* * *

Author Topic: [solved] how to use fphttpclient to access webpage that requires login ?  (Read 1087 times)

billyb123

  • New member
  • *
  • Posts: 13
i am using fphttpclient and i want to access webpage that requires login, lets say, for example: https://myexample.com/restricted_page
i cannot access that page if i am not logged in so i need to first log in to that website and then access that page

how to login to a website with fphttpclient? lets say a website, for example, https://myexample.com has
a login form like this:

Code: [Select]
  <form method="post" action="https://myexample.com/auth">
    <input type="hidden" name="_token" value="fuihaihiufheaiulfasd">
    <input type="text" name="username" id="username">
    <input type="password" name="password" id="password">
  </form>

so what i should do is this:

(1) http get main page https://www.myexample.com to get the token from that form that is located in the main page

(2) then send http post request with login credentials to the page mentioned in login form (https://myexample.com/auth)

(3) then i should get a response and in that response will be cookies

(4) then i need to save those cookies somehow and use them in the next request

(5) so now i should http get to restricted page https://myexample.com/restricted_page and send
cookies along my http get request and it should work?

Code: [Select]
uses
  fphttpclient, sysutils, strutils, classes;

const
  url_main = 'https://www.myexample.com';  (* main page where the login form is located *)
  url_restricted = 'https://www.myexample.com/restricted_page';  (* page i am trying to access *)
  url_login_auth = 'https://www.myexample.com/auth';  (* page that login form sends us to *)

var
  token: string;
  http: tfphttpclient;
  page: ansistring;
  formdata: tstrings;

begin
  http := tfphttpclient.create (nil);
  try
    page := http.get (url_main);
    (* extract_token is my procedure,
       it just extracts the token from
       that login form to a string
    *)
    token := extract_token (page);
   
    (* now that i got the token i can
       try to http post to login auth
       page so i can get them cookies
    *)
    formdata := tstringlist.create;
    formdata.values['_token'] := token;
    formdata.values['username'] := 'myusername';
    formdata.values['password'] := 'mypassword';
    http.formpost (url_login_auth, formdata);
    writeln (http.responseheaders.text);
    (* and now i could parse the "Set-Cookie" field that was returned from "writeln" in the line above, but what to do with it?

       how to now use those cookies in my next get request to the restricted page now?
       can i set http get request headers with tfphttpclient and how?
    *)

  finally
    http.free;
  end;   

end.

is my line of thinking correct?
« Last Edit: February 03, 2017, 09:05:19 pm by billyb123 »

Leledumbo

  • Hero Member
  • *****
  • Posts: 7651
  • Programming + Glam Metal + Tae Kwon Do = Me
Re: how to use fphttpclient to access webpage that requires login ?
« Reply #1 on: February 03, 2017, 02:57:43 am »
is my line of thinking correct?
Yes, except that you don't have to parse Set-Cookie yourself. fphttpclient is designed to work like a browser, so it should manage cookies internally, just keep using the same fphttpclient instance for further requests.

billyb123

  • New member
  • *
  • Posts: 13
Re: how to use fphttpclient to access webpage that requires login ?
« Reply #2 on: February 03, 2017, 09:05:08 pm »
hm, it did not work, server responded with 403 instead of 200, i think cookies were not sent in my next request..

but then i tried synapse instead of fphttpclient and basically did the exact same thing written in my original post and it worked so i will mark it 'solved'.
code went something like this, writing from memory:

Code: [Select]
uses httpsend, sysutils, strutils, classes, ssl_openssl, synautil;

var
  page: tstringlist;
  http: thttpsend;
  token: string;

begin
  http := thttpsend.create;
  try
    if http.httpmethod ('GET', url_main) then
      begin
        page := tstringlist.create;
        page.loadfromstream (http.document);
        token := extract_token (page.text);
        page.clear;
       
        http.clear; (* keeps cookies intact *)
        http.mimetype := 'application/x-www-form-urlencoded';
        writestrtostream (http.document, ansistring ('username='+user+'&password='+pass+'&_token='+token));       
        if http.httpmethod ('POST', url_login_auth) then
          writeln ('OK, logged in')
        else
          halt (1);
       
        http.clear; (* cookies stay alive after this *)
        if http.httpmethod ('GET', url_restricted) then
          begin
            writeln (http.resultcode);
            page.loadfromstream (http.document);
            writeln (page.text);
          end
        else
          halt (1);
        page.free;
      end;
  finally
    http.free;
  end;
end.
« Last Edit: February 03, 2017, 09:13:24 pm by billyb123 »

 

Recent

Get Lazarus at SourceForge.net. Fast, secure and Free Open Source software downloads Open Hub project report for Lazarus