How are sites protected from being log in by Selenium web driver?
At the same time you can enter the log in form manually and all other part of selenium code will work, how is that achieved?
Is it possible to log in into such site by Selenium web driver?
<!-- login form -->
<form action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
<script type="text/javascript" src="clientscript/vbulletin_md5.js?v=387"></script>
<table cellpadding="0" cellspacing="3" border="0">
<tr>
<td class="smallfont" style="white-space: nowrap;"><label for="navbar_username">Имя</label></td>
<td><input type="text" class="bginput" style="font-size: 11px" name="vb_login_username" id="navbar_username" size="10" accesskey="u" tabindex="101" value="Имя" onfocus="if (this.value == 'Имя') this.value = '';" /></td>
<td class="smallfont" nowrap="nowrap"><label for="cb_cookieuser_navbar"><input type="checkbox" name="cookieuser" value="1" tabindex="103" id="cb_cookieuser_navbar" accesskey="c" />Запомнить?</label></td>
</tr>
<tr>
<td class="smallfont"><label for="navbar_password">Пароль</label></td>
<td><input type="password" class="bginput" style="font-size: 11px" name="vb_login_password" id="navbar_password" size="10" tabindex="102" /></td>
<td><input type="submit" class="button" value="Вход" tabindex="104" title="Введите ваше имя пользователя и пароль, чтобы войти, или нажмите кнопку 'Регистрация', чтобы зарегистрироваться." accesskey="s" /></td>
</tr>
</table>
<input type="hidden" name="s" value="" />
<input type="hidden" name="securitytoken" value="1494435076-6acf057fb2e17e28bd5679c57501a85f896b4310" />
<input type="hidden" name="do" value="login" />
<input type="hidden" name="vb_login_md5password" />
<input type="hidden" name="vb_login_md5password_utf" />
</form>
<!-- / login form -->
You can log in with Selenium in two ways:
Via filling out a form on the login page. This involves finding username and password elements and inputting information for a test user you have created in a test database.
Login on the backend of your system programatically rather than using the UI. This will still require a username and password, should just work in a test environment, and the syntax depends upon what kind of authentication module you are using.
How are sites protected from being log in by Selenium web driver?
I haven't seen any site that can differentiate between human and Selenium webdriver accessing the webpage. There may be some, I am not sure. See this.
However, it is difficult to automate tasks for site for which id, classname, name of html tags changes on each reload. Google plus is one such example, there are many. For sites like Bet365 it is difficult to automate tasks because there are real time reloads.
To differentiate between bot and humans CAPTCHA is used by websites.
At the same time you can enter the log in form manualy and all other part of selenium code will work, how is that achived?
Yes, it can be achieved. You can make your program wait for a duration and enter your information (eg: username, password). Then you can perform operations like click or select using your script. But your browser should be opened using Webdriver.
To make your program wait you can use Thread.sleep(int), but you can go for WebDriverWait for better results.
Here the tough job will be deciding the wait time, because every human won't have same speed for entering values.
As suggested by ElementCR, sendkeys("value") is better than manual input.
After looking for some examples I found this reference.
How to valid a login page using Java and Selenium WebDriver?
Be sure to switch up the findElement(By.(Identifier)).
Not sure if this will provide immediate results, but this is where I would start.
Good luck.
#Before
public void setup() throws MalformedURLException, UnknownHostException{
driver = new HtmlUnitDriver(true);
driver.get(System.getProperty("login.url"));
}
#Test
public void login(){
driver.findElement(By.name("vb_login_username")).sendKeys("login");
driver.findElement(By.name("vb_login_password")).sendKeys("password");
driver.findElement(By.type("submit")).click();
}
Related
I have what I think is a pretty simple form for filling in a couple of dates and sending the user to another page. Unfortunately I find that occasionally the data is not passed to the new page, although the user does get to the page.
The code of my form is
<form action="/book/book1.php" method="post" target="_blank" id="bookboxform" name="bookboxform">
<input name="hid" type="hidden" value="<?php echo $hid ?>">
<!-- This next line added to provide an alternative identification of the hotel -->
<input name="hotelname" type="hidden" value="<?php echo $row_hotel['hotel'] ?>">
<input type="text" name="ArrivalDate" id="ArrivalDate" value="" placeholder="Loading.... please wait" readonly>
<input type="text" name="DepartureDate" id="DepartureDate" value="" placeholder="Loading.... please wait" readonly>
<input type="submit" class="button" value="Click Here!">
</form>
The two date inputs use Jquery UI to provide a selectable calendar.
In the second page (book1.php) I use
if(empty($hid) {
to send me an email of the form has failed. This tells me the user-agent.
Generally it seems to be iPhones and iPads that are usually failing, though most others have done it at some time. I estimate it's happening in 2-5% of occasions when someone tries to use the form. What could be causing this random failure?
It would appear that the failures were caused by users copying the url of book1.php and then pasting it into a fresh browser tab. As the data was being passed by POST method, the data was lost. I am now using GET method so the data is a part of the url, and there have been no failures since.
I have a simple password change form as below. It's part of a larger page, but this snippet serves to illustrate. There's no user identifier in this form - no login name, ID or other reference. It's not required because that information is stored as part of the session data on the server and picked up there when this form is submitted by an AJAX call.
<div id="passwordChange" >
<form id="passwordForm">
<table class="formbox dropshadow">
<thead>
<tr>
<td colspan="2">Change Password</td>
</tr>
</thead>
<tbody>
<tr>
<td><label for="currentPassword">Current Password</label></td>
<td><input id="currentPassword" name="oldPassword" type="password" required pattern=".{5,20}" title="Passwords should be between 5 and 20 characters long"></td>
</tr>
<tr>
<td><label for="newPassword">New Password</label></td>
<td><input id="newPassword" name="newPassword" type="password" required pattern=".{5,20}" title="Passwords should be between 5 and 20 characters long"></td>
</tr>
<tr>
<td><label for="confirmPassword">Confirm Password</label></td>
<td><input id="confirmPassword" name="confirmPassword" type="password" required pattern=".{5,20}" title="Passwords should be between 5 and 20 characters long"></td>
</tr>
</tbody>
<tfoot>
<tr>
<td colspan=2>
<input type="hidden" name="cmd" value="setPassword">
<input type=submit name=submit value="Change Password">
<input type=button name=cancel value="Cancel">
</td>
</tr>
</tfoot>
</table>
</form>
</div>
If I enter a password that Firefox has already stored for the domain in the first password box, and Firefox has stored that password for more than one stored user I get this box pop-up when I click Change Password:
The thing is, I might not be changing the password for any of the listed users, but I can't proceed past this point without giving Firefox an answer. This makes it impossible to change the password for a user whose password is not stored by the Firefox password manager.
Now, there may be a configuration option to enable or disable this behaviour (I'd be pleased to hear about it) but that's only good for my computer.
I want to be able to disable this behaviour as part of the page so that my customers don't run up against it.
Is there some HTML tag or attribute I can use? Is there a Javascript hack, or just a structural change I can make to the form that stops this occurring?
FWIW I'm running Firefox 37.0.2
After grappling with this for a while, I tried adding the autocomplete="off" attribute to my form. With this <input>, lo and behold, no interference from the password manager:
<input autocomplete="off" id="currentPassword" name="oldPassword" type="password" required pattern=".{5,20}" title="Passwords should be between 5 and 20 characters long">
Now, this flies in the face of the bug report referred to by Daniel A. White (see above) and notes on web pages such as this, both of which suggest that the ability to turn off autocomplete is being removed from the browser. Perhaps it is, but it seems that it doesn't apply here, which is all I am concerned about.
(The separate argument about whether browser manufacturers should be unilaterally overriding the wishes of the site designers is a debate for another place and time).
Footnote: While fiddling with this I did something that should have been obvious, but wasn't intuitive: I clicked the red X and closed the window. Password manager disappeared without updating anything and everything was as I wished. I still feel that a 'None of the Above' button, or 'Not Now' or whatever would have been friendlier.
There is no HTML tag or attribute that can accomplish that.
This is Browser specific, not webpage manipulation.
I'm a HTML newbie and I'm completing a website where I'd put the login form to another website.
Basically I'd like to have two forms, one for the user and one for the password, of course, and a "fake" login buttom. Basically it'll switch to the real login page, fill the proper forms doing the real login.
Is it possible? Using Chrome I saw that the login page is something like this:
<form action="websitepath/home.xhtml" method="POST">
<input type="hidden" name="xwt.act" value="DO_LOGIN">
<table cellspacing="0" cellpadding="0" width="100%" class="m2">
<tbody>
<tr>
<td align="center" class="gray">
Username:
</td>
</tr>
<tr>
<td align="center">
<input type="text" size="15" id="username" name="xwt.usr">
</td>
</tr>
<tr>
<td align="center" class="gray">
Password:
</td>
</tr>
<tr>
<td align="center">
<input type="password" size="15" id="password" name="xwt.pwd">
</td>
</tr>
</tbody>
</table>
</form>
It's not possible to send the input directly into another form, but it should be possible (depending how the 2nd site handles login) to send the form directly from you to the original login form's action page.
Your form would should send the same inputs as the original form, and have the same action (websitepath/home.xhtml), with the full URL for the action.
Also - Autofill a form of another website and send it
You can post a form to another page quite easily with html+php
The basic gist of it is as follows:
Your Form On Site A
set the action to the target page and name your fields something logical
Site B
<?php
$variableOne = $_GET['fieldname'];
$variableTwo = $_GET['otherfieldname'];
?>
This is where it gets a little fuzzy on your intentions, you don't actually have to display another login page here, you can actually just push those values to your login script but if you absolutely want redundant login forms you can recreate the form on Site B and assign the field values to :
and it will grab the posted data for you again then you can drive your login form to whatever you normally do.
Hope this Helps
if you can't modify the other site then my above method wont work for you. Your only option would be to be create a form on Site A as follows
<form method="POST" action="http://remoteurl/websitepath/home.xhtml">
<input type="hidden" name="xwt.act" value="DO_LOGIN">
<input type="text" name="xwt.usr">
<input type="password" name="xwt.pwd">
</form>
This would in theory direct your login to the login script on the remote site.
I have a form on a ModX Revo resource that looks fine and is nothing special:
<form id="contactform" action="http://mysite.com/index.php?id=41" method="send">
<tr>
<td class="orange">Name*</td>
<td><input size="24" type="text" name="name" id="name"></td>
</tr>
etc...
<tr>
<td id="tablecenter" colspan="2"><input type="submit" value="Send"></td>
</tr>
</form>
But when I hit send I just get redirected to the home page (404). The receiving resource (resource 41) is published and can be accessed fine in other ways, just not with this form action.
Tried both Send and Get methods as well as short and absolute URLs, but no difference.
Would anyone know why this would be occurring? Thanks!
(ps: FURLs are turned off on this site if it matters).
UPDATE: Seems to not just be resource 41 thats an issue - doesnt work with any resource
Used method="post" instead. Seems to work ok. Closing question
the password field in the html form i have created for my webpage is displayed some masked value which i believe is the password value that im using to connect to my database(same number of characters). But the problem is only for firefox: ie and chrome is displaying correctly.
ive also tried setting the password value to null (""), it didnt help either.
The variable name for sql password, post etc are different.
this is the code...
<div id="logincont">
<div id="loginfrm">
<form name="loginform" method="post" action="index.php">
<table class="logintable">
<tr>
<td width="70px"><span class="fonts"> Username</span></td><td><input type="text" name="user" id="userfield" /></td>
</tr>
<tr>
<td width="70px"><span class="fonts"> Password</span></td><td><input type="password" name="pass" id="passfield" /></td>
</tr>
<tr>
<td></td><td><input type="submit" name="submit" value="Submit" />
</td></tr></table>
</form>
</div>
</div>
n even after clearing the cache n cookies too, its showing the same thing..
To remove saved passwords in FireFox, go to Tools -> Options, Security tab, click the Saved Passwords button, and remove the saved passwords that you want removed. Also, if you have browser toolbars or add-ons, some of them may save passwords and auto-fill them into forms. I think that the Google Toolbar does this as well, so you may need to look at the security options for that, in addition to the FireFox options.