LWP::UserAgent can't login to phpbb forum

mnem0 has asked for the wisdom of the Perl Monks concerning the following question:

Hi, i'm trying to log in a phpbb forum with Perl using LWP::UserAgent. Here's what i tried :

#!"C:\perl\bin\perl.exe"
use strict;
use warnings;
use HTTP::Cookies;
use LWP::UserAgent;
my $ua = LWP::UserAgent->new;
$ua->cookie_jar(HTTP::Cookies->new(file => "cookie2.txt",autosave => 1
+,));
my $url_base = "http://www.host.com/login.php";
my $response = $ua->get($url_base);
my $contenu = $response->content;
$content =~ s/\n//g;#extracting session id
my @sids = split(/sid=/,$content);
my $id;
shift(@sids);
foreach $id(@sids){
    $id =~ s!"(.*)!!;
}
my $res = $ua->post ($url_base.'?sid='.$sids[0],[username => 'myUserNa
+me', password=>'myPassword',login=>'Connexion']);
[download]

i also tried WWW::Mechanize. Every time i launch my script, the host login page answers "bad login or password" (i checked the l/p i sent, they do work when sent via Firefox.) i captured the http headers of a succesful login connection made via firefox to understand:

http://www.host.com/login.php?sid=bfa659dd671fec73949f2f711a6c72d6

POST /login.php?sid=bfa659dd671fec73949f2f711a6c72d6 HTTP/1.1
Host: www.host.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.13) 
+Gecko/20080311 Firefox/2.0.0.13
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
+,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.host.com/index.php
Cookie: eb033c292a139b620ecb662dda3f1a1b=-; mosvisitor=1; phpbb2mysql_
+data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3
+A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=bfa659dd671fec73949f2f7
+11a6c72d6
Content-Type: application/x-www-form-urlencoded
Content-Length: 49
username=myUserName&password=myPassword&login=Connexion
HTTP/1.x 302 OK
Date: Thu, 03 Apr 2008 07:16:46 GMT
Server: Apache/1.3.34 Ben-SSL/1.55
X-Powered-By: PHP/4.4.8
Set-Cookie: phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs
+%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A3%3A%22190%22%3B%7D; expir
+es=Fri, 03 Apr 2009 07:16:47 GMT; path=/
Set-Cookie: phpbb2mysql_sid=bfa659dd671fec73949f2f711a6c72d6; path=/
Location: http://www.host.com/index.php?sid=bfa659dd671fec73949f2f711a
+6c72d6
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
[download]

i seem to post the good params at the good place. i don't see where i'm wrong :/

Comment on LWP::UserAgent can't login to phpbb forum Select or Download Code

Replies are listed 'Best First'.
Re: LWP::UserAgent can't login to phpbb forum by Corion (Patriarch) on Apr 03, 2008 at 08:29 UTC
The usual step is to compare what FireFox gives you against what WWW::Mechanize or LWP::UserAgent give you. For example by printing out the HTTP request you create (`->as_string` method of HTTP::Request). Of course, with WWW::Mechanize, there would likely be less need for extracting the `sid` parameter from the HTML through munging. My personal guess is that your `@sids` are not what you expect.	[reply] [d/l] [select]
Re^2: LWP::UserAgent can't login to phpbb forum by jettero (Monsignor) on Apr 03, 2008 at 11:03 UTC
compare what FireFox gives you against what WWW::Mechanize or LWP::UserAgent give you. I usually use HTTP::Proxy to do that comparison. Then I not only see what firefox sent, but what the Data::Dumper dump of the LWP object looks like. The output in the query log shouldn't be used directly, but the sources it logs will prove the query can be done with LWP. The next step is just to figure out what the object you built by hand is missing. Read more... (2 kB) -Paul	[reply] [d/l]
Re^2: LWP::UserAgent can't login to phpbb forum by mnem0 (Initiate) on Apr 03, 2008 at 15:31 UTC
Thank you, you're kind. i read HTTP::Request, LWP::UserAgent, lwp cookbook, tried all, i only have the http headers of the response printed. not the header of the post. i tried this `use HTTP::Request::Common qw(POST); use LWP::UserAgent; $ua = LWP::UserAgent->new; my $req = POST 'http://www.host.com/login.php?sid='.@sids[0], [ username => 'myUserName', password => 'myPasswd', lo +gin => 'Connexion' ]; print $ua->request($req)->as_string;` [download] i also tried this `open WRITER3 ,"> header.txt" my $res = $ua->post($url_base.'?sid='.$sids[0],[username => 'myUsernam +e', password=>'myPasswd',login=>'Connexion']); print WRITER3 $res->as_string;` [download] how can i get the headers of my posts please ?	[reply] [d/l] [select]
Re^3: LWP::UserAgent can't login to phpbb forum by Corion (Patriarch) on Apr 03, 2008 at 15:52 UTC
You only see the headers of the response because you only print the headers of the response. Maybe you should try printing the headers of the request instead? I think I recommended that to you already. Other than that, you might just want to inspect the network traffic by other means, like using WireShark, a network sniffer, or by using LWP::Debug.	[reply]
Re: LWP::UserAgent can't login to phpbb forum by UnderMine (Friar) on Apr 03, 2008 at 09:43 UTC
First thing I would say is try to send similar headers not just the defaults. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 Referer: http://www.host.com/index.php Are the two which definately need to be replicated as site may well reject login attempts if these are not what it considers valid. (i.e. bot attacks, search engines, etc) Compare what you captured of you programs packets with Firefox's conversation. Without having both it is very hard to tell what is actually happening rather than what you think is happening. UnderMine	[reply]
Re: LWP::UserAgent can't login to phpbb forum by CountZero (Bishop) on Apr 03, 2008 at 21:41 UTC
Yes Sir! It is definitely a case of blatant discrimination of our most beloved Perl-tools by those guys at the PHPBB. As soon as it detects a Perl-based user agent it will not allow you to log in, it will log your IP, put it on a black-list, give your e-mail address to the spammers, steal your identity, buy kinky stuf in your name, wipe out and reformat your hard-disks (and CDs and DVDS too for good measure) and all that from a carefully crafted web-page with some black PHP-code in it. Oops, it is already 3rd of April. I missed 1st of April by two days. CountZero A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James	[reply]