I just realized that the WinHttpRequest object has built in cookie handling. And since so many people had trouble doing logins using the WinHttpRequest COM and we always thought that this would be because of the cookies, I'm now giving you two working, very well explained login examples, as well as some tips on how to get started reverseengineering HTML / HTTP-Requests.
If you want to do complicated things like logins, then you should really learn some HTML and the basics about the HTTP protocol. Fiddler and SetProxy(2,"localhost:8888") will help you A LOT with the debugging. I also recommend using an add on for your browser to quickly clean your cookies.
To reverse engineer the AHK forum login I simply analyzed the browsers HTTP requests to autohotkey.com and by some trial and error I was able to minimize it to the basics. We need exactly two requests and the login needs one request header and 3 POST data parameters.
So let's do this login to the AHK forums.
Step 1. Do a simple GET request on http://www.autohotke...l§ion=login
Step 2. Extract the auth_key parameter form the login form from the response body (ResponseText)
Step 3. Create the POST data string containing the auth_key parameter as well as the username, password and rememberMe parameter for the login
Step 4. Set the Content-Type header for the next request
Step 5. Send the POST data string to http://www.autohotke...ogin&do=process
Step 6. Analyze the response body checking if the HTML documents title starts with the words "Sign In". If so, then you're obviously not signed in (the login failed/wrong login data). If the title is different, then the login was successfull.
;Prepare our WinHttpRequest object HttpObj := ComObjCreate("WinHttp.WinHttpRequest.5.1") ;HttpObj.SetProxy(2,"localhost:8888") ;Send data through Fiddler HttpObj.SetTimeouts(6000,6000,6000,6000) ;Set timeouts to 6 seconds ;HttpObj.Option(6) := False ;disable location-header rediects ;Set our URLs loginSiteURL := "http://www.autohotkey.com/board/index.php?app=core&module=global§ion=login" loginURL := "http://www.autohotkey.com/board/index.php?app=core&module=global§ion=login&do=process" ;Set our login data username := "Brutosozialprodukt" password := "xxxxxxxxxxxxxx" rememberMe := "1" ;Step 1 HttpObj.Open("GET",loginSiteURL) HttpObj.Send() ;Step 2 RegExMatch(HttpObj.ResponseText,"<input\stype='hidden'\sname='auth_key'\svalue='(\w+)'\s/>",match) auth_key := match1 ;Step 3 loginBody := "auth_key=" auth_key "&ips_username=" username "&ips_password=" password "&rememberMe=" rememberMe ;Step 4/5 HttpObj.Open("POST",loginURL) HttpObj.SetRequestHeader("Content-Type","application/x-www-form-urlencoded") HttpObj.Send(loginBody) ;Step 6 If (InStr(HttpObj.ResponseText,"<title>Sign In")) MsgBox, The login failed! Else MsgBox, Login was successfull!
This will probably work for most IPB forums if change the URLs properly. For other sites this will be probably look very different.
But okay, let's do another login to the new/other AHK forum (this will be much easier).
Step 1. Create the POST data containing username, password and the autologin parameter
Step 2. Set the Content-Type header
Step 3. Send the POST data to http://ahkscript.org....php?mode=login
Step 4. Analyze the response body checking if the HTML documents title starts with the word "Login". If so, then you're obviously not logged in yet (the login failed/wrong login data). If the title is different, then the login was successfull.
;Prepare our WinHttpRequest object HttpObj := ComObjCreate("WinHttp.WinHttpRequest.5.1") ;HttpObj.SetProxy(2,"localhost:8888") ;Send data through Fiddler HttpObj.SetTimeouts(6000,6000,6000,6000) ;Set timeouts to 6 seconds ;HttpObj.Option(6) := False ;disable location-header rediects ;Set our URLs loginURL := "http://ahkscript.org/boards/ucp.php?mode=login" ;Set our login data username := "Brutosozialprodukt" password := "xxxxxxxxxxxxxx" autologin := "on" ;Step 1 loginBody := "username=" username "&password=" password "&autologin=" autologin "&login=Login" ;Step 2/3 HttpObj.Open("POST",loginURL) HttpObj.SetRequestHeader("Content-Type","application/x-www-form-urlencoded") HttpObj.Send(loginBody) ;Step 4 If (InStr(HttpObj.ResponseText,"<title>Login")) MsgBox, The login failed! Else MsgBox, Login was successfull!
Any questions? I will try to answer them the next time I'm here.
You may also read the existing answers in this thread or the one on the other forum.