HTTP Request and page security

Bob Hansen · Post by **Bob Hansen** » Fri Aug 19, 2005 6:39 am

Using HTTPRequest with POST method to send values to a form:

Let>URL=http://........
Let>PostData=field1=value1&field2=value2&.........
HTTPRequest>%URL%,,POST,%PostData%,Result_Variable

Web page normally needs name and password when using browser.
When running macro I get message that I cannot POST.

Here is an excerpt from the Return_Variable:

Code: Select all

function BackToVendorSite()
	{
	document.frmVendorSite.submit();
	}
</script>
</head>

	<p>You are not allowed to view this page
	<ul><li>Your session may have expired. <a href='/' target='_top'>Please login again.</a>
	<FORM id=frmLogin name=frmLogin action=/sql_response_login.asp method=post>
	<table class="xxsmallb" border="0" cellpadding="0" cellspacing="0">
		<tr>
			<td><img src="/images/memberid.gif" WIDTH="70" HEIGHT="15"></td>
			<td><input type="text" name="name" size="10" TABINDEX="1"></td>
			<td rowspan="2" width="2"><img src="/images/spacer1.gif" WIDTH="1" HEIGHT="1"></td>
			<td rowspan="2"><input type="image" src="/images/boxlogin.gif" name="submit" TABINDEX="3" WIDTH="40" HEIGHT="40"></td>
		</tr>
		<tr>
			<td><img src="/images/password.gif" WIDTH="70" HEIGHT="15"></td>
			<td><input type="password" name="pw" size="10" TABINDEX="2"></td>
		</tr>
			<td height="1"><img src="/images/spacer1.gif" WIDTH="1" HEIGHT="1"></td>
		</tr>

	<INPUT id=strDestination type=hidden value=/PageName/&cTask=BROKER&lMultiPage=True&cSection=SALES name=strDestination>
	<INPUT type=hidden name=strForm value=>
	</FORM>
	</table><br>
	<b>Note: </b><i>Session expires after your browser is idle for 20 minutes</i>
	<!--<li>You may not be authorised to view this page."-->
	<li>Your browser may not have cookies enabled. This site uses cookies for your security. Contact the web site team at 555-1212
	</ul>
	Session Timeout=20<br> Script Name: /ABC/Forms/FormAggregator.asp<br>
	Parameters: job_num=12345&cTask=AGENT&lMultiPage=True&cSection=PULL<br>Form: <br>

</body>
</html>

The Return_Variable shows that I do not have access.
How to add name and password to HTTP Request command?
It looks like there may be hidden fields for name and pw.
Should name=loginname&pw=password be added to the PostData string?

I have also added name and password into Proxy fields, but that did not work (I didn't expect that it would).

I have run the macro while logged into the page with browser so I know that time expiration is not the factor.

I am too close to the problem now, need some fresh ideas from someone else......

And the answer is.....

support · Post by **support** » Fri Aug 19, 2005 7:14 am

There may just be a hidden field in the form. View the source of the page and find the tags. Add these to the value pair list - somename=whatever.

However, sessions can be implemented a number of ways. Some sites create a session variable when you log on which is tagged on to the URL. So any subsequent posts will need that session variable included. Some set a cookie which the browser maintains. Unfortunately HTTPRequest doesn't know anything about cookies - Macro Scheduler is not a browser.

As for username and password if you're talking about server logins where a dialog box pops up for username and password when using your browser, these are supported in 7.4 with:

http://username:password@www........

The simplest solution is probably going to be to automate IE so that it can remember session variables, cookies, or whatever it needs to do. Recording the session with WebRecorder will build the script for you.

This might also be helpful:
http://www.mjtnet.com/forum/viewtopic.php?t=1655

Bob Hansen · Post by **Bob Hansen** » Fri Aug 19, 2005 2:40 pm

Thanks for the help.
Good suggestions, will try them out this weekend.

Forgot about FTP format of "....//username:password@www........ ".
Thanks for the reminder.

Watch this space...............results to follow

rullbandspelare · Post by **rullbandspelare** » Wed Dec 07, 2005 8:27 am

I am a but confused. When looking at the HELP example for this

Let>PostData=email=[email protected]&name=Joe Bloggs
HTTPRequest>http://www.someplace.com/someform.html, ... MLResponse

Then i dont quite understand what info from the webpage source below to put in the above example so that the user and password fields on the webpage will be filled in.

Thanks for any input.

AnvÃƒÂ¤ndare

LÃƒÂ¶senord

[quote][/quote]

Post by **Marcus Tettmar** » Wed Dec 07, 2005 8:41 am

There's a fair bit of javascript stuff going on so it may not work but if you look at the form here:

Then your post data would look like this:

prog=user_login_nice&user_id=USERNAME&user_psw=PASSWORD

Replace USERNAME and PASSWORD with your username and password.

If it doesn't work, use WebRecorder to record the process instead.

rullbandspelare · Post by **rullbandspelare** » Wed Dec 07, 2005 9:58 am

With your suggested solution i get a but further than before.
I actualy gets something posted but i get a wrong password message in the returning webpage.
The USER is posted correctly. (If it wasnt i would get a "user missing" message) it is only the PASSWORD part that is posted wrong.

Any more ideas?

Thanks!

ps. i realy would like to stick to Macro Scheduler Pro that i am using without having to use WebRecorder.

Post by **Marcus Tettmar** » Wed Dec 07, 2005 10:02 am

Then the Javascript must be doing something to the password. In which case HTTPRequest won't handle it.

rullbandspelare wrote:ps. i realy would like to stick to Macro Scheduler Pro that i am using without having to use WebRecorder.

WebRecorder doesn't stop you using Macro Scheduler Pro. WebRecorder Creates Macro Scheduler Scripts For You! You run WebRecorder Scripts in Macro Scheduler. You still use Macro Scheduler.

rullbandspelare · Post by **rullbandspelare** » Wed Dec 07, 2005 1:24 pm

Hmm. I tried to download WEBRecorder, but the file was 0bytes...

Anyhow.
Would it be possible for HTTPRequest to handle multiple forms on the same page?
As i see it there are 3 forms:
FORM NAME="login_post"
FORM NAME="login_user_id"
FORM NAME="login_user_psw"

I would like to POST to the login_user_id and login_user_psw instead of login_post.

or have i missunderstod the technique?
Thanks!

Post by **Marcus Tettmar** » Wed Dec 07, 2005 1:35 pm

Please try downloading WebRecorder again. We uploaded a change to the download page and made a mistake with the filename! It is fixed now and you should be able to download ok.

Your page has three forms. One with hidden fields, another which is just the username. The username is converted to uppercase by the onchange handler of the input field and the action of the form moves focus to the password field. The password form then submits to /masterbef/masterbef.exe so the URL of HTTPRequest would be http://www.whatever.com/masterbef/masterbef.exe (replace http://www.whatever.com with the correct domain).

So try this instead:

Let>PostData=login_v=USERNAME&psw_v=PASSWORD
HTTPRequest>http://www.domain.com/masterbef/masterb ... MLResponse

Change USERNAME and PASSWORD to your username and password and ensure username is in upper case.

You will find this much easier with WebRecorder. Using HTTPRequest requires an understanding of HTML, the HTTP protocol and how form posts work.