0

I'm a little bit confused, I've read about a lot about my problem but without finding an answer. I have to login into a website and fetch some HTML from a page reachable only after logging in. I did this in the past with Visual Basic, using the IE Object and acting like a script, but this gave me a lot of problems, mostly because it's so slow.

My website it's easy accessible just using a POST request like <url>/j_security_check?j_username=username&j_password=pass what I don't know is how to check whether or not I'm logged in, how to reach the page using the created session, and how to fetch the HTML (mostly generated by JavaScript)

I never created a login form before, and I don't know how sessions work. I'm also confused about what the header is needed for, and what a Request and Response represents given by the server.

If someone could point me in the right direction to learn these concepts I would highly appreciate that.

Glubus
  • 2,704
  • 1
  • 9
  • 24
exSnake
  • 611
  • 1
  • 6
  • 24
  • I know this won't answer your question, but it might point you to the right direction. Your problem looks similar to a situation I had with oAuth2 where a ton of things were done by javascript and I couldn't request the token I needed because the response was always the HTML page. In the end the provider in question had a different approach for requesting data via post using a browser and to request it programatically. What I am trying to say is, are you sure the provider doesn't allow a different approach for the authentication? – dambros Mar 25 '16 at 14:42
  • Let me help you too, I guess your problem is how to know if the html you get is correct (you logged in) or not (incorrect credentials). I would test on the browser and see the difference. The html in case of error should contain either validation errors. In case of success you can probably see a div id that you dont see otherwise. So check the html you get back and search for those values in order to determine if you are in or not – AAlferez Mar 25 '16 at 14:50
  • To continue with my comment: depends on where you post that login, the answer might be different: it can be Yes, or OK for success or it can just redirect you to the new page by giving you the html code in the response. – AAlferez Mar 25 '16 at 14:53
  • They don't have any API if you mean that, the only way to reach that content is to simulate the browser, what i don't know is how to do that in the fastest way, i tried to use jave with HttpUnit, with `WebClient`class i don't know how to do a POST request Just trying to open the `/j_security_check?with_parameters` , don't let me in, or maybe i don't know how to save the response data and use that for reach the page i need to fetch from – exSnake Mar 25 '16 at 14:53
  • You mentioned javascript and html, but the login authorization (persistant server variables) happens on the server -- so, the only lang that matters for this answer is the backend server language. Many of us can help you figure out sessions with PHP, and fewer with .Net. What server language can you use? *Note: most shared hosting accounts (GoDaddy, NameCheap, Hostgator, etc) have access to PHP.* – cssyphus Mar 25 '16 at 15:11

2 Answers2

2

Think of SESSIONS as variables in the server's memory. They persist as cookies stored on the user's computer. Here are two brief but helpful explanations: here and here

Here is a simplified code example of a login system in PHP. When a login succeeds or fails, you either (a) redirect the user to a secured page or (b) return them to a public page to try again. In PHP code, you can redirect them using the headers() method, or in javascript with window.location.href="webpage.html";. The above example uses the js method, and it also demonstrates how to secure web pages to make some pages inside and some public.

Whether you choose the PHP method or the javascript method (to redirect to a different page) depends on how you process the login/password from the user. If you use HTML forms, they work by POSTing the data to a secondary page -- actually navigating to that other page -- processing the data, and doing something with it. This can all happen in PHP.

The most common method these days involves remaining on the same page (not navigating away from it) and sending only the data to a secondary PHP page. That page receives the user data (id/pw), compares these credentials to what you have stored in a database (or even just to a variable inside that very PHP file), and ECHOs a response back to the login page. The response is received inside a success: function, and you then use the javascript code to redirect the user to an inside page.

Sending / receiving data to a secondary PHP page while remaining on the original page is called AJAX. It's pretty simple. Here is a brief overview with some simple examples. I urge you to copy the code to your server and make the examples work - change a few things to see how each one works.

Note that there are two ways to send data from one web page to another: GET and POST. The most obvious difference is that the GET method works by appending variables/values to the URL, as you displayed in your question:

<url>/j_security_check?j_username=username&j_password=pass

The POST method is more hidden -- you need to use developer tools to see the data -- so it is preferred.

GET and POST originated with HTML forms, and most people immediately associate the two. In these modern days of AJAX, there is no need for <form> tags at all. In fact, if you use a <form></form> structure with AJAX you must suppress their default action of navigating to the secondary page:

<form id="myForm" action="anotherpage.php" method="GET">
</form>

$('#myForm').submit(function(event){
    event.preventDefault(); //suppress default form action
    //Do some stuff
    $.ajax({
        type: 'post', //this is where you now do the GET or POST
         url: 'my_secondary_file.php',
        data: 'varname=' + field_value_variable + '&nuthervar=' +nutherval,
        success: function(d){
            if (d == 'whatever you echo from php') window.location.href = 'my_secret_page.php'
        }
    });
});
Community
  • 1
  • 1
cssyphus
  • 31,599
  • 16
  • 79
  • 97
0

The sessions are created on the server. Once you hit the url (in this case <url>/j_security_check?j_username=username&j_password=pass), your server should validate the credentials and then create the session. You can only use javascript to manage that session, probably using cookies, and not create a session.

Abhishek
  • 604
  • 1
  • 5
  • 21