koryw has asked for the wisdom of the Perl Monks concerning the following question:

I fix the invalid browser problem, before I read any of the below posts. Now I'm receiving a problem a similar problem HTTP/1.1 302 (Found) Object moved Cache-Control: private Connection: close Date: Thu, 11 Nov 2004 18:58:51 GMT Location: https://www.studentclearinghouse.org/secure_area/StudentSelfService/ref_logoff.asp?t=135851 Server: Microsoft-IIS/5.0 Content-Length: 121 Content-Type: text/html Client-Date: Thu, 11 Nov 2004 19:26:25 GMT Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority Client-SSL-Cert-Subject: /C=US/ST=Virginia/L=Herndon/O=National Student Clearinghouse/OU=Web Development/OU=Terms of use at www.verisign.com/rpa (c)01/CN=www.studentclearinghouse.org Client-SSL-Cipher: RC4-MD5 Client-SSL-Warning: Peer certificate not verified P3P: CP="CAO CURa ADMa DEVa OUR DELa IND PHY ONL UNI PUR COM NAV DEM STA" Set-Cookie: ASPSESSIONIDASTTRTQC=LJACOLKDKMMEAIEHCNBNANEP; path=/ Title: Object moved Object Moved This object may be found here. I think my problem is they don't know what the referral site is. It has to match up with what we've told the clearinghouse site, what URL we plan on coming from, so that they can verify the site in their database, to vaildate the user name, password, social security number from that referral site. My question is, can I send the referral page to this service using LWP? Here is how this process is suppose to work, we send a secure https POST form data to their url https://www.studentclearinghouse.org/secure_area/ref_students.asp They validate our referral site and the user name, password and social security number, and if everything is valid they send a redirect that displays a students transcript back to the browser. HTTP/1.1 302 (Found) Object moved Cache-Control: private Connection: close Date: Thu, 11 Nov 2004 17:51:30 GMT Location: https://www.studentclearinghouse.org/secure_area/StudentSelfService/ref_logoff.asp?t=125131 Server: Microsoft-IIS/5.0 Content-Length: 121 Content-Type: text/html Client-Date: Thu, 11 Nov 2004 18:19:05 GMT Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority Client-SSL-Cert-Subject: /C=US/ST=Virginia/L=Herndon/O=National Student Clearinghouse/OU=Web Development/OU=Terms of use at www.verisign.com/rpa (c)01/CN=www.studentclearinghouse.org Client-SSL-Cipher: RC4-MD5 Client-SSL-Warning: Peer certificate not verified P3P: CP="CAO CURa ADMa DEVa OUR DELa IND PHY ONL UNI PUR COM NAV DEM STA" Set-Cookie: ASPSESSIONIDASTTRTQC=JHPAOLKDAIDDOHGANEMHANLE; path=/ Title: Object moved Object Moved

I'm trying to send a secure HTTPS Post using LWP and Crypt::SSLeay and I'm getting a 302 Object Moved error, which I assume the site that I'm contacting doesn't know where to redirect back to. Below is my code and content errors from browser and command line.

BROWSER RESULTS


HTTP/1.1 302 (Found) Object moved Cache-Control: private Connection: c
+lose 
Date: Tue, 09 Nov 2004 20:35:56 GMT 
Location: https://www.studentclearinghouse.org/secure_area/InvalidBrow
+ser.asp Server: Microsoft-IIS/5.0 Content-Length: 121 
Content-Type: text/html Client-Date: Tue, 09 Nov 2004 21:03:53 GMT Cli
+ent-Response-Num: 1 
Client-SSL-Cert-Issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Serv
+er Certification Authority Client-SSL-Cert-Subject:/C=US/ST=Virginia/
+L=Herndon/O=National Student Clearinghouse/OU=Web Development/OU=Term
+s of use at www.verisign.com/rpa (c)01/CN=www.studentclearinghouse.or
+g Client-SSL-Cipher: RC4-MD5 
Client-SSL-Warning: Peer certificate not verified 
P3P: CP="CAO CURa ADMa DEVa OUR DELa IND PHY ONL UNI PUR COM NAV DEM S
+TA" 
Set-Cookie: ASPSESSIONIDCQQRSRSA=OBBKBLKDKKEHIAKNMIMDCAIM; path=/ 
Title: Object moved
Object Moved
This object may be found here.1

<p>COMMAND LINE RESULTS</p>

Content-type: text/html

<html>
<head>
<title>Transcript Verification Request</title>
</head>
<body>
<div align="center">
<h1>Error submitting to Student Clearinghouse</h1>
1<BR>HTTP/1.1 302 (Found) Object moved
Cache-Control: private
Connection: close
Date: Tue, 09 Nov 2004 20:33:10 GMT
Location: https://www.studentclearinghouse.org/secure_area/InvalidBrow
+ser.asp
Server: Microsoft-IIS/5.0
Content-Length: 121
Content-Type: text/html
Client-Date: Tue, 09 Nov 2004 21:01:07 GMT
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Serv
+er Certification Authority
Client-SSL-Cert-Subject: /C=US/ST=Virginia/L=Herndon/O=National Studen
+t Clearinghouse/OU=Web Development/OU=Terms of use at www.verisign.co
+m/rpa (c)01/CN=www.studentclearinghouse.org
Client-SSL-Cipher: RC4-MD5
Client-SSL-Warning: Peer certificate not verified
P3P: CP="CAO CURa ADMa DEVa OUR DELa IND PHY ONL UNI PUR COM NAV DEM S
+TA"
Set-Cookie: ASPSESSIONIDCQQRSRSA=CFAKBLKDLKCOBIJDHIDIEMJA; path=/
Title: Object moved

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a
+>.</body>

<font color ="ORANGE"><b>1</b></font> <BR><BR></div>
</body>
</html>

[download]

CODE

#!/usr/bin/perl
use strict;
print "Content-type: text/html\n\n";
use CGI;
use HTTP::Request::Common qw(POST);
use HTTP::Headers;
use LWP::UserAgent;

my $postFlag = 0;
my $destURL = "https://www.studentclearinghouse.org/secure_area/ref_st
+udents.asp";
my $query = CGI->new();
my $userid = $query->param('user_id');
my $qu = $query->param('qu');
my $password = $query->param('password');

my %parms = { "user_id" => $main::user_id,
              "password" => $main::password,
              "qu" => $main::qu };


my $ua = LWP::UserAgent->new();
my $req = POST $destURL, \%parms;
#my $response = HTTP::Response->new();
my $response = $ua->request($req);

if (! $response->is_success) {
print <<EOF;
<html>
<head>
<title>Transcript Verification Request</title>
</head>
<body>
<div align="center">
<h1>Error submitting to Student Clearinghouse</h1>
EOF
print $ua->is_protocol_supported( 'https' ). "<BR>";
print $response->as_string . "<font color =\"ORANGE\"><b>1</b></font> 
+<BR><BR>";
print $response->content . "<font color =\"PURPLE\"><b>4</b></font> <B
+R><BR>";
print <<EOF;
</div>
</body>
</html>
EOF
}
else {
 print $response->content;
}
exit;

[download]

20041109 Janitored by Corion: Fixed formatting

Replies are listed 'Best First'.
Re: HTTPS with Crypt::SSLeay
by saintmike (Vicar) on Nov 09, 2004 at 20:55 UTC
    POSTs aren't redirected by default. Add 
    requests_redirectable => ['GET', 'HEAD', 'POST']

    [download]
    to LWP::UserAgent's constructor call.
[reply]
[d/l]
Re: HTTPS with Crypt::SSLeay
by chromatic (Archbishop) on Nov 10, 2004 at 04:15 UTC

    If you had used warnings or the -w flag, Perl would have warned you that the variables you're trying to put into %parms don't exist. You're referring to undefined global package variables when you should refer to the lexicals you've declared a few lines above.

    Try instead:

    my %parms = 
{
    user_id  => $userid,
    password => $password,
    qu       => $qu,
};

    [download]
[reply]
[d/l]
[select]
Re: HTTPS with Crypt::SSLeay
by inman (Curate) on Nov 10, 2004 at 09:14 UTC
    Looking at the content returned to you by the website, it appears that you are redirected because you are not using a supported browser. this is being picked up by the UserAgent header in the HTTP request. LWP declares itself to be "libwww-perl/#.##" by default. You will want to change this to a string that one of the mainstream browsers sends. e.g. for Mozilla 
    $ua->agent "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Ge
+cko/20031007"

    [download]
[reply]
[d/l]

Back to Seekers of Perl Wisdom