POST login for http service?

Hello guys…
Do someone have an example on how to deal with http post login in a form, to login to a web interface and grab data…
I’m a bit confused on how/what the openhab can do here :slight_smile:

Are you certain the website doesn’t support basic auth? If it does you can skip the login and just supply the username and password in your GET.

Please make sure you are using HTTPS though so your username and password get encrypted.

Unfortunately it doesn’t accept that…

In that case what you will have to do is figure out how it works using curl. One you have it figured out you can then use exec binding to execute the curl command or, if the requests are simple enough use sendHttpPost in a rule. I believe that action has been updated to support sending a body in the post, but I don’t know if it supports getting a result.

But be aware that if this site does not use basic auth it is rarely as simple as just submitting a POST with the form. You often must also parse the result for a session token and send the token back on each subsequent request, and be able to deal with the session timing out and re authenticateing to get a new token. And if this site dues not publish a public API to explain how to do this you will have to set up a sniffer to look at the traffic when you log in through a browser to reverse engineer the API.

I tried (and failed) to do this once for

Hello Rick…
When looking at the Source for the login page, it says method = POST - i don’t think it’s a advanced security system, since it’s for a Solar Inverter used at local network…
When i login i get a new url with a sid=xxxxxxx - so like we talked about in another thread, it must be something to “catch” the session ID and then use this in the later links… i think i know how to do this…

Just to understand, when i can’t just say, but it uses the POST, then the httpPost command “posts” some data into fields with the corect name - this can’t de done just by typing it in the url? so i need to do it in OH for testing…

When i got the sid, i can access all pages on the web-server with that sid/link…

		<td id="loginForm" align="right" valign="middle">
			<form action="/cgi-bin/handle_login.tcl" name="loginform" method="POST">
			<table width="700" border="0" cellpadding="0" cellspacing="0">
					<td colspan="2" align="right"  width="100%"><div class="heading">Welcome to 
					TLX Pro+</div></td>
  					<td align="right" width="100%"><label for="user">User:</label>&nbsp;</td>
			        	<td align="right" width="1"><input type="text" id="user" name="user" size="40" maxlength="24"></td>
					<td height="26" colspan="2"  width="100%">&nbsp;</td>
		  			<td align="right" width="100%"><label for="pw">Password:</label>&nbsp;</td>
			        	<td align="right" width="1"><input type="password" id="pw" name="pw" size="40" maxlength="24"></td>
					<td height="26" colspan="2" align="right"  width="100%">&nbsp;
  					<td colspan="2" align="right"  width="100%"><input type="submit" class="button" style="text-align: center;" name="submit" id="login" value="Login"></td>
					<td align="right" valign="bottom" colspan="2" class="disclaimer"><br><br><br>All shown values are based upon actual inverter data and are not legally binding.</td>
            <input type="hidden" name="sid" value="">


I’ve done a handful of script to login to sites and dump data.
Some general guide-lines:

  1. Install fire-bug plugin in firefox or similar it will let you understand how the site login works, you will be able to see what request are sent and what is posted and to what urls.
  2. Typical scenario is
    • Request page, using login credential save the session cookie
  • Use saved session cookie to request the page you are looking for

Bash tools to be used can be:
wget, curl, lynx and elinks.

See this for info on elinks:

For instance I have a script which log onto my electric suppliers website and get my electric bill, usage etc.

It works like this:

# First request and post login data to the loginpage
wget --save-cookie /tmp/cookie.txt --keep-session-cookies --post-data 'login=myloginname&password=mypassword' "https://somesite/loginpage.html?someparameter=value&someparameter=value2" -O /tmp/loginresult.html
#Sleep can be needed 
sleep 2
#Use the cookie which is the authorization that we have successfully logged in
wget --load-cookie /tmp/cookie.txt --keep-session-cookies "https://somesite/thepageiwantwhichrequireslogin.html" -O "/tmp/mydownloadeddata"

There are some site that are super tricky to figure out. On those sites the last option is to use Selenium to script the login in the actual browser. This can then be setup in a headless fashion.

From what you posted above, it does not seem that tricky to get that info. Again, install firebug and test to login with the browser to find out the urls.

Regards, S

Hello Seaside
Wow - that looks pretty good… Seems like it can be done with a lot of different login systems…

I tried installed the FireBug, and get’s a lot of data… Can you give me a clue on where to search for the data?
Seems like i can’t find the part where the browser post some data to the login when i press submit… also tested with “Fiddler 4” which also is a HTTP analysis tool…
I can see the User/Pass but not the assembled command sent…
It also returns the SID for me like it should…

No solutions for this? :slight_smile: