<input type="text" class="inputtext" name="email" id="email" value="" tabindex="1"> is the email box
<input type="password" class="inputtext" name="pass" id="pass" tabindex="2"> is the password box
<input value="Connexion" tabindex="4" type="submit" id="u_0_v">
is the submit button
Now... I have this script running but I still can't manage to login ( I get to the same login page: facebook.com)
import requests
from bs4 import BeautifulSoup
body = {'email':'xxxx#hotmail.com','pass':'xxxxx',}
con = requests.post('https://www.facebook.com', data=body)
s = BeautifulSoup(con.content)
print (s)
Do I have to pass in the 'submit button' in the body{}. I thought I should include it but there is no name for the submit button so I don't know how to include it in the body{}. Thanks for the help
You always need to pay attention to any additional (hidden) fields, that are sent along credentials, and might be needed for any server processing.
That is the case for your example with runescape.com. When you use your browser to intercept data, that is normally being sent along with the form, you can modify the script in this manner:
import requests
from bs4 import BeautifulSoup
body = {'username':'xxxx#hotmail.com','password':'xxxxx','submit':'Login','mod':'www','dest':'community'}
con = requests.post('https://secure.runescape.com/m=weblogin/login.ws', data=body)
s = BeautifulSoup(con.content)
print(s)
You can see mod and dest parameters were needed to make the server processing function. As for the submit button, it is rarely checked for, but it is always safer to include it as well (as I did in this example).
The result is not 404 anymore, but the login will nevertheless fail, as there is Captcha in place to prevent automatic login.
As for Facebook, there are a lot of complicated supplementary fields, that would require a lot of reverse engineering to be done. I would strongly suggest to consider using the official Facebook Graph API (https://developers.facebook.com/docs/graph-api) if possible to accomplish what you need.
Related
As suggested on stackoverflow, I make sure to log in to https://developer.paypal.com, to set cookies for sandbox development before attempting my SetExpressCheckout flows.
I get a successful response from my SetExpressCheckout call, with a reply such as:
TOKEN=EC%2d2D3179619P0352202&TIMESTAMP=2014%2d08%2d08T01%3a58%3a29Z&CORRELATIONID=ca8756c977f0&ACK=Success&VERSION=116&BUILD=12301660
My problem comes when trying to redirect to PayPal with the _express-checkout command:
I extract the TOKEN value, and pass that in an HTTP form, with GET and POST variations shown below. I'm using Perl, but the forms are just plain HTML, and the forms below are taken directly from viewing the page source that is generated by my Perl CGI script.
form using GET:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="GET">
<input type="hidden" name="cmd" value="_express-checkout">
<input type="hidden" name="token" value="EC%2d1BH04005UH441943R">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynow_SM.gif" border="0" alt="PayPal - The safer, easier way to pay online!">
</form>
form URL: https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC%252d1BH04005UH441943R&x=61&y=11
lands on: https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_flow&SESSION=S4XbHMPLePuv_A93vhHvqIo4GEYOpsQCYkn6iiIE6AeRfMEkXHzSPWYeH3G&dispatch=50a222a57771920b6a3d7b606239e4d529b525e0b7e69bf0224adecfb0124e9b61f737ba21b08198a0586321b47f5ae7b54ee269d9200b8b
( PayPal page with "This transaction is invalid. Please return to the recipient's website to complete your transaction using their regular checkout flow." )
form using POST:
<form action=https://www.sandbox.paypal.com/cgi-bin/webscr METHOD='POST'>
<input type=hidden name='cmd' value='_express-checkout'>
<input type=hidden name='token' value=EC%2d9MK58577ER8913409>
<input type=image src=https://www.paypalobjects.com/en_US/i/btn/btn_buynow_SM.gif border=0 alt='PayPal - The safer, easier way to pay online!'>
</form>
form URL: https://www.sandbox.paypal.com/cgi-bin/webscr
lands on: https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_flow&SESSION=MQjOoKQ1FNeHGrVOsukD0Ln8K8LvfvfrejsDm9XZq3JeLThBanMZ2vC1Wtm&dispatch=50a222a57771920b6a3d7b606239e4d529b525e0b7e69bf0224adecfb0124e9b61f737ba21b08198a0586321b47f5ae7b54ee269d9200b8b
( PayPal page with "This transaction is invalid. Please return to the recipient's website to complete your transaction using their regular checkout flow." )
Curiously, if I manually enter the URL that would have been the 'action=' URL of my form using method=GET, it all works:
Manual cut-n-paste of form URL: https://www.sandbox.paypal.com/cgi-bin/webscr&cmd=_express-checkout&token=EC%2d00D71751FM635411H (with or w/o appending &x=nn&y=nn)
lands on: https://www.sandbox.paypal.com/cgi-bin/webscr&cmd=_express-checkout&token=EC%2d00D71751FM635411H
( Sandbox test store, showing order summary and buyer PayPal account login prompts, as expected )
It seems to me there is some issue with PayPal's session caching, since my form URLs get transformed to ones with parms "_cmd=flow&SESSION={long session ID}, but I clear (Safari) browser cookies before logging in to developer.paypal.com.
I get similar behavior on a different computer, using Firefox and IE browsers.
PayPal won't accept your token because you send it back as percent-encoded twice.
The SetExpressCheckout response is a string that contains a series of parameter names and values. This string is percent-encoded, meaning that you need to decode it to extract the actual values.
Most importantly, you are interested in the TOKEN=EC%2d2D3179619P0352202 part, where the %2d represents the character -.
When you re-inject the string directly to a form input as shown in your question, the %2d represents nothing but the sequence of characters % 2 d. Moreover, when sent to PayPal as a GET request, the sequence will be percent-encoded itself, with the percent sign encoded to %25, resulting in the sequence % 2 5 2 d that you observed. So the token gets lost in translation.
What you need to input is the decoded version of the token:
<input type="hidden" name="token" value="EC-1BH04005UH441943R">
In Perl, the decoding can be achieved using, for example, CPAN's URI::Escape module.
I have a webshop: energyshop.se which I have successfully managed to setup a Sandbox account at PayPal and to create a Buyer and a Seller account, created a button which I implemented to my site (from the Seller account) and I manage to make a payment through my Buyer account and got redirection to work too, to energyshop.se/tack.
So far so good, now I wonder how do I reach the "product ID" that IPN/PDT sends when the user is redirected? How do I use that holder to display files for download or just for play/listening? And what are the holders/variable that holds the receipt information? I would like to say for example when returned to /tack to display the receipt and then the downloadable item.
Any help is very welcome I have worked n this site for ages now and just want it done, it is for a customer too.
I tried to do something like this (i use wordpress at my thankyoupage):
<div id="receiptform">
<form method=post action="https://www.paypal.com/cgi-bin/webscr">
<input type="hidden" name="cmd" value="_notify-synch">
<input type="hidden" name="tx" value="TransactionID">
<input type="hidden" name="at" value="P0d7_HmQSAuXh9r-7hG1Rzf_npI2LaFgYHQJyWUsjQHg7WhZARqs3sq6IW4">
<input type="submit" value="PDT">
</form>
</div>
But that just displays a button PDT that when clicked displyas FAIL ERROR: 4002
How do I edit this to just display the content nicely in tx?
Also, I can tell that "its" working because in the address field, when redirected to thank-you-page this reads: http://energyshop.se/tack/?tx=9LJ24270G46097059&st=Completed&amt=10.00&cc=USD&cm=&item_number=1 which leads me to think its A) completed and B) got the info I need. Now is the question how i present this data? What am I supposed to do? A php-script that I...? I cant seem to find any examples on it, just the defnition of the variables for IPN/PDT but that doesnt help me if I dont know where to put or do with it...
You would want to use PDT as you are. When you receive the tx variable and etc back, you have to do a post back to PayPal to verify all of the inforamtion. Then once you have varified the post, PayPal will then send all of the variables back to your script. You can find a bit more on how PDT works at https://www.x.com/developers/paypal/documentation-tools/ipn/integration-guide/IPNPDTAnAlternativetoIPN. There are also some sample scripts on that site as well at https://www.x.com/developers/PayPal/documentation-tools/code-sample/216627 and https://paypaltech.com/PDTGen/
I have a mostly "static" web site with no server-side code and just a little JavaScript. Now I would like to add a contact form. I do not care how I get the contact form data (so just writing this data to a text file in the server will be ok).
What is the simplest solution for this problem? How do people usually handle this?
I believe I can add some server-side code (PHP or something) to handle the form (and write the form data to a file, for instance) but I would prefer a client-side solution.
Use an external tool, they are commonly referred to as "formmailer". You basically submit the form to their server, and they send the form contents via mail to you.
If you don't want that, you have to do something server-sided: Storing data on the server, without having a server side program that accepts the data from the client, is just not possible.
You could install CouchDB and interface that from Javascript :) Everyone could use that then, too :)
The most easy PHP script that stores POST data on your harddisk:
<?php file_put_contents('/path/to/file', serialize($_POST) . "\n", FILE_APPEND); ?>
You can use Google Drive and create form with required fields. and embed code (which will be iframe) in your static web page.
You will be able to get submitted data in spreadsheet.
You can use qontacto . it is a free contact form you can add to any website. it forwards you the messages.
I set up the fwdform service for this exact need.
Just two simple steps to get your form forwarded to your email.
1.Register
Make an HTTP POST request to register your email.
$ curl --data "email=<your_email>" https://fwdform.herokuapp.com/register
Token: 780a8c9b-dc2d-4258-83af-4deefe446dee
2. Set up your form
<form action="https://fwdform.herokuapp.com/user/<token>" method="post">
Email: <input type="text" name="name"><br>
Name: <input type="text" name="email"><br>
Message: <textarea name="message" cols="40" rows="5"></textarea>
<input type="submit" value="Send Message">
</form>
With a couple of extra seconds you can spin up your own instance on Heroku.
I'm having a simple HTML form on my page that looks like this:
<form action="/" method="post" enctype="multipart/form-data">
<input type="file" name="file" />
<input type="input" name="pin" />
<input type="submit" value="Upload" />
</form>
Now what I am trying to accomplish (with Sinatra) is to check if the PIN entered into the form field is correct:
post "/" do
if params[:pin] == "1234"
start_upload()
else
print_error_message()
end
end
Of course, I want the PIN to be checked before the file starts uploading. But that's my problem. Immediately after clicking the "Upload" button, the file upload starts until it is finished. Then the script checks to see if the PIN is valid.
Is there a way to do stuff before the file upload starts? And if not, what other ways of doing this are there?
Unless you use some Ajax and split up your request this won't work. You could have two forms, one that holds the pin and that authorizes the user. Once you enter a correct pin you send an asyn request to the server which will then reply with a positive or a negative answer. Depending on the response some javascript will then enable your file upload button so you can start uploading the file. What you should also do is setting a session for the user so that only an authorized user (via the pin) is allowed to send a form. If you check the Sinatra Readme you can find some information on how to do that.
That would be my solution.
Ive been using express checkout API to convert people's accounts on my site to premium accounts after paying. The only problem with it is that it doesn't send the user back to the site until they click the button to return, and it updates their permission when that happens. About 40% of the users don't seem to do that.... so their accounts never get credited after payment.
Although paypal does an instant post-back upon the successful payment, I was never able to make it actually update the user's account right away, since I cant get it to send back some sort of informational that would identify the user that just completed the payment. I could only do that when you are sent back to the site, which sends the transaction ID, that I logged with a post-back. It searches for it, and grants permission if it was found int he DB.
Is there a way to submit some sort of a variable to paypal, that it will then post back to me? Something like &user_id=123, which would make it very handly to update the user's permission.
Iten_number hidden variable don't work in my application. But i found that custom hidden field works fine. Just add this field to the form, generated by paypal: <input type="hidden" name="custom" value="YOUR VALUE FROM DB"/>. After, you can read this value to identify, for example, what product have been purchased. (Java code): String custom = request.getParameter("custom");
Yes, if you send item_number, the IPN notification will include that when it posts back to you. I record a unique ID in the database when the user starts the payment process, and include that when sending them to PayPal. When the IPN comes in, that unique ID matches up with the record in the database, giving me all the info I need.
Edit Re your comment:
I expect there's a code example somewhere on the site linked above, but basically in my case I'm using a form that I POST to https://www.paypal.com/cgi-bin/webscr. Within that form are various hidden fields documented in the IPN stuff (cmd for what command to perform, business to specify your business ID, item_name for a nice description in the PayPal UI, item_number for the item number I mentioned above, etc., etc.). When IPN posts back to your IPN address, it includes various fields (such as payment_status — kind of important! &mdash and the item_number you fed in when posting to them).
Just to add to this old question...
There are option parameters that are commonly used for custom data sending through paypal.
These option tags are on0, on1, or on2 for the custom field names and os0, os1, and os2 for the custom field values.
I would send on0 with a value of "UserID" and os0 the actual ID.
These values will be represented in the IPN as follows:
os0 is represented as option_selection1
os1 is represented as option_selection2
os2 is represented as option_selection3
on0 is represented as option_name1
on1 is represented as option_name2
on2 is represented as option_name3
Here's the info on PayPal's HTML parameters
According to HTML Variables for PayPal Payments Standard you can send all the "Pass-through" variables:
item_number Pass-through variable for you to track product or service
purchased or the contribution made. The value you specify is passed
back to you upon payment completion. This variable is required if you
want PayPal to track inventory or track profit and loss for the item
the button sells.
custom Pass-through variable for your own tracking purposes, which buyers do not see. Default – No variable is passed back to you.
and
invoice Pass-through variable you can use to identify your invoice number for this purchase. Default – No variable is passed back to
you.
All these pass-through variables are sent back by the IPN in the payment response info.
You just have to render your HTML template server-side and write the fields back in the HTML code like
<input type="hidden" name="item_number" value="{{ productID }}">
<input type="hidden" name="invoice_id" value="{{ invoiceID }}">
<input type="hidden" name="custom" value="{{ jsonInfo }}">
Technically the field "custom" can be a JSON encoded string if you want to handle more data like
myItemObject = {
"customerEmail" : "john#doe.com
"customerID: "AAFF324"
}
jsonInfo = json.dumps( myItemObject )
return render_template(tmpl_name, jsonInfo=jsonInfo, productID=productID, invoiceID=invoiceID)
I finally get this answer, I want to share with all of you look:
on your HTML form put this code (this is Paypal sandbox):
form action="https://www.sandbox.paypal.com/cgi-bin/webscr?custom=YOUR_VAR" method="post"
On your PHP after the Paypal redirect to your page success: use the cm GET variable:
$example = $_GET["cm"];
I hope this URL solves your issue. As it solved mine as well. Add a custom variable to your form and then retrieve it on your success payment page.
Example :
<input type='hidden' name='custom' value='<?php echo $email; ?>'/>
and then retrieve it as :
$_POST['custom']
<input type="hidden" name="on0" value="Ajay Gadhavana">
<input type="hidden" name="on1" value="my_phone_number">
<input type="hidden" name="on2" value="my_third_extra_field">
Response from paypal would be
[option_name1] => Ajay Gadhavana
[option_name1] => my_phone_number
[option_name1] => my_third_extra_field
What worked for me in 2021 is passing "custom_id" (inside the "purchase_units" array) to PayPal in my client app and checking "custom" on my backend.
Yes, it looks like PayPal renames the parameter for some reason.