Python requests module to verify if HTTP login is successful or not

Question

I've been trying to implement similar thing here and here .

Basically I just want to login to a website and get a verification if the HTTP/S authentication has been successful or not.

Unfortunately, none of the attempts below work. I have no idea whether login attempt was successful or not as I'm getting the same <Response [200]> doesn't matter if the password right or wrong.

I've also inspected the HTTP traffic. If login failed, the following message will be displayed on the login page ( http://localhost/test/login.php )

<div class="message">Login failed</div>

If login successful, page will be redirected to index.php http://localhost/test/index.php

HTML form on login page ( http://localhost/test/login.php )

<form action="login.php" method="post">
    <fieldset>
            <label for="user">Username</label> <input type="text" class="loginInput" size="20" name="username"><br> 
            <label for="pass">Password</label> <input type="password" class="loginInput" autocomplete="off" size="20" name="password"><br>
            <p class="submit"><input type="submit" value="Login" name="Login"></p>
    </fieldset>
</form>

The following Code 1 - 5 will produce <Response [200]> while Code 6 will display the login page doesn't matter if username/password is wrong.

Code 1

import requests
url = 'http://localhost/test/login.php'
payload = {'username': 'admin', 'password': 'wrongpwd'}
requests.post(url, data=payload)

Code 2

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
url = 'http://localhost/test/login.php'
payload = { 'username': 'admin', 'password': 'wrongpwd' }
requests.post(url, data=payload, verify=False)

Code 3

import requests
headers = {'User-Agent': 'Mozilla/5.0'}
url     = 'http://localhost/test/login.php'
payload = {'username':'admin','pass':'wrongpwd'}
session = requests.Session()
resp    = session.get(url,headers=headers)
cookies = requests.utils.cookiejar_from_dict(requests.utils.dict_from_cookiejar(session.cookies))
resp    = session.post(url,headers=headers,data=payload,cookies=cookies)
session.get(url)

Code 4

import requests
headers = {'User-Agent': 'Mozilla/5.0'}
url     = 'http://localhost/test/login.php'
payload = {'username':'admin','password':'wrongpwd'}
session = requests.Session()
session.post(url,headers=headers,data=payload)

Code 5

import requests
from requests.auth import HTTPBasicAuth
url = 'http://localhost/test/login.php'
requests.get(url, auth=HTTPBasicAuth('admin', 'wrongpwd'))

Code 6 (just display the login page)

import requests
url = 'http://localhost/test/login.php'
values = {'username': 'admin', 'password': 'wrongpwd'}
r = requests.post(url, data=values)
print(r.content)

What should I do to get verification if the login is successful or not?

Desired Output

Login successful

or

Login failed

If my question was not clear, or if you need further explanation, please let me know.

Answer 1

I've been trying to implement similar thing here and here .

Basically I just want to login to a website and get a verification if the HTTP/S authentication has been successful or not.

Unfortunately, none of the attempts below work. I have no idea whether login attempt was successful or not as I'm getting the same <Response [200]> doesn't matter if the password right or wrong.

I've also inspected the HTTP traffic. If login failed, the following message will be displayed on the login page ( http://localhost/test/login.php )

<div class="message">Login failed</div>

If login successful, page will be redirected to index.php http://localhost/test/index.php

HTML form on login page ( http://localhost/test/login.php )

<form action="login.php" method="post">
    <fieldset>
            <label for="user">Username</label> <input type="text" class="loginInput" size="20" name="username"><br> 
            <label for="pass">Password</label> <input type="password" class="loginInput" autocomplete="off" size="20" name="password"><br>
            <p class="submit"><input type="submit" value="Login" name="Login"></p>
    </fieldset>
</form>

The following Code 1 - 5 will produce <Response [200]> while Code 6 will display the login page doesn't matter if username/password is wrong.

Code 1

import requests
url = 'http://localhost/test/login.php'
payload = {'username': 'admin', 'password': 'wrongpwd'}
requests.post(url, data=payload)

Code 2

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
url = 'http://localhost/test/login.php'
payload = { 'username': 'admin', 'password': 'wrongpwd' }
requests.post(url, data=payload, verify=False)

Code 3

import requests
headers = {'User-Agent': 'Mozilla/5.0'}
url     = 'http://localhost/test/login.php'
payload = {'username':'admin','pass':'wrongpwd'}
session = requests.Session()
resp    = session.get(url,headers=headers)
cookies = requests.utils.cookiejar_from_dict(requests.utils.dict_from_cookiejar(session.cookies))
resp    = session.post(url,headers=headers,data=payload,cookies=cookies)
session.get(url)

Code 4

import requests
headers = {'User-Agent': 'Mozilla/5.0'}
url     = 'http://localhost/test/login.php'
payload = {'username':'admin','password':'wrongpwd'}
session = requests.Session()
session.post(url,headers=headers,data=payload)

Code 5

import requests
from requests.auth import HTTPBasicAuth
url = 'http://localhost/test/login.php'
requests.get(url, auth=HTTPBasicAuth('admin', 'wrongpwd'))

Code 6 (just display the login page)

import requests
url = 'http://localhost/test/login.php'
values = {'username': 'admin', 'password': 'wrongpwd'}
r = requests.post(url, data=values)
print(r.content)

What should I do to get verification if the login is successful or not?

Desired Output

Login successful

or

Login failed

If my question was not clear, or if you need further explanation, please let me know.