I'm trying to log on onto a website with mechanize for python; however when presented with correct credentials in the form it fails to log in.
Here's what I'm doing following the mechanize tutorial:
def logon(self):
baseurl = "https://www.website.com/login"
br = mechanize.Browser(factory=mechanize.RobustFactory())
br.open(baseurl)
br.select_form(nr=0)
br.form["username"] = self.username
br.form["password"] = self.password
response = br.submit()
print response.geturl()
That should take me to the website.com/dashboard but it's saying at the website.com/login page as though it failed. I can log in manually, and everything passed through the debugger so I'm not sure what I'm doing wrong. I did some digging, and I checked through the form HTML for javascript, and the form doesn't seem to have any attached to it.
Here's the form:
<form method="post" class="login-form">
<fieldset>
<div class="row form-section">
<label for="email">Email Address</label>
<span class="input-text"><input class="required-email" type="text" id="email" value="" name="username" /><span class="required">Required Info</span></span>
<!--<input type="text" id="email" name="username" placeholder="Enter Email Address" class="text" aria-required="true" required="required" style='float:right;' size="30" value="" /><p> -->
</div>
<div class="row form-section">
<label for="pass">Password</label>
<span class="input-text"><input class="required-text" type="password" id="pass" value="" name="password" /><span class="required">Required Info</span></span>
<!--<input type="password" placeholder="Enter Password" class="text" size="30" autocomplete="off" value="" id="password" name="password" style='float:right;' aria-required="true" required="required" />-->
</div>
<div class="row row-btn">
<input type="submit" value="Log in" />
<span>Don't have an account?<br><br>Forgot your password? Didn't get your activation email?</span>
</div>
</fieldset>
<input type="hidden" value="com_oms" name="option">
<input type="hidden" value="login" name="task">
<input type="hidden" name="return" value="">
<input type="hidden" name="9402951e32acb8d73d4a6972ae540c63" value="1" />
</form>
I know there were some similar questions asked but there haven't seemed to be any clear answers that my searching has brought up. Can anyone shed some light on what is going on?
Would like to add as a comment but am not able to:
I doubt if the few hidden inputs especially the string serve as a verification to prevent CSRF attacks. Did you try submitting the hidden fields back along with email/password? That might help you out.
Related
I have a collapse div with login/sign-up forms. How I can catch errors if they are and show them on page?
My form in html:
<form method="post" action="{% url 'login' %}">
{% csrf_token %}
<p><label for="id_username">Username:</label> <input
id="id_username" type="text" name="username" maxlength="30" /></p>
<p><label for="id_password">Password:</label> <input
type="password" name="password" id="id_password" /></p>
<input type="submit" value="Log in" />
<input type="hidden" name="next" value="{{ request.get_full_path }}"
/>
</form>
Dude use the inbuilt login, it offers you with encryption of password. the method your using is little messy i would recommend to go with django inbuilt authentication. here's the link,
https://simpleisbetterthancomplex.com/tutorial/2016/06/27/how-to-use-djangos-built-in-login-system.html
A login form is submitted and when I try and dump the values the form structure is empty in IE but not FF or Chrome. This is in a DEV environment using HTTPS and a corporate self signed certificate.
I don't really think this is Fusebox related but it is the framework I'm using. No choice in the matter as it is legacy code and no budget to change it so please don't suggest I move on.
I've discovered that in IE it doesn't like the form action to be of the format:
/directory/index.cfm?fuseaction=app.Security
Instead it wants a fully qualified action
https://www.mycompany.com/directory/index.cfm?fuseaction=app.Security
<form action="/directory/index.cfm?fuseaction=app.Security" name="loginForm" id="loginForm" method="post">
<div style="width:55%;" align="center" id="fieldset">
<fieldset class="border" style="width:70%;">
<legend>Login</legend>
<div style="padding:2%">
<label for="userID">User ID: <span id="error1" class="redbold" aria-live="assertive"></span> </label>
</div>
<div>
<span class="required">*</span> <input type="text" name="userID" id="userID" size="32" maxlength="8" value="" />
</div>
<div style="padding:2%">
<label for="pw">Password: <span id="error2" class="redbold" aria-live="assertive"></span></label>
</div>
<div>
<span class="required">*</span> <input type="password" name="pw" id="pw" size="32" maxlength="20" value="" />
</div>
<div style="padding:2%" id="formButtons">
<input type="submit" value="Login" class="buttonfield" title="Login to eAgenda" />
<span style="padding-left:5%; margin-left:5%">
<input type="reset" value="Clear" class="buttonfield" title="Clear" />
</span>
<div id="errorMsg">
<p>
<span class="redbold"></span>
</p>
</div>
</div>
<span class="required">*</span>Mandatory field
</fieldset>
</div>
</form>
In the end it was a <base href="http://..."/> tag in the header. Removing or making it https solved the problem.
I have this html form that I want to use for signup of customers.
<form id='registration-form'>
{% csrf_token %}
<div class="form-group">
<input type="text" class="form-control input-upper" id="fullname" placeholder="John Doe" name="fullname" ><br>
<input type="text" class="form-control input-upper" id="username" placeholder="Username" name="username"><br>
<input type="email" class="form-control input-upper" id="email" placeholder="Email" name="email"><br>
<input type="text" class="form-control input-upper" id="organization" placeholder="Organization" name="organization"><br>
<input type="password" class="form-control input-upper" id="password" placeholder="Password" name="password"><br>
<input type="password" class="form-control input-upper" id="password" placeholder="Confirm Password" name="password"><br>
<small>By registering you agree to our terms and conditions</small>
<button type="button" class="btn btn-primary btn-block btn-signup-form">SIGN UP</button>
<button type="button" class="btn btn-primary btn-block btn-sign-linkedin" href="{% url 'social:begin' 'linkedin-oauth2' %}?next={{ next }}">Sign up with LinkedIn</button>
<p class="text-already">Already have an account? LOGIN</p>
</div>
</form>
How do I make an validation of the data filled i.e the email and password and I want customers to be able to log in after signing up
I'm not sure what you mean by validating data but If i got you correctly you should go for Django built in functionality for user creation. Django comes with Auth module which can reduce your lot's of effort and takes care of most of the painful parts. Just have a look on this post https://simpleisbetterthancomplex.com/tutorial/2017/02/18/how-to-create-user-sign-up-view.html
If you want simple validations you can use clean methods of Django Form. write one form class with the same fields as you mentioned.
EX.
Class SignupForm2(forms.ModelForm ):
class Meta:
model = User
def clean(self):
self.cleaned_data = super(SignupForm2, self).clean()
if 'captcha' in self._errors and self._errors['captcha'] != ["This field is required."]:
self._errors['captcha'] = ["Please enter a correct value"]
return self.cleaned_data
im working on django-angular5 project i have a login form in angular how should i add csrf token to my form ? without what i get this error
i searched same topic but people are using angular js that will not help me
(i ng build angular app and im using static files)
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
it is my simple form for login in home.compoenent.html
<form method="post">
<div class="input-field col s6">
<input id="first_name" type="text" name="username" class="validate">
<label for="first_name">نام کاربری</label>
</div>
<div class="input-field col s6">
<input id="first_name" type="password" name="password" class="validate">
<label for="first_name">کلمه عبور</label>
</div>
<input type="submit" class="waves-effect waves-light btn" value="login"/>
<input type="hidden" name="next" value="{{ next }}"/>
</form>
in your form you should just add {% csrf_token %}
you'll have something like this :
<form method="post">
{% csrf_token %}
<div class="input-field col s6">
<input id="first_name" type="text" name="username" class="validate">
<label for="first_name">نام کاربری</label>
</div>
<div class="input-field col s6">
<input id="first_name" type="password" name="password" class="validate">
<label for="first_name">کلمه عبور</label>
</div>
<input type="submit" class="waves-effect waves-light btn" value="login"/>
<input type="hidden" name="next" value="{{ next }}"/>
</form>
I have this HTML code:
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<form action="http://www.aweber.com/scripts/addlead.pl" method="post">
<input id="email" class="text" type="text" size="20" value="Enter your best email" name="email" onblur="if (this.value == '') {this.value = 'Enter your best email';}" onfocus="if (this.value == 'Enter your best email') {this.value = '';}" />
<input type="hidden" name="meta_web_form_id" value="">
<input type="hidden" name="meta_split_id" value="">
<input type="hidden" name="listname" value="">
<input type="hidden" name="redirect" value="">
<input type="hidden" name="meta_adtracking" value="">
<input type="hidden" name="meta_message" value="1">
<input type="hidden" name="meta_required" value="email">
<input type="hidden" name="meta_tooltip" value="">
<div style="padding-top:5px;">
<center><input class="button1" id="submit" type="image" src="red_getwaitinglist.png" name="submit" value="Get Instant Access"/></center>
</div>
</form>
</BODY>
</HTML>
and I'm using this Function to replace the element using RegEx:
Function StripTags(ByVal html As String, ByVal replace As String) As String
Return Regex.Replace(html, "<form.+?</form>", replace)
End Function
but it doesn't seem to work. It returns the same code (no replacement).
I don't know much of regex so I'm assuming the RegEx syntax might be wrong.
Can someone help me with that or show me where I'm wrong?
Append the RegexOption Singleline. Without this . will not match newlines.
Return Regex.Replace(html, "<form.+?</form>", replace, RegexOptions.Singleline)
See RegexOptions Enumeration for more details.