JP_TechGroup
asked on
Log on to we page via script or batch file
We have a process controller in our shop which stores records sent by our shop equipment...
It is web page accessible on the LAN and has a simple JavaScript logon. I need to be able to log on to this site (I have the username and password) via a script or batch file, as I have been tasked with pulling the text records it stores automatically. Since all the records resolve the HTML addresses this is simple, once logged on... However I can't seem to find a good way to do this. The old http://user:password@somesite.com/URL doesn't work. Anyone know how to go about this? Thanks.
It is web page accessible on the LAN and has a simple JavaScript logon. I need to be able to log on to this site (I have the username and password) via a script or batch file, as I have been tasked with pulling the text records it stores automatically. Since all the records resolve the HTML addresses this is simple, once logged on... However I can't seem to find a good way to do this. The old http://user:password@somesite.com/URL doesn't work. Anyone know how to go about this? Thanks.
ASKER
No question the page is not very secure... It's what the client system runs on however, so there isn't much I can do about that.
ok, here is the script I am trying to make work... it runs correctly except the authentication does not work. The resulting file download winds up being the html for the start page rather than the file to be downloaded... obviously the script is not properly authenticating.
ok, here is the script I am trying to make work... it runs correctly except the authentication does not work. The resulting file download winds up being the html for the start page rather than the file to be downloaded... obviously the script is not properly authenticating.
strLink = "http://ourURL/StorageCardMMC/LOG_P1/LOG_P10.txt"
' Get file name from URL.
strSaveName = Mid(strLink, InStrRev(strLink,"/") + 1, Len(strLink))
strSaveTo = "C:\temp\" & strSaveName
' Create an HTTP object
Set objHTTP = CreateObject( "WinHttp.WinHttpRequest.5.1" )
' Download the specified URL
objHTTP.Open "GET", strLink, False
objHTTP.SetCredentials "username", "password", HTTPREQUEST_SETCREDENTIALS_FOR_SERVER
objHTTP.Send
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(strSaveTo) Then
objFSO.DeleteFile(strSaveTo)
End If
If objHTTP.Status = 200 Then
Dim objStream
Set objStream = CreateObject("ADODB.Stream")
With objStream
.Type = 1 'adTypeBinary
.Open
.Write objHTTP.ResponseBody
.SaveToFile strSaveTo
.Close
End With
set objStream = Nothing
End If
If objFSO.FileExists(strSaveTo) Then
End If
Hi JP,
My point was that if your security is JavaScript-based then it can probably be bypassed altogether. Javascript security is usually ineffective because it's browser based so can be turned off (or avoided completely). If you try to access that txt file without logging in first, and you end up on a different page, then I'm guessing there is more to your logon system than just Javascript.
What happens if you disable javascript in your browser and try accessing the file?
If you're able to run PHP scripts, then a simple cURL request may do the job for you:
My point was that if your security is JavaScript-based then it can probably be bypassed altogether. Javascript security is usually ineffective because it's browser based so can be turned off (or avoided completely). If you try to access that txt file without logging in first, and you end up on a different page, then I'm guessing there is more to your logon system than just Javascript.
What happens if you disable javascript in your browser and try accessing the file?
If you're able to run PHP scripts, then a simple cURL request may do the job for you:
<?php
$remoteFile = 'http://ourURL/StorageCardMMC/LOG_P1/LOG_P10.txt';
$newFile = 'LOG_P10.txt';
$fp = fopen($newFile, 'w');
$ch = curl_init($remoteFile);
curl_setopt($ch, CURLOPT_FILE, $fp);
$data = curl_exec($ch);
curl_close($ch);
fclose($fp);
?>
ASKER
Thank you and apologies for taking so long to respond. The PHP script yields the same result. Think this one is over my head!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This was an oops on my part Chris. I have notified the mod and asked to have the solution upgraded to A.
You say your records are 'stored' but don't say how. If they're stored in a database, then you can probably skip the web page completely and just access the records directly using something like PHP.
If your system uses Javascript for a login then it probably isn't very secure. Normally, your login details are sent to the server using POST. If that's the case, then you could use a cURL request, again using something like PHP to POST the credentials and pull back your data.
The old user:password@somedomain.c
Probably need more info to give you a specific answer.