php cURL question
Posted: Thu Oct 14, 2010 10:02 pm
I've been working on a script to auto-login to my school's network and auto-fill a form on a secure page, but I can't even seem to get it to login. First, I need to mention that when I hit the login page, there is a '.exe' referenced in the url (https://elion.psu.edu/cgi-bin/elion-stu ... UI/Student), which caused some concern. Then after you login, no matter what links you click on (such as the registration link, or the bursar account link), the page's url doesn't change at all. When looking at the headers, I see that the only thing changing is something called pageKey, which looks randomly generated(along with all form field names). If I go back to the same page, it is never the same pageKey and the never the same name for the username/password/submit .
What I did was hit the login page, then searched the body for where the username/password/submit fields were and copied their names. I also grabbed the pageKey and sessionKey values. I replicated what is being POSTed and set the cookies needed, then curl_exec to the logged in page, but every time I run the script I get an error saying "Application Error. A fatal error has occurred in this application. Please contact this site's administrator."
This is more of a general question, but has anyone ever seen something like this (referring to the .exe thing), and do you know where I should even start? Also, is it possible they built the system such that it is impossible to get into unless you're physically at the keyboard?
What I did was hit the login page, then searched the body for where the username/password/submit fields were and copied their names. I also grabbed the pageKey and sessionKey values. I replicated what is being POSTed and set the cookies needed, then curl_exec to the logged in page, but every time I run the script I get an error saying "Application Error. A fatal error has occurred in this application. Please contact this site's administrator."
This is more of a general question, but has anyone ever seen something like this (referring to the .exe thing), and do you know where I should even start? Also, is it possible they built the system such that it is impossible to get into unless you're physically at the keyboard?