in reply to logging in to secure site

Any ideas?
Yeah: The submit button has an onclick javascript, which changes the form's action to https://www.saxobank.com/Default.aspx/?id=2&Lan=EN&Au=0&Grp=0

At the very least, you will need change the URL you're submitting to and add the id, Lan, Au and GRP to the parameters when you log in. There may still be other Javascript hocus-pocus that you need to unravel, though.

Replies are listed 'Best First'.
Re: Re: logging in to secure site
by dannoura (Pilgrim) on Apr 30, 2004 at 15:57 UTC

    Thanks for your help. I tried submitting https://www.saxobank.com/Default.aspx/?id=2&Lan=EN&Au=0&Grp=0 in the POST method. This gave me another page with username and password fields in plain html (below). Submitting to that with the URL https://www.saxobank.com/ didn't work. Excuse my ignorance, but I can't figure out how to submit using the information from the javascript. Can you figure it out?

    <td class="qblock-head" colSpan="2">Member Login (Encrypted)</td>

                    </tr>

                    <tr>

                        <td class="qst">User ID &nbsp;</td>

                        <td class="qst"><input class=input type=text m
+axLength=50 size=20 value="" name="txtUID" id="txtUID">

                        </td>

                    </tr>

                    <tr>

                        <td class="qst">Password &nbsp;</td>

                        <td class="qst"><input class="input" type="pas
+sword" maxLength="50" size="20" name="txtPWD" id="txtPWD">

                        </td>

    [download]
[reply]
[d/l]
[select]
      Your form fields are named incorrectly. From the HTML above, you'll need to supply the fields "txtUID" and "txtPWD" for your username as password, respectively. In addition, you also need the hidden form field "__VIEWSTATE", and the "submit" field (named for the submit button). In the code below, I also updated the URL to match that set by the javascript on the web page. 
      my $request=$ua->request(
  POST "https://www.saxobank.com/Default.aspx/?id=2&Lan=EN&Au=0&Grp=0"
+,
  {
    __VIEWSTATE => 'dDwxOTk0Mzg2NjQzOzs+/+MSvllHQREYBFP5zZXrPV/rhdM=',
    txtUID      => 'me',
    txtPWD      => 'secret',
    submit      => 'log in'
  });

      [download]
      It doesn't appear that the "__VIEWSTATE" field has a unique value for each page load, but if it did, you could modify your code to load the home page to retrieve the value for the "__VIEWSTATE" field: 
      my $viewstate= get_viewstate( $ua ) or die "can't get viewstate field"
+;
                                                                      
+          
my $request=$ua->request(
  POST "https://www.saxobank.com/Default.aspx/?id=2&Lan=EN&Au=0&Grp=0"
+,
  {
    __VIEWSTATE => $viewstate,
    txtUID      => 'me',
    txtPWD      => 'secret',
    submit      => 'log in'
  });
                                                                      
+          
print $request->is_success ? $request->content : "failed\n";
                                                                      
+          
# retrieve value for hidden __VIEWSTATE field (unique for each browser
+ load?)
sub get_viewstate {
  my $ua= shift;
                                                                      
+          
  require HTML::TokeParser;
  my $request= $ua->request(GET "http://www.saxobank.com/");
  die $request->status_line unless $request->is_success;
                                                                      
+          
  my $p= HTML::TokeParser->new( \$request->content );
                                                                      
+          
  while( my $tag= $p->get_tag("input") ) {
    return $tag->[1]{value} if $tag->[1]{name} eq '__VIEWSTATE';
  }
}

      [download]
      --sacked
[reply]
[d/l]
[select]
      I might have been able to if you had submitted enough information, but you didn't so I can't.

      In particular, you didn't include the <form> tag, which might tell us the right URL, nor the <submit> tag that would show us if they were playing any further games with javascript.

      Before you come back here, look at the form tag, and try to submit to the URL listed in the action field.

[reply]

        Here are the relevant parts. They don't seem to be any different from the URL I previously posted.

        <form name="Form1" method="post" action="Default.aspx?id=2&amp;Lan=EN&amp;Au=1&amp;Grp=5" id="Form1">

        and

        <table class="qblock" cellPadding="4" width="300" border="0">

                    <tr>

                        <td class="qblock-head" colSpan="2">Member Log
+in (Encrypted)</td>

                    </tr>

                    <tr>

                        <td class="qst">User ID &nbsp;</td>

                        <td class="qst"><input class=input type=text m
+axLength=50 size=20 value="" name="txtUID" id="txtUID">

                        </td>

                    </tr>

                    <tr>

                        <td class="qst">Password &nbsp;</td>

                        <td class="qst"><input class="input" type="pas
+sword" maxLength="50" size="20" name="txtPWD" id="txtPWD">

                        </td>

                    </tr>

                

                    <tr>

                        <td class="Naviblockheader" align="middle" col
+Span="2"><input class="input" type="submit" value="log in" name="subm
+it">

                        </td>

                    </tr>

                </table>

        [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom