http://qs1969.pair.com?node_id=174424

inblosam has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to use LWP to log in to a SSL site. I have this code working on another SSL site, so the code shouldn't be too far off.
My first concern is that in the URL for the post there is a comment symbol (#). Is that an issue if I deference it? When I have "use strict" on I get this error:
Bareword "login" not allowed while "strict subs" in use at (eval 28) l
+ine 18.
Bareword "login" not allowed while "strict subs" in use at (eval 28) l
+ine 18.

[download]
Line 18 is pointing to the POST line. When I take "use strict;" out I get the page hit, but an error. Here is the header and message returned from google: 
HTTP/1.1 200 OK Connection: close Date: Fri, 14 Jun 2002 06:57:47 
GMT Server: stronghold apache C2NetEU tomcat/1.0 
Content-Type: text/html; charset=UTF-8 
Client-Date: Fri, 14 Jun 2002 07:00:46 GMT 
Client-Response-Num: 1 
Client-SSL-Cert-Issuer: /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Con
+sulting cc/OU=Certification Services Division/CN=Thawte Server CA/Ema
+il=server-certs@thawte.com 
Client-SSL-Cert-Subject: /C=US/ST=California/L=Mountain View/O=Google 
+Inc/CN=adwords.google.com 
Client-SSL-Cipher: EDH-RSA-DES-CBC3-SHA 
Client-SSL-Warning: Peer certificate not verified 
Client-Transfer-Encoding: chunked Link: ; rel="stylesheet" Servlet-Eng
+ine: Tomcat Web Server/3.2 (final) (JSP 1.1; Servlet 2.2; Java 1.3.1_
+02; Linux 2.4.18-smp i386; java.vendor=Sun Microsystems Inc.) 
Set-Cookie: JSESSIONID=q93xd1cc51;Path=/select 
Set-Cookie2: JSESSIONID=q93xd1cc51;Version=1;Discard;Path="/select" 
Title: Google Adwords
   AdWords Select™ - It's All About Results™  Contact Us - Help  

Sorry, we're unable to process this request. There are two possible ca
+uses for this error: 

You accessed this page via a bookmark instead of entering through the 
+AdWords Select homepage 
You have disabled cookies in your browser.

[download]

Is there a problem with getting the cookies? Is there a SSL certificate issue? Are they doing something weird on their end? Here is my code I am using to do this:
#!/usr/lib/perl -w

#use strict;

use LWP::UserAgent;
use Crypt::SSLeay;
use HTTP::Request::Common;
use HTTP::Cookies;
use LWP::Simple;

my $ua = LWP::UserAgent->new;

$ua->cookie_jar(HTTP::Cookies->new(file => 'cookie_jar', autosave =>1)
+);

push @{ $ua->requests_redirectable }, 'POST';

my $request = $ua->request(POST "https://adwords.google.com/select/mai
+n",
                            {
                             login.userid => 'test@test.com',
                             login.password => 'testabc',
                             cmd => 'LoginValidation',
                             login => 'Login',
                            });
$b = $request->as_string;
print "$b\n";

[download]

Any help is appreciated. Thanks!

Michael Jensen
michael at inshift.com
http://www.inshift.com

Replies are listed 'Best First'.
Re: Error in SSL login via LWP
by Kanji (Parson) on Jun 14, 2002 at 07:41 UTC

    For the 'Bareword "login"' error, you need to quote your keys if they contain any non-alphanumerics or clash with any other Perl functions so that they don't get misintepreted (such as in your code as login() . 'userid').

    {
  'login.userid'   => 'test@test.com', # <---
  'login.password' => 'testabc',       # <---
  cmd              => 'LoginValidation',
  login            => 'Login',
}

    [download]

        --k.


[reply]
[d/l]
      Definitely got rid of the error (thank you!) but the page still gives the same error. Any more ideas?

      Michael Jensen
      michael at inshift.com
      http://www.inshift.com
[reply]
        It would appear that AdWords is a session-based site, and that you get specific stuff, stuffed into your server-side session at the 'homepage'.
        This could explain why you cannot enter any other page than that...

        er formait hyarya.
        -- "Life is a house and the next tornado is never far away"
        -- "lovely by nature"
[reply]
Re: Error in SSL login via LWP
by cacharbe (Curate) on Jun 14, 2002 at 12:53 UTC
    I actually have a couple of web parsers that deal with this very issue, and to solve it, I have a sub called, lovingly, CreateSession.

    It takes a useragent object and a hashref with security info, opens a cookie jar for the user agent, and traverses all the urls that are necessary to create the proper session information, posting certain authentication info, etc.

    Some of the internals might look a little like this:

    $ua->cookie_jar(HTTP::Cookies->new(file => "<PATH TO COOKIE FILE",
                                   autosave => 1));
   $ua->timeout(300);
my $req = POST 'https://<SOME URL>/login.cgi',
             [cdsid   =>$$secinfo{USERID}, 
                pw    =>$$secinfo{PWD},
             ];  

    my $res = $ua->request($req);
 
    unless ($res->is_success) {
        print "Login Failed: : ". $res->status_line .  "\n";
        return 0;
    }

    my @urls = qw(<SOME LIST OF NECESSARY URLS>);
    foreach my $url(@urls){
        my $req = HTTP::Request->new(GET=>$url); 
        my $res = $ua->request($req);
        unless ($res->is_success) {
         return 0;
        }
    }

    [download]

    From there you can use that UserAgent anywhere and the cookies are set up nicely, etc, etc.

    C-.

[reply]
[d/l]

Back to Seekers of Perl Wisdom