Script problems with login and cookies.

[CuF]

Attached is a script I wrote for Bibliotik.  It's a new site that's a sister to Cinematik (if you are a member of Cinematik you can request an invite).

The script is sound, but the login doesn't always work.
It'll log you in the first time, but if you logon to the site from your browser it breaks.
I think the browser gets a new cookie and the one issued to Bit Che is revoked or something.

Any suggestions?  I'm not really sure what the problem is.

What follows is the html code for the login page:

Code: [Select]

<html>
<head>
    <title>Bibliotik / Login</title>
</head>
<body>

<center>You have 7 attempts left.</center>

<form name="loginform" id="loginform" method="post" action="login">
<input type="hidden" name="returnto" value="/" />
    <table cellpadding="2" cellspacing="1" border="0" align="center">
        <tr valign="top">

            <td align="right"><label for="username">Username: </label></td>
            <td align="left"><input type="text" name="username" id="username" class="inputtext" /></td>
        </tr>
        <tr valign="top">
            <td align="right"><label for="password">Password: </label></td>
            <td align="left"><input type="password" name="password" id="password" class="inputtext" /></td>

        </tr>

        <tr valign="top">
            <td colspan="2" align="right">
                <input type="checkbox" name="keeplogged" id="keeplogged" value="1" />
                <label for="keeplogged">Keep me logged in</label>
            </td>
        </tr>
        <tr>
            <td colspan="2" align="right"><input type="submit" name="login" value="Log In!" class="submit" /></td>

        </tr>
    </table>
</form>

<center><a href="http://bibliotik.org/recover">Recover account</a></center>

</body>
</html>

[CuF]

Btw, I just tried using Special Login instead.
Since I browse with Firefox and Special Login uses IE's cookies, I have the same problem.

Has anyone had to cope with this before?

[chip!]

It'll log you in the first time, but if you logon to the site from your browser it breaks.
I think the browser gets a new cookie and the one issued to Bit Che is revoked or something.

that is exactly right..  cookies can get out of sync between the browser and the site depending on how the site implements its auth cookie.  some sites just use the IP address so its never really an issue. except for this one. well, bit che was designed to handle the sites login on its own, so that it can attempt to self-correct any time the cookies expire. torrent harvester, for example, pulled the cookies from the web browser. which is fine.. but it couldnt fix itself.  if the bit che script is designed correctly.. (possibly need to modify the failed= and failed2=, so that bit che can detect if its cookie expired, and then re-attempt a new login)... then bit che should be able to resume searching the site after you have logged in with your browser..    trying to do both at once will be an inherent battle for the most current cookie, or if you are adventurous, you can open up setting.ini and stick in the cookie that you see from FireFox. depending on when that cookie expires that might  help.    but if the battle must remain, then i would suggest saving your login/pass with FireFox so that when you do have to visit the site with your browser, then atleast its filled in for you and you just press 'login'..    kind of a pain,  but again, its pretty rare.  in the future, i might add an option to auto-import cookie from FireFox/IE if it fails its own cookie, but I also might just leave it the way it is, for reduced confusion..


side note, i see from the sites login form that theres one additional form tag "keeplogged":

does adding "keeplogged=1" to BC's login string make any difference?  (this would be the same as logging in from the web browser with that box checked, your script as shown is defaulting to that checkbox not enabled.).

add/modify the script.ini:
form=username=%USER%&password=%PASS%&keeplogged=1


might not make a difference but thought i would just point that out...

[CuF]

I've always been a bit unclear.
Are failed and failed2 just any unique code that appears in the page you're sent to when login fails or are there some specifics in how they should be selected?

I retested with:
failed=Bibliotik / Login
failed2=Recover account

Still no luck getting Bit Che to request a new cookie (assuming that's what is happening).  If you make a search request without being logged in it, you are sent you back to the same logon page so that should work.

The keeplogged doesn't seem to make any difference to BitChe's success or failure at logging in, but I did add it back to the script.

[chip!]

failed and failed2 is what Bit Che uses to detect 2 different types of events (sometimes sites report them as the same event, sometimes not):

1) failed login attempt... such as "you've entered the wrong password.."   in this case, usually bit che has not sent auth/login cookies to the site, and it attempting to login for the first time.
2) cookie has expired..  such as, bit che already has auth/login cookies stored.. attempted a search, and the site reported that we need to login again..

in both cases, bit che should clear any cookies, and start from scratch trying to login.

but, most importantly, when picking correct failed/failed2 search terms, it needs to be based on the FIRST http packet that the site sends...   sometimes this FIRST one is invisible to the user, such as  HTTP 302 redirect response..


id like to help figure this out though, but i need to see the Bit Che's winsock log from that site.. 

so, if you dont have logging enabled:   http://convivea.com/forums/index.php?topic=1465.0

then post the log here... yes your password will be in the .txt file, so open it up and use your text editor to search and replace your pw for some <dummy> text...

OR  send me the site.winsock.txt in a PM..      ( i really dont care about your account/pw, and i never use someones account other than for script debugging/development purposes, honest ! )

OR.. go to that site and change your PW to something temporary, then update it in Bit Che... and then go back to square one, and post or PM me the logs..   

thanks,

or if you want my email address to send to, we can do that as well.. doesnt matter to me.

[CuF]

No problem.  The log contains neither my username nor password.
I searched for the word "test":

Code: [Select]

GET http://Bibliotik.org/torrents/?search=test HTTP/1.0
Accept: text/xml, application/xml, application/xhtml+xml, text/html, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Referer: http://Bibliotik.org/torrents/?search=test
Connection: Close
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Cookie: id=aElrEqjraYVeTIjSIzQhZYezDOJFhNvw%2F%2BDMTdLglSQOUgwwkYtMnl%2FPIOKKh0Sug1z0Ve0toKBk4sUIIx1aew%3D%3D;
Host: Bibliotik.org


HTTP/1.0 302 Found
Connection: close
X-Kumi-Loves-Muffincakes: True
X-Kumi-Sexpot: True
Content-Type: text/html; charset=utf-8
Expires: Thu, 01 Jan 1970 01:00:00 GMT
Last-Modified: Wed, 13 May 2009 02:59:29 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Location: http://bibliotik.org/login?returnto=%2Ftorrents%2F%3Fsearch%3Dtest
Content-Length: 0
Date: Wed, 13 May 2009 02:59:29 GMT
Server: Lighttpd/1.4


[chip!]

thanks...

ok.... try setting:

failed2=/login?returnto=


reason being, when the connection attempt fails, this is the redirection being sent:

Code: [Select]

Location: http://bibliotik.org/login?returnto=%2Ftorrents%2F%3Fsearch%3Dtest


also, Topy44 had a question on a rather odd site, so I ended up writing a little tutorial/explanation on failed/failed2, which might help answer some other questions:
http://convivea.com/forums/index.php?topic=1473.0

let me know! 

[CuF]

Thanks.  That solved the problem.  I'm about to post the working script in the appropriate thread.
I'll read the Failed/Failed2 thread you link tomorrow when I'm fully awake.

This is such a great proggie.  I keep trying to talk it up, but still get the impression that few people use it.