Python check for redirect after Login on a php page
Question
I created a small python script to log into a php page. The page itselfs redirects me to another page, if I log in (from Login.php to Userpanel.php).
Now I want to check if I get redirected after the Post Request - so if the Login was successfull. I expected a statuscode of 3**, but it seems that I'm not getting redirected - even if the login was successfull.
r = requests.post(url, allow_redirects = True, data={
'username': name,
'password': password
})
print(r.status_code)
print(r.url)
print(r.history)
I want to check, if I get redirected, so I know that the Login was successfull. Expected a 3** status code, but got a 200.
Output:
200
http://localhost/test/login.php
[]
I first tested the script on my register page and the accounts got inserted into the database, so I know the script itselfs works.
PHP Code:
Disclaimer: This file is just a testfile, so no security checks etc.
<?php
session_start();
if(isset($_SESSION['name']))
{
header("Location: userpanel.php");
}
?>
<h1>Login</h1>
<form method='POST' action=''>
<input type='text' name='username' placeholder='Username'/><br/>
<input type='password' name='password' placeholder='Password'/><br/>
<input class="btn" type='submit' name='Login'/>
</div>
<?php
$connection= mysqli_connect("---", "---", "---");
if(!$connection)
die("---");
if(!mysqli_select_db($connection, "---"))
die("---");
if(isset($_POST['Login']))
{
$user = $_POST['username'];
$pass = $_POST['password'];
$result = mysqli_query($verbindung, "SELECT * FROM --- WHERE name='$user' and password='$pass'");
if($result)
{
if(mysqli_fetch_array($result))
{
$_SESSION['name']=$user;
header("url=userpanel.php");
}
}
mysqli_close($connection);
}
3 answers
solution1
0 2020-09-10 13:13:23
r = requests.post(url, allow_redirects = True, data={
'username': name,
'password': password
})
print(r.status_code)
print(r.url)
you don't have o check the history. url always returns the final url. Nothing is wrong with your python code. can you submit the php code?
solution2
0 2020-09-10 13:31:38
I want to check, if I get redirected, so I know that the Login was successfull. Expected a 3** status code, but got a 200.
requests will follow redirects by default.
In fact, that's exactly what the ill-named allow_redirects tells it to do -- it would be better named follow_redirects but alas -- so setting it to True is not useful: that's the default and probably what you don't want here.
Your options are:
- don't do anything and check the final URL, it's what you're redirecting to, if you've reached the proper final state it should mean your redirection worked
- set
allow_redirects=False, that way requests will not follow redirects and will just return the first response it gets from the server, even if it's a 3xy - the response object has a
historyattribute , which contains the "intermediate" responses (every 3xy traversed to reach the final response), so once you get your 200 you can check for the content of this attribute, and maybe the specifics of each response
solution3
-1 2020-09-10 13:03:09
You can simply check the returned HTTP status code, with a redirect it will be 301 or 302. You can use a simple if block to check your r.status_code val.
If the successful login redirection is in the php code, this solution works fine, but if it's a javascript redirection on the login page, you will get a 200 code in the response. If this is the case, you have to search through the returned content. For that, you can use regular expression to check the body of the response for that block of js redirection.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.