1

I want to log into https://www.t-mobile.com/ programmatically. My first idea was to use Mechanize to submit the login form:

alt text http://dl.dropbox.com/u/2792776/screenshots/2010-04-08_1440.png

However, it turns out that this isn't even a real form. Instead, when you click "Log in" some javascript grabs the values of the fields, creates a new form dynamically, and submits it.

"Log in" button HTML:

<button onclick="handleLogin(); return false;" class="btnBlue" id="myTMobile-login"><span>Log in</span></button>

The handleLogin() function:

function handleLogin() {
    if (ValidateMsisdnPassword()) { // client-side form validation logic
        var a = document.createElement("FORM");
        a.name = "form1";
        a.method = "POST";
        a.action = mytmoUrl; // defined elsewhere as https://my.t-mobile.com/Login/LoginController.aspx
        var c = document.createElement("INPUT");
        c.type = "HIDDEN";
        c.value = document.getElementById("myTMobile-phone").value; // the value of the phone number input field
        c.name = "txtMSISDN";
        a.appendChild(c);
        var b = document.createElement("INPUT");
        b.type = "HIDDEN";
        b.value = document.getElementById("myTMobile-password").value; // the value of the password input field
        b.name = "txtPassword";
        a.appendChild(b);
        document.body.appendChild(a);
        a.submit();
        return true
    } else {
        return false
    }
}

I could simulate this form submission by POSTing the form data to https://my.t-mobile.com/Login/LoginController.aspx with Net::HTTP#post_form, but I don't know how to get the resultant cookie into Mechanize so I can continue to scrape the UI available when I'm logged in.

Any ideas?

Kip
  • 107,154
  • 87
  • 232
  • 265
Tom Lehman
  • 85,973
  • 71
  • 200
  • 272
  • 5
    This is a direct **TOS Violation**. "You agree not to: ...access, monitor or copy any content or information on the Site using any robot, spider, scraper or other automated means or any manual process;" https://www.t-mobile.com/Templates/Popup.aspx?WT.z_unav=ftr__useterms&PAsset=Ftr_Ftr_TermsOfUse&print=true – rlb.usa Apr 09 '10 at 13:47
  • 5
    @rlb.usa: Hm... the TOS say you can't "access... any content ... using .. any manual process"... I'd say that's going to be hard to abide by unless you don't use the service in any way whatsoever. :) – retracile Apr 09 '10 at 13:53
  • 2
    @retracile: you are obviously obliged by their TOS to turn your brain off when accessing t-mobile's site. – Esteban Küber Apr 09 '10 at 13:59
  • 1
    @rlb-usa: So? Are you the TOS police? Breaking a "TOS" is not even illegal, for crying out loud. – Teddy Apr 09 '10 at 15:43
  • I think what @rlb is trying to say is, any answers provided are aiding @Horace in circumventing T-Mobile's TOS and existing security measures. And that most likely this will be considered abuse by T-Mobile resulting in possible account disconnection. Also, they're likely to revise the form submission process specifically to break scrapers like @Horace is trying to build... – Josh May 24 '10 at 23:03

3 Answers3

3

You can use something like this to login and save the cookie so you won't have to do it again. Of course you will need to come up with your own logic to post it directly but this is how I use Mechanize's built in cookie_jar method to save cookies.

if !agent.cookie_jar.load('cookies.yml')
  page = agent.get('http://site.com')

  form = page.forms.last
  form.email = 'email'
  form.password = 'password'

  page = agent.submit(form)

  agent.cookie_jar.save_as('cookies.yml')
end
Bitterzoet
  • 2,752
  • 20
  • 14
1

I often use the FireFox HttpFox extension to figure out what exactly is going on for these kind of problems.

hoju
  • 28,392
  • 37
  • 134
  • 178
1

I would avoid Net::HTTP; try with:

post(url, query={}, headers={})

directly from Mechanize class.

systempuntoout
  • 71,966
  • 47
  • 171
  • 241