Android Question How to auto login to a website using Post method?

[Magnus Gärtner]

Hi,
im trying to login on https://akgbe.kurswahl-online.de/ and show the loggend in content in a webview. therefore i wrote a js that I want to execute but i can't figure out why it's not working :/
I'm not that familiar with js, but the js console from google chrome and firefox executed the script correctly but my b4a code doesn't ...

my java script (autolog.txt):

    var form = document.createElement("form");
    form.setAttribute("method", "post");
    form.setAttribute("action", "https://akgbe.kurswahl-online.de/login.php");
            var hiddenField = document.createElement("input");
            hiddenField.setAttribute("type", "hidden");
            hiddenField.setAttribute("name", "username");
            hiddenField.setAttribute("value", "magnus.gaertner");
            form.appendChild(hiddenField);
          var hiddenField2 = document.createElement("input");
            hiddenField2.setAttribute("type", "hidden");
            hiddenField2.setAttribute("name", "passwort");
            hiddenField2.setAttribute("value", "mypassword");
            form.appendChild(hiddenField2);
  
  document.body.appendChild(form);
    form.submit();

and the b4a code:

...

WebView1.LoadUrl("https://akgbe.kurswahl-online.de/login.php")

MyWebViewExtras.addJavascriptInterface(WebView1, "B4A")
...   

Sub WebView1_PageFinished (Url As String)
timer1.Enabled=True
End Sub

Sub timer1_Tick

    MyWebViewExtras.executeJavascript(WebView1,File.GetText(File.DirAssets,"autolog.txt"))
End Sub

thanks for any help or suggestions

 

[ArminKH]

See gmail login example

 

[DonManfred]

because you did not use the buildinjavascript when submitting the form.
see this

onsubmit="javascript: kwo.enhance_form_submit(this, 'login.php', $.parseJSON(unescape('%5B%5D')));" method="post" enctype="multipart/form-data"

there is an javascript included with the function enhance_form_submit...

/* 275 */ //form lib (csrf und autoscroll)
/* 276 */ enhance_form_submit: (function() {
/* 277 */ var hook=function(form) {
/* 278 */ var pos=get_scroll_pos();
/* 279 */ var location=kwo.settings("window_location_pathname") || window.location.pathname;
/* 280 */ postlib.add_post_elements({_scrollLeft: pos.x, _scrollTop: pos.y, _scrollLocation: location}, form);
/* 281 */ var anti_csrf=kwo.anti_csrf.get_token();
/* 282 */ if(typeof(anti_csrf)!="undefined" && anti_csrf.length)
/* 283 */ postlib.add_post_elements({"_anti_csrf_token": anti_csrf}, form);
/* 284 */ return true;
/* 285 */ };
/* 286 */ postlib.add_submit_hook(hook);
/* 287 */ return function(form, dest, data) {
/* 288 */ form.action=dest;
/* 289 */ postlib.add_post_elements(data, form);
/* 290 */ return hook(form);
/* 291 */ };
/* 292 */ })(),

I suppose this has to be done too in your "emulated login-process".

If there is an documentated api to do authorized requests from them then you should follow this api!
For more (not allowed login-request) i will not help.

Remark in german cause i did not know how to write that in english terms.
Anmerkung in Deutsch: Die haben ihre Webseite nicht umsonst mit solch einem Javascript zum schutze des missbrauches versehen. Die werden sich schon was dabei gedacht haben. Vermutlich eben, daß man sich NICHT automatisiert dort einloggen können kann. Wenn der Betreiber das erlaubt, dann wird der Dir auch eine API zur Verfügung stellen können mit der man sich die Infomationen authorisiert (also erlaubt) und aus einer app heraus, abrufen kann. z.b. mittels REST-Api oder was auch immer.

Googles tanslating answer was terrible I´ll change it

They probly have provided their website not in vain with such a javascript to lee of abuse.
I think they have someting in mind with this part of js. Probably just that you NOT be able automatically login into this site. If the operator of this service do allow that, then they should be able to also provide an API with which you can requests automatically and authorized e.g. by REST-Api or whatever.