4
I’m trying to authenticate users in a forum Vbulletin by means of an application desktop using components of the package swing
, the code is working but I believe that this is not the best way to do.
Logic
I used the plugin Live HTTP Headers in Firefox to find the attributes to be sent in the login form. They are:
vb_login_md5password --> A senha em MD5
vb_login_md5password_utf --> Idem ao anterior
vb_login_username --> Nome de usuário
So I created a String with these parameters, so:
String query = "do=login&url=index.php" // url de login
+ "&vb_login_md5password=" + password // a senha já em MD5
+ "&vb_login_md5password_utf=" + password // a senha novamente
+ "&s=&securitytoken=guest&vb_login_username=" + username // o nome de usuário
+ "&vb_login_password="; // !importante
Then I make a request to the login page through a HttpURLConnection
and I get the code HTML
from the next page - which may be an error page or the correct page if the authentication is correct. So I look for information that only a logged-in user could see, in this case it is a message written "Welcome {user name}" right at the beginning of the code HTML
.
The problem...
... is that all source code HTML
the page is downloaded to then be searched inside it by String
"Welcome" that is found right at the beginning, ie, is downloading a lot of information beyond the necessary. I don’t believe this is the best way to do it, I’m already thinking about performance, some forums may have many sub-forums and this download of code followed by word search can be very slow.
Another problem is that, a user can change the forum language. Assuming he is using the English version (defined in the preferences in the forum) my logic would be useless because there would not be a word "Welcome" but "Welcome". So even if the username and password were correct the authentication would not occur - in the application, due to logic.
I did some research and found the Jsoup, but it serves to extract and manipulate information from an HTML code (for example, take a value by ID) and it’s not what I’m looking for.
PS: I don’t need any more user information. It’s quite simple, just know if he is a member of a particular forum, i.e, if he owns an account. Authenticated = has account, is a member. Not authenticated = not a member.
How can I authenticate a user in Vbulletin forums via an HTTP connection?
@Renan There is no possibility of you receiving a page before the server processes. Either you are accessing the wrong URL, or information is missing from the request, or it is a server bug.
– utluiz