Probably what is happening is that the server is logging your access and keeps a record for every active session. All you’ve done is log in, so if you try to log in again, it probably thinks you’re already logged in and won’t allow another session. You may have to log out before you can do another login, as many servers consider simultaneous sessions to be insecure. To confirm this, you might try using the script, and then trying to log in on the web. The server might tell you that you can’t have two sessions, or it might ask you to log in again, which probably would overwrite the other session.
Anyways, here’s what I found. There are many more fields being passed in the login page than just the password and username. I assume the other fields are used by the script to track where your coming from and to track login attempts, so they may or may not be unnecessary. To truly reproduce using the login page, you’ll need to send all of the following html form input’s…
This would all translate to…
set theLoginScript to "curl -e your.site.com/theOriginalForm.jsp -d "
cpf=&senha=&funcao=login&subfuncao=login&programa=index.html&indlogon=7&certif=N&cpfTemp=<YOUR _CODIGO>&senhaTemp=<YOUR_SENHA>" [url=http://your.site.com/dir/theScript.cgi]http://your.site.com/dir/theScript.cgi"[/url]
try
do shell script theLoginScript
display dialog "Login Successful!"
on error errorMessage number errorNumber
display dialog "Alert: Login Unsuccessful!"
end try
Make sure to change the “” and “<YOUR_SENHA>” parts to your actual login info, without quotes or brackets.
You may run into more problems if the server is using cookies to track sessions, as the server/browser relationship is a bit more tricky when dealing with cookies. If it’s a simple URL-encoded string storing a session id in the url, it should be as easy as something like…
(* Replace the 'do shell script' code above with this... *)
set theSecurePage to (do shell script theLoginScript) as unicode text
(* Then, check to see if you were logged in *)
(* Purely hypothetical and for example only! *)
if theSecurePage contains "Error: Login Failed" then
display dialog "You were never logged in!"
else
set theLogoutScript to "curl -d "sessid=<YOUR_SESSIONID>" [url=https://www.mysite.com.br/logoutscript.jsp]https://www.mysite.com.br/logoutscript.jsp"[/url]
try
do shell script theLogoutScript
display dialog "Logout Successful!"
on error errorMessage number errorNumber
display dialog "Alert: Logout Unsuccessful!"
end try
end if
Checking for a match for “Error: Login Failed” above is similar to what you were doing in your first code…checking for the page title. You’d have to change that to whatever is found on your error page… (probably will be in portuguese, too…no? ) You’d need to generate the error page (like logging in with the wrong info of logging in twice) and then find some text that is always on the page that you can pattern match for. Next, you set the variable ‘theSecurePage’ to the contents of the page resulting from the do shell script command. If the pattern is found, the script can assume that you hit an error, otherwise, it tries to log you out.
Then you’ll have to find out how the logout process is done, and then use curl to issue a new command to do that logout. You may have to write some code to parse any information out of the page (or perhaps out of the url of the page that the script redirects you to) to supply that information (like a session id or any form variables). This part could get a bit tricky.
An easy workaround?..
If you know that the server automatically purges old sessions (like every day, once a week, etc.) you could just set your script to access the page at intervals more than that timeframe, so the server would just take care of loggin out for you. If you only need to log in once a month, just run the script once avery three weeks. Most ‘secure’ servers wouldn’t hold an unresolved session more than 24 hours, I wouldn’t think.
Good luck…
j