I am new to Python and I'm trying to log into a website using the Requests module and print out some of my account information. See code below :
import requests
username = 'myusername'
password = 'mypassword'
URL = 'https://www.mmoga.com/login.php'
payload = {'email_address': username, 'password': password}
session = requests.session()
r = requests.post(URL, data=payload)
account = session.get('https://www.mmoga.com/shopping_cart.php')
print account.content
Do I also have to add headers to the requests.post?
When I look at the html source I am seeing
<div class="boxHeading">
- My Account -
</div>
however I should be seeing
<div class="boxHeading">
- My Account -
</div>
When posting the the login form on that page you also need to pass a query string with a "get" parameter named action:
import requests
username = 'myusername'
password = 'mypassword'
URL = 'https://www.mmoga.com/login.php'
payload = {'email_address': username, 'password': password}
params = {'action': 'process'}
session = requests.session()
r = session.post(URL, data=payload, params=params)
account = session.get('https://www.mmoga.com/shopping_cart.php')
print account.content
That should fix the login problem. Also, the session is not being used during login, so you should use session.post() as shown above.
Looking at https://www.mmoga.com the login URL seems to be: https://www.mmoga.com/login.php?action=process
i think you should use the session object for the POST too, so that credential cookies are actually stored in it
r = session.post(URL, data=payload)
Related
I'm trying to login to a website using pythons requests module
I've looked into the website using chrome. That's what the post looks like
username: aaa
password: aaa
cmd[doStandardAuthentication]: Anmelden
this is my code:
payload = {
'username': "noah.kamara",
'password': "nkitBest1602uNi",
'cmd[doStandardAuthentication]:': 'Anmelden'
}
with requests.Session() as session:
login_page = session.get(login_url)
post = session.post(login_url, data=payload)
print(post.status_code)
r = session.get(request_url)
print(r.status_code)
print(r.content)
I always get back to the login page and don't know why
I am using the REST API for iObeya, I wish to use Python Requests but currently I cannot authenticate with the server. The documentation states that you can authenticate using a POST request and upon return, you should get a cookie called 'JSESSIONID' when the auth is correct.
So far I have this:
url = 'https://link-to.com/iobeya/'
auth_url = 'https://link-to.com/iobeya/j_spring_security_check'
headers = {"content-type": "application/x-www-form-urlencoded; charset=utf-8"}
session = requests.Session()
session.auth = ("username", "password")
auth = session.post(url, verify=False)
r = session.get(url, verify=False, headers=headers)
print(r.status_code)
print(r.headers)
print(r.cookies)
The return of cookies is null. Is this the right way to be doing a auth request using a POST method?
Here is the page describing how the auth API works:
It just wants you to make a normal POST with username and password.
auth_url = 'https://link-to.com/iobeya/j_spring_security_check'
session = requests.Session()
auth = session.post(auth_url, data={'username': username, 'password': password})
import requests
POST_LOGIN_URL = 'https://www.iptorrents.com/login.php'
REQUEST_URL = 'https://www.iptorrents.com/t'
payload = {
'username_input_username': 'ZZZZZZZZ',
'password_input_password': 'ZZZZZZZZZ',
}
with requests.Session() as session:
post = session.post(POST_LOGIN_URL, data=payload)
r = session.get(REQUEST_URL)
print(r.text)
I expected to show me the source of homepage of torrent but it just show the source code of login page .
I have noticed you are using this link to login to the website
https://www.iptorrents.com/login.php
While its Not the API call that let the user login.
If you had noticed closely here's the Network call that Login the user to the website.
https://www.iptorrents.com/take_login.php
With Payload Structure as:
payload = {
'username': 'zzzz',
'password': 'zzzzzzzzz',
}
I am learning python for fun, and my project for that is parsing popular sites with flash deals and posting it to site https://www.pepper.pl/ . I had a look on networking while messing with the site in chrome, and I've found that request body for login contains following data:
_token: gse5bAi58jnciXdynLu7D7ncXmTg1twChWMjsOFF
source: generic_join_button_header
identity: login
password: password
remember: on
So using postman I've filled this data into request with content-type as application/x-www-form-urlencoded. And the response was correct, I was able to login with postman. But when I tried to reproduce that with python, it was a failure, I received 404.
def get_pepper_token():
url = "https://www.pepper.pl/login/modal/login"
request = requests.get(url)
soup = BeautifulSoup(page, features="html.parser")
return soup.find('input', attrs={'name': '_token'})['value']
def get_login_headers():
url = "https://www.pepper.pl/login"
username = 'username'
password = 'password'
token = get_pepper_token()
payload = {
'_token': token,
'source': 'generic_join_button_header',
'identity': username,
'password': password,
'remember': 'on'
}
headers = {
'Content-Type': "application/x-www-form-urlencoded"
}
response = requests.post(url, payload, headers=headers)
So I've monitored in postman console what was exactly in request:
Request Headers:
content-type:"application/x-www-form-urlencoded"
cache-control:"no-cache"
postman-token:"de74adb5-5e9b-4c98-9a95-bb69bc739270"
user-agent:"PostmanRuntime/7.2.0"
accept:"*/*"
cookie:"__cfduid=d32b701203ce16ee47549cbe5388b3faa1534746292; first_visit=%22bf0e1200-a441-11e8-b92e-6805ca619fd2%22; pepper_session=%2255c4b461a56c37f5c2ce1a7323b44f8d12353e91%22; browser_push_permission_requested=1534748540; remember_afba1956ef54387311fa0b0cd07acd2b=%22100085%7ChX2GS7H3l8QY79HasDcB3scptVyKGDVMJHdz4Ux2ONIih6Rp2VKhU0BpxvzD%22; view_layout_horizontal=%220-1%22; show_my_tab=0; navi=%5B%5D"
accept-encoding:"gzip, deflate"
referer:"https://www.pepper.pl/login"
and as you can see there are some fields in request headers which I did not enter in postman. I added manually cookie value from request headers from postman, and it worked. Rest of those fields are not required.
Do you know how I may generate this cookie?
The answer is simple library RoboBrowser, here is how I solved part of the problem:
Very short and handy solution compare to my previous attempts.
RoboBrowser GitHub page
url = "https://www.pepper.pl/login/modal/login"
browser = RoboBrowser()
browser.open(url)
signup_form = browser.get_form('login_form')
signup_form['identity'].value = self.username
signup_form['password'].value = self.password
browser.submit_form(signup_form)
I read the answer to the question:
"How to “log in” to a website using Python's Requests module?"
The answer reads:
"Firstly check the source of the login form to get three pieces of information - the url that the form posts to, and the name attributes of the username and password fields."
How can I see, what the name attributes for username and password are for this morningstar.com page?
https://www.morningstar.com/members/login.html
I have the following code:
import requests
url = 'http://www.morningstar.com/members/login.html'
url = 'http://beta.morningstar.com'
with open('morningstar.txt') as f:
username, password = f.read().splitlines()
with requests.Session() as s:
payload = login_data = {
'username': username,
'password': password,
}
p = s.post(url, data=login_data)
print(p.text)
But - among other things - it prints:
This distribution is not configured to allow the HTTP request method that was used for this request. The distribution supports only cachable requests.
What should url and data be for the post?
There is another answer, which makes use of selenium, but is it possible to avoid that?
This was kind of hard, i had to use an intercepting proxy, but here it is:
import requests
s = requests.session()
auth_url = 'https://sso.morningstar.com/sso/json/msusers/authenticate'
login_url = 'https://www.morningstar.com/api/v2/user/login'
username = 'username'
password = 'password'
headers = {
'Access-Control-Request-Method': 'POST',
'Access-Control-Request-Headers': 'content-type,x-openam-password,x-openam-username',
'Origin': 'https://www.morningstar.com'
}
s.options(auth_url, headers=headers)
headers = {
'Referer': 'https://www.morningstar.com/members/login.html',
'Content-Type': 'application/json',
'X-OpenAM-Username': username,
'X-OpenAM-Password': password,
'Origin': 'https://www.morningstar.com',
}
s.post(auth_url, headers=headers)
data = {"productCode":"DOT_COM","rememberMe":False}
r = s.post(login_url, json=data)
print(s.cookies)
print(r.json())
By now you should have an authenticated session. You should see a bunch of cookies in s.cookies and some basic info about your account in r.json().
The site changed the login mechanism (and probably their entire CMS), so the above code doesn't work any more. The new login process involves one POST and one PATCH request to /umapi/v1/sessions, then a GET request to /umapi/v1/users.
import requests
sessions_url = 'https://www.morningstar.com/umapi/v1/sessions'
users_url = 'https://www.morningstar.com/umapi/v1/users'
userName = 'my email'
password = 'my pwd'
data = {'userName':userName,'password':password}
with requests.session() as s:
r = s.post(sessions_url, json=data)
# The response should be 200 if creds are valid, 401 if not
assert r.status_code == 200
s.patch(sessions_url)
r = s.get(users_url)
#print(r.json()) # contains account details
The URLs and other required values, such as POST data, can be obtained from the developer console (Ctrl+Shift+I) of a web-browser, under the Network tab.
As seen the code, the username input field is:
<input id="uim-uEmail-input" name="uEmail" placeholder="E-mail Address" data-msat="formField-inputemailuEmail-login" type="email">
the password input field is:
<input id="uim-uPassword-input" name="uPassword" placeholder="Password" data-msat="formField-inputpassworduPassword-login" type="password">
The name is listed for both in each line after name=:
Username: "uEmail"
Password: "uPassword"