Secure login (https + Certificate) using Perl

Finch has asked for the wisdom of the Perl Monks concerning the following question:

Hi there,
I want to logon to a secure site which is using https and a secure certificate.
My script doesn't return any error, but I can't log in. After I submitted the form using my code, I get a html-site that's telling my "Username or password wrong...".
But username and passwort is correct. If I copy and paste from my script to the corresponding fields in a browser and submit the form, it works fine.

Here the shortened HTML-Form of my site ' https://mySite.de/admin ':

<form action="/admin/index.php?action=login" method="post" name="actio
+n"> 
   <input type="hidden" name="ADMIN" value="f23af307ea00b284fb9e74c4cb
+abfbdf" /> 
   <input type="text" name="username" size="12" value=""> 
   <input type="password" name="password" size="12"> 
   <input type="submit" name="login" value="Login"> 
</form>
[download]

Here my script:

01: use WWW::Mechanize; 
02: use LWP::Debug qw(+); 
03: 
04: $username = "xxx"; 
05: $password = "xxx"; 
06: 
07: my $mech = WWW::Mechanize->new(); 
08: 
09:    $mech->cookie_jar(HTTP::Cookies->new()); 
10:    $mech->get( "https://mySite.de/admin" ); 
11:     
12:    #Get ADMIN-ID 
13:    $mech->content() =~ /name=\"ADMIN\" value=\"([^\"]+)/g; 
14:    $hiddenField = $1; 
15:        
16:    #Fill form 
17:    $mech->submit_form( 
18:                  form_name => "action", 
19:                    fields      => { 
20:                      ADMIN => $hiddenField, 
21:                      username   => $username, 
22:                      password => $password}, 
23:                    button => 'login'); 
24: 
25:     #Print site            
26:    print $mech->content(); 
27:
[download]

My first though was 'Maybe I'm getting redirected!?" I checked that and it's not the case.
Here the results from'LWP::Debug qw(+)':

LWP::UserAgent::new: () 
LWP::UserAgent::request: () 
HTTP::Cookies::add_cookie_header: Checking <<URL>> for cookies 
LWP::UserAgent::send_request: GET https://mySite/admin 
LWP::UserAgent::_need_proxy: Not proxied 
LWP::Protocol::http::request: () 
LWP::Protocol::collect: read 242 bytes 
LWP::UserAgent::request: Simple response: Moved Permanently 
LWP::UserAgent::request: () 
HTTP::Cookies::add_cookie_header: Checking <<URL>> for cookies 
LWP::UserAgent::send_request: GET https://mySite/admin 
LWP::UserAgent::_need_proxy: Not proxied 
LWP::Protocol::http::request: () 
LWP::Protocol::collect: read 4096 bytes 
LWP::Protocol::collect: read 965 bytes 
HTTP::Cookies::extract_cookies: Set cookie ADMIN => 829052f0173388362a
+649d8fe980081b 
LWP::UserAgent::request: Simple response: OK 
LWP::UserAgent::request: () 
HTTP::Cookies::add_cookie_header: Checking <<URL>> for cookies 
HTTP::Cookies::add_cookie_header: - checking cookie path=/ 
HTTP::Cookies::add_cookie_header:  - checking cookie ADMIN=829052f0173
+388362a649d8fe980081b 
HTTP::Cookies::add_cookie_header:    it's a match 
HTTP::Cookies::add_cookie_header: Checking <<URL>> for cookies 
LWP::UserAgent::send_request: POST https://mySite/admin/index.php?acti
+on=login 
LWP::UserAgent::_need_proxy: Not proxied 
LWP::Protocol::http::request: () 
LWP::Protocol::collect: read 238 bytes 
LWP::Protocol::collect: read 540 bytes 
LWP::Protocol::collect: read 2348 bytes 
LWP::Protocol::collect: read 219 bytes 
LWP::Protocol::collect: read 419 bytes 
LWP::Protocol::collect: read 160 bytes 
LWP::Protocol::collect: read 1122 bytes 
LWP::UserAgent::request: Simple response: OK
[download]

Comment on Secure login (https + Certificate) using Perl Select or Download Code

Replies are listed 'Best First'.
Re: Secure login (https + Certificate) using Perl by Krambambuli (Curate) on Oct 13, 2007 at 15:15 UTC
Can you look into the server's httpd log ? With a bit of luck, you'll find at least a hint already... If not, you might set/increase some of the debugging aids on _server side_ and then get some help about why login is refused. Hth.	[reply]
Re: Secure login (https + Certificate) using Perl by Cody Pendant (Prior) on Oct 14, 2007 at 07:21 UTC
Why are you getting the hidden field value out of the form, then putting it back in? The whole point of WWW::Mechanize is you don't have to do stuff like that. As to why it doesn't work, the answer is probably in the HTML you took out to show us the "shortened" form. Is there any JavaScript involved, for instance? Nobody says perl looks like line-noise any more kids today don't know what line-noise IS ...	[reply]
Re^2: Secure login (https + Certificate) using Perl by Finch (Initiate) on Oct 14, 2007 at 10:35 UTC
Hi, thanks for your reply. How would I get the ADMIN-ID using WWW::Mechanize? And I SOLVED THE PROBLEM!!! It wasn't in the HTML I took out. I used 'LiveHTTPHeaders' to see what's realy being sent and received. That's when I noticed that the last character of my password is cut off. I ajusted my script, deleting the last character of my passwort and BANG! it works. :-) Finch.	[reply]
Re^3: Secure login (https + Certificate) using Perl by Cody Pendant (Prior) on Oct 14, 2007 at 20:27 UTC
`>How would I get the ADMIN-ID using WWW::Mechanize?` You don't have to. The module handles hidden fields for you. Nobody says perl looks like line-noise any more kids today don't know what line-noise IS ...	[reply] [d/l]
Re: Secure login (https + Certificate) using Perl by Finch (Initiate) on Oct 13, 2007 at 21:48 UTC
Hi, thanks for your reply. I also figured it could be a server-side problem. It's not my own server, but I think I can get a hold on the 'hoster'. Once I got some more info (maybe even a solution), I will post it here. Finch.	[reply]