I've been working on a script to auto-login to my school's network and auto-fill a form on a secure page, but I can't even seem to get it to login. First, I need to mention that when I hit the login page, there is a '.exe' referenced in the url (https://elion.psu.edu/cgi-bin/elion-stu ... UI/Student), which caused some concern. Then after you login, no matter what links you click on (such as the registration link, or the bursar account link), the page's url doesn't change at all. When looking at the headers, I see that the only thing changing is something called pageKey, which looks randomly generated(along with all form field names). If I go back to the same page, it is never the same pageKey and the never the same name for the username/password/submit .
What I did was hit the login page, then searched the body for where the username/password/submit fields were and copied their names. I also grabbed the pageKey and sessionKey values. I replicated what is being POSTed and set the cookies needed, then curl_exec to the logged in page, but every time I run the script I get an error saying "Application Error. A fatal error has occurred in this application. Please contact this site's administrator."
This is more of a general question, but has anyone ever seen something like this (referring to the .exe thing), and do you know where I should even start? Also, is it possible they built the system such that it is impossible to get into unless you're physically at the keyboard?
php cURL question
Moderator: General Moderators
Re: php cURL question
On the server they could very well be executing an EXE application, in much the same way a server might execute (eg) a Perl script. It has nothing to do with what happens on your machine. Don't worry about it.
It looks like they've specifically tried to prohibit any kind of automated access. If you have a good reason for scripting whatever you need, contact the administrator and see if there's another way to get what you need.
Otherwise I'd say you're out of luck. Is it impossible? No. But what you're trying to do is effectively get around barriers meant to block you from exactly the kind of thing you're getting at.
It looks like they've specifically tried to prohibit any kind of automated access. If you have a good reason for scripting whatever you need, contact the administrator and see if there's another way to get what you need.
Otherwise I'd say you're out of luck. Is it impossible? No. But what you're trying to do is effectively get around barriers meant to block you from exactly the kind of thing you're getting at.
-
grantbachman
- Forum Newbie
- Posts: 3
- Joined: Mon Oct 11, 2010 12:49 pm
Re: php cURL question
Well all I really have to do is have my server send HTTP requests that closely mimic those that would ordinarily come from my browser, right? It seems like it shouldn't be that hard. Also, could it have something to do with the fact that it's receiving requests from a server with a certain ip address, but is displaying on a browser at a different ip?