Sign in to follow this  
Followers 0
russell

HTTP is tricking me

6 posts in this topic

#1 ·  Posted (edited)

Ok so in this script it logs me into my wordpress and check the source code for a specific text. This all works. However it doesnt seem to really log me in as when i open IE it makes me still login. Or vise versa, if im logged in on IE the script doesn't return an error about retrieving the data. In the sense im using it WordPress functions like any other fourms board. Only 1 login per account at a time. But the script seems to work around that and i really really need it not to. I need the script to keep me logged in so as is functions i can recheck the data to verify still login or fail and exit script. Can anyone explain or tell me how to correct this?

#include <File.au3>
#include "WinHttp.au3"
$Level = 0
Opt("MustDeclareVars", 1)


Global $oHTTP, $oReceived

$oHTTP = ObjCreate("winhttp.winhttprequest.5.1")
$oHTTP.Open("POST", "http://mesite.com/wp-login.php" , False)
$oHTTP.SetRequestHeader("User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR ")
$oHTTP.SetRequestHeader("Referrer", "http://mAIN/index.php")
$oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
$oHTTP.SetRequestHeader("Connection", "keep-alive")
$oHTTP.Send("log=test" & "&pwd=password" & "&index.php?logged=true")

$oReceived = $oHTTP.ResponseText


  If StringInStr($oReceived, "You have a Access Level of 0") Then
$Level=0
EndIf

If StringInStr($oReceived, "You have a Access Level of 1") Then
$Level=1
EndIf
If StringInStr($oReceived, "You have a Access Level of 2") Then
$Level=2
EndIf
If StringInStr($oReceived, "You have a Access Level of 3") Then
$Level=3
EndIf
If StringInStr($oReceived, "You have a Access Level of 4") Then
$Level=4
EndIf

MsgBox (0, "Access Level", "Your access level is " & $Level,3)
Edited by russell

muppet hands are so soft :)

Share this post


Link to post
Share on other sites



WinHTTP 5.1 has support for session cookies, which I believe means you are only logged in for as long as the session is open and only when using that session.

If you end the script, or approach the site through any other means than the script. (like a browser) you won't be logged in as they will not be using the same session. (They might not even use WinHTTP)

If you want to stay logged in and/or share the logged in status with IE you could try the _IE UDF, or perhaps even WinINet. (WinINet has some more options to manage cookies, but I'm not sure if they can be used for your purposes)

I'm not sure why you can log in with the script while you stay logged in with IE, but that sounds like the server just didn't use a very strong restriction to 1 session per account.

P.S: $oHTTP.SetRequestHeader("Referrer", "http://wickedbots.com/membership/index.php") is the sort of stuff you want to avoid posting here.

Share this post


Link to post
Share on other sites

Well the server works as gar as its reserictions. I had someone log in as the account and then i tried only to bump them off. But that doenst seem to be the case in this, or i need to find a way to leave the session open. I never knew i closed it. can someone point that command out so i can del it


muppet hands are so soft :)

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

As far as I know the session ends when the script ends, or when the object is closed and it is restricted to the process you started it with.

(You can log in with IE, but still be logged out with FF, the same goes for AutoIt scripts)

I believe that in order to "stay logged in" you need to have a persistant cookie, WinHTTP only has session cookies. (meaning they are lost when the session is closed)

I'm not sure about how this all woks though, so hopefully someone more knowledgable will be able to confirm, or correct the above. (summons trancexx)

Edited by Tvern

Share this post


Link to post
Share on other sites

With WinHTTP you can disable automatic cookie handling and set cookies manually. That is to say you can set cookies for your current session that are collected by IE or by any other means.

What russell wants is the other way around. That's IE-matic. With enough imagination used I see no problems with that either.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

Ok im applying the code to the board but apparently your right! the board allows multi login. I assumed it was like a forums and kicked the previos login out. But per Link this is untrue and the fix is to paste some code. When i actually find how to correctly apply this ill retry. O and since i have more code runningin the scipt what is the best way to have the script i post recheck for the output without logging in? If i did

If StringInStr($oReceived, "You have a Access Level of 0") Then
$Level=0
EndIf

If StringInStr($oReceived, "You have a Access Level of 1") Then
$Level=1
EndIf
If StringInStr($oReceived, "You have a Access Level of 2") Then
$Level=2
EndIf
If StringInStr($oReceived, "You have a Access Level of 3") Then
$Level=3
EndIf
If StringInStr($oReceived, "You have a Access Level of 4") Then
$Level=4
EndIf

Agin in a while(loop) would it not just pull up the old results? Or would it resend agin?


muppet hands are so soft :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0