Friday, 21 January 2022

Re: Using Netsurf cookies with wget

On 21 Jan 2022 as I do recall,
Mouse wrote:

> > I'm afraid I don't know enough about HTML forms to understand exactly
> > what the Submit button is doing,
>
> HTML forms, I think, just generate a POST when submitting. But just
> prompting for two visible inputs doesn't mean there are only two
> input fields in the POST; there might be hidden input fields, fields
> which aren't displayed, being there just to pass values through from
> page generation to form submission. Read the HTML source for the form
> if you want to check that possibility.
>

Ah - I think I may have spotted something. The actual <form> tag at the
start contains an 'authenticity token':


<div id="loginform">
<form class="new_user" id="new_user" action="/users/login" accept-charset="UTF-8" method="post"><input name="utf8" type="hidden" value="&#x2713;"/><input type="hidden" name="authenticity_token" value="VfGGu3jwjsf6xNQmlmuu3Qkgc1BsZzgu0ikhluwqmVHU9RFVQQUUANuaza9HFgXr_c71SiKwBLz8XA8bQ4hSOA"/>
<dl>
<dt><label for="user_login">User name or email:</label></dt>
<dd><input type="text" name="user[login]" id="user_login"/></dd>
<dt><label for="user_password">Password:</label></dt>
<dd><input type="password" name="user[password]" id="user_password"/></dd>
<dt><label for="user_remember_me">Remember me</label></dt>
<dd><input name="user[remember_me]" type="hidden" value="0"/><input type="checkbox" value="1" name="user[remember_me]" id="user_remember_me"/></dd>
<dt class="landmark">Submit</dt>
<dd class="submit actions">
<input type="submit" name="commit" value="Log in" class="submit"/>
</dd>
</dl>
</form>
</div>

And this value is different for every copy of the page served, which
presumably means that it is, by design, impossible for anyone to log in
'blind' with user name and password alone....

--
Harriet Bazley == Loyaulte me lie ==

The best laid schemes o' mice and men gang oft a-gley.
_______________________________________________
netsurf-users mailing list -- netsurf-users@netsurf-browser.org
To unsubscribe send an email to netsurf-users-leave@netsurf-browser.org
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)