTML using Python, and then go to the next screen in
    the MagnetShare application.

    Here's the test code I used.
    ---------------------------------------------------------------------------------------
    import mechanize

    br = mechanize.Browser()
    br.open("http://www.magnetshare.com/main.php")
    br.select_form(nr=0)
    br["user"] = "test2"
    br["pass"] = "test2"
    response1 = br.submit()
    fc = response1.read()
    print fc
    ----------------------------------------------------------------------------------------

    Cheers!

    Ben
     
    , Jun 24, 2006
    #6
  7. John J. Lee Guest

    (John J. Lee) writes:
    [...]
    > #-------------------------------
    > import mechanize
    >
    > SHOW_COOKIES = True
    >
    > br = mechanize.Browser()
    > if SHOW_COOKIES:
    > cj = mechanize.CookieJar()
    > br.set_cookiejar(cj)
    > br.open("http://www.magnetshare.com/main.php")
    > br.select_form(nr=0)
    > br["user"] = "joe"
    > br["pass"] = "password"
    > r = br.submit()
    > assert "Logged In" in r.get_data()
    > if SHOW_COOKIES:
    > for cookie in cj:
    > print cj
    > #-------------------------------


    That last line should of course have been:

    print cookie

    and not:

    print cj


    John
     
    John J. Lee, Jun 25, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. steven
    Replies:
    1
    Views:
    1,002
    Martin Honnen
    May 6, 2004
  2. designsimply

    Can I http post xml using php?

    designsimply, May 16, 2005, in forum: XML
    Replies:
    5
    Views:
    30,646
    designsimply
    May 16, 2005
  3. ColinK
    Replies:
    0
    Views:
    591
    ColinK
    Jul 15, 2007
  4. Rajive Narain
    Replies:
    0
    Views:
    2,066
    Rajive Narain
    Sep 18, 2009
  5. Colin Graham

    Login to admin system through login screen only

    Colin Graham, Apr 10, 2005, in forum: ASP .Net Security
    Replies:
    1
    Views:
    282
    Joseph MCAD
    Apr 11, 2005
Loading...

Share This Page