1
votes

I have a program in Borland Delphi 7 that uses Indy components and I want to check that my login and password are correct.

This is my current code:

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, IdBaseComponent, IdComponent, IdTCPConnection,
  IdTCPClient, IdHTTP, IdIOHandler, IdIOHandlerSocket, IdIOHandlerStack,
  IdSSL, IdSSLOpenSSL, IdCookieManager, StrUtils;

type
  TForm1 = class(TForm)
    IdHTTP1: TIdHTTP;
    Edit1: TEdit;
    Edit2: TEdit;
    Label1: TLabel;
    Button1: TButton;
    Memo1: TMemo;
    IdSSLIOHandlerSocketOpenSSL1: TIdSSLIOHandlerSocketOpenSSL;
    IdCookieManager1: TIdCookieManager;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

procedure TForm1.Button1Click(Sender: TObject);
var
 post: TStringList;
 poczatek, koniec: integer;
 aStream: TMemoryStream;
 HTML, authToken: string;
 fLogin, fHaslo: string;
begin
 IdHTTP1.HandleRedirects := True;

 fLogin := Edit1.Text;
 fHaslo := Edit2.Text;

 HTML := IdHTTP1.Get('https://e-skok.pl/eskok/login.jsp');
 poczatek := Pos('name="atlassian-token" value="', HTML) +
 Length('name="atl_token" value="');
 koniec := PosEx('"', HTML, poczatek);
 authToken := copy(HTML, poczatek, koniec - poczatek);

 post := TStringList.Create;
 try
   post.Add('atlassian-token=' + authToken);
   post.Add('os_username=' + fLogin);
   post.Add('os_password=' + fHaslo);
 try
   IdHTTP1.Request.ContentType:= 'application/json';
   HTML:= IdHTTP1.Post('https://e-skok.pl/eskok/login.jsp', post);
   Memo1.Text:= HTML;
   Label1.Caption := 'YES';
 except
     if IdHTTP1.ResponseCode = 401 then
       begin
       ShowMessage('Nieprawidłowy login lub hasło.');
       Label1.Caption := 'NO';
       end
      else
      Label1.Caption := ':)';
 end;
 finally
   post.Free;
 end;
end;
end.

The problem is when I try to log in, the program always says "Yes" (which mean it's connected, even though login and/or password are wrong).

What is the proper way to check connection with a jsp site via IdHTTP?

1
What is the value of HTML and IdHTTP1.ResponseCode?Karthikeyan Vaithilingam
Value of HTML is url adress which I want to connect. Value of IdHTTP1.ResposneCode isn't assigned - programm should check that the ResponseCode is 401 - if it is, then programm should show message "Wrong login or password"adam.cziker

1 Answers

3
votes

You cannot rely on the ResponseCode alone to verify your login, especially when an HTML-based login form is involved. Yes, Post() raises an exception when an HTTP error code is returned. So the fact that Post() is not raising an exception means the server is not reporting an HTTP error. But the content it is sending back could be an HTML error page, or even the login page displaying a failure message (which is not uncommon). So when Post() "succeeds", you need to analyze the response to make sure it is what you are expecting.

When I go to https://e-skok.pl/eskok/login.jsp in a web browser and input bad credentials, I get redirected back to https://e-skok.pl/eskok/login.jsp?err=1. When Post() exits without an exception, you can check the TIdHTTP.Response to see if that was the last URL redirected to.

BTW, the TStrings version of Post() you are calling only supports application/x-www-form-urlencoded posts, so setting the Request.ContentType to application/json is wrong since you are not posting JSON formatted data. Fortunately, Post() replaces the ContentType with the correct value. If you really want to post JSON data, you have to use the TStream version of Post() instead.

Update: after looking at the actual HTML from https://e-skok.pl/eskok/login.jsp, I can see that the code you originally showed is incorrect. You are not parsing the login HTML correctly (there is no atlassian-token field present), and you are posting the credentials to the wrong URL using the wrong field names. You have to post to https://e-skok.pl/eskok/j2_security_check instead, and it is expecting the following input fields:

j_username
j_password
j_captcha_response

That last field in particular requires extra work because it is a dynamically generated captcha. You would have to parse the HTML to extract the URL of the captcha image (https://e-skok.pl/eskok/captcha.jsp?d=1410970679796, where d changes every time the page is requested), download the image (you can use TIdHTTP.Get() for that) and display it in your app's UI so you can enter the correct text value to post in the j_captcha_response field.

Try that, and then report back with your results.