hello, thank you all for the replies. On Mon, Dec 28, 2009 at 10:21 AM, Rich Lovely <roadier...@googlemail.com> wrote: > 2009/12/26 Norman Khine <nor...@khine.net>: >> Hello, >> >> I am trying to authenticate on http://commerce.sage.com/Solidarmonde/ >> using urllib but have a problem in that there are some hidden fields >> that use javascript to create a security token which then is passed to >> the submit button and to the header. >> >> Here is the output of the LiveHeader during authentication >> >> http://paste.lisp.org/display/92656 >> >> Here is what I have so far: >> >> http://paste.lisp.org/+1ZHS/1 >> >>>>> print results >> But the page returned prints out that the session is out of time. >> >> Here are details of the forms: >> >> http://paste.lisp.org/+1ZHS/2 >> >> Any help much appreciated. >> >> Norman >> _______________________________________________ >> Tutor maillist - tu...@python.org >> To unsubscribe or change subscription options: >> http://mail.python.org/mailman/listinfo/tutor >> > > The first thing to try is to attempt to login with javascript > disabled. If it will let you do that, transfer the relevant form info > to the mechanize browser, and it should be fine.
It does not work, i need javascript enabled in order to login. > > If not, you will need to look through all of the javascript files, to > find out which one generates/receives the security token. Looking at > it, the element will be called "_xmlToken". Looking at the javascript - http://paste.lisp.org/+1ZHS/4 the 'function browser_localForm_form_onsubmit' has contextKey that is passed to it. i think the verification between the two tokens comes: securityToken = _browser.getElement("_xmlToken"); document.localForm.__sgx_contextSecurity.value = securityToken.value; also there seems to be a lot of hash keys being generated at the begining of the javascripts, here are some examples: http://paste.lisp.org/+1ZHS/3 > > The "xml" suggests that it might be received over ajax, which means > you will need to find the page that it comes from, and fake an ajax > request to it - fortunately, this is just a simple http request, much > like you are already doing - it's just handled under the surface by > javascript. how would i fake the ajax before i submit the form everything seems to come form this page /solidarmonde/defaultsgx.asp thanks > > -- > Rich "Roadie Rich" Lovely > > There are 10 types of people in the world: those who know binary, > those who do not, and those who are off by one. > -- %>>> "".join( [ {'*':'@','^':'.'}.get(c,None) or chr(97+(ord(c)-83)%26) for c in ",adym,*)&uzq^zqf" ] ) _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
