cURL / Mailing Lists / curl-users / Single Mail

curl-users

Newbie trying to do transaction on a https website

From: John Vorwald <john_vorwald_at_msn.com>
Date: Wed, 29 Nov 2006 12:44:43 -0500

Hi
I am a newbie trying to use curl to do transactions on a https website. I am currently trying to get the commands to work in a curl command line mode, but intend to use curl in a C++ code, after getting the command line working. I am using cygwin (PC Unix) curl command line. Here is the command, with the SSN:password has been replaced with SSN:passwd.

  curl --output account_direct_4.txt \
       --connect-timeout 30 \
       --verbose \
       --anyauth \
       --include \
       --referer http://www.tsp.gov/account/index.html<http://www.tsp.gov/account/index.html> \
       --user SSN:passwd \
       https://tspweb2.tspsec.tsp.gov/login.htm?Button=Login<https://tspweb2.tspsec.tsp.gov/login.htm?Button=Login>

The result are shown below. From what I've read, I may need to put a value in the hidden name VTI-GROUP, and maybe enter my SSN in the name partId and the password in the name password. When I get past the login page, then the next screen gives you options such as balance and interfund transfers. I want to be able to automatically go to the balance page and download info (that should be reasonably straightforward since I've already automated downloading the fund share price history from an unsecured portion of this site). I also want to the intefund transfer to execute an interfund transfer request. When I do this interactively in a web browser, I enter info on the appropriate line, and then press a button.
Essentally, I have a c++ code that analyzes the share price history to make recommendations on the interfund transfer, and I want to automate the interfund transfer portion. What else do I need to know to be able to process multiple pages on https sites in curl with entering data and representing button pushes, and downloading results? Is there a generic script to represent making the SSL connection, then posting and getting data?

Here are the lines containing "input " from file account_direct_4.txt.. Do I need to set more of these?
<input type="hidden" name="VTI-GROUP" value="0">
<input type="password" size="9" maxlength="9" name="partId" >
<input type="password" size="4" maxlength="4" name="password" > (Use numbers only.)</td>
<input type="hidden" name=acrover >
<input type="hidden" name=fileDigit value="A" >
<input type="submit" name="Enter" value="Login" style="color: #000080; text-transform: capitalize; font-weight: bold; font-family: Arial; font-size: 12pt"> 
<input type="reset" name="Enter" value="Clear" style="color: #000080; text-transform: capitalize; font-weight: bold; font-family: Arial; font-size: 12pt">
<input type="hidden" name=noscript value="y">

An earlier attempt was using the command

  curl --output account_direct_3a.txt \
       --referer http://www.tsp.gov/account/index.html<http://www.tsp.gov/account/index.html> \
       -d "partId=SSN&&password=passwd&fileDigit=W&VTI-GROUP=0&name=Login" \
       https://tspweb2.tspsec.tsp.gov/login.htm<https://tspweb2.tspsec.tsp.gov/login.htm>

John

//// File account_direct_3.txt start ////
<HTML><HEAD><TITLE>Method Not Allowed</TITLE></HEAD>
<BODY><H1>Method Not Allowed</H1>
An error has occurred.
</BODY></HTML>
//// File account_direct_3.txt start ////

//// File account_direct_4.txt start ////
HTTP/1.1 404 Not found
Server: Netscape-Enterprise/4.1
Date: Wed, 29 Nov 2006 15:20:46 GMT
Content-type: text/html
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<META content=no-cache http-equiv=pragma>
<html>
  <head>
    <title>TSP: Login</title>
  <script LANGUAGE="javascript">
<!--
function checkInput() {
var version;
version = 2;
if ((navigator.userAgent.indexOf("MSIE") != "-1") && (navigator.userAgent.length > 1)) {
version = pdfObj.GetVersions();
        document.form.acrover.value = version;
}else {
document.form.acrover.value="y";
if (navigator.plugins && navigator.plugins["Adobe Acrobat"].description != "") {
version = navigator.plugins["Adobe Acrobat"].description;
var tmp = "Adobe Acrobat Plug-In Version ";
var tmp2 = " for Netscape";
var pos = tmp.length;
var pos2 = version.indexOf(tmp2);
version = parseFloat(version.substring(pos, pos2));
document.form.acrover.value =version;
}
}
var result = true;
var indata= document.form.partId.value;
if (!isValidId( indata ) ) {
result = false;
}
indata= document.form.password.value;
if (!isValidPIN( indata ) ) {
result = false;
}

if ( result==false) {
window.alert( "Invalid SSN or PIN entered.\n\nNote:\n SSN must be 9 digits.\n PIN must be 4 digits.");
}

//window.alert(" ***** PLEASE NOTE *****\n\nDue to high volumes of inquiry traffic, system response may be slow at\ntimes. If you experience slow transaction times, please try back later.\n\n");

return result;
}

function isValidId( str ) {
return ( str != "" && str.length==9 && numTest(str) && str !="000000000");
}
//-->
</script>
</head>
<object id="pdfObj" classid="clsid:CA8A9780-280D-11CF-A24D-444553540000" width="0" height="0"></object>
<body bgcolor="#FFFFFF" onLoad="document.forms.form.partId.focus()">
<div align="center"><center>

<table border="0" width="100%" cellspacing="0" cellpadding="0">
  <tr>
    <td align="left" valign="top" width="40%"><b><font color="#800000"
    size="4" face="Arial">Account Access </font></b>  </td>
    <td align="right" valign="top" width="10%"></td>
    <td align="right" valign="top" width="50%"><font face="Arial" size="3" color="#00005B"><b>Login</b></font></td>
  </tr>
  <tr>
    <td align="left" width="40%"></td>
    <td align="right" valign="bottom" width="10%"></td>
    <td align="right" valign="top" width="50%"><hr align="right" width="100%" size="3"
    color="#800000" noshade>
    </td>
  </tr>
</table>
</center>
</div>

<NOSCRIPT>
<p><font face="Arial" color="#00005b" size="3"><b>
Your Browser settings do not have JavaScript enabled. This Account Access page was
developed for use with JavaScript enabled browsers.
</b></font></p>
</NOSCRIPT>

<p>
<p><font face="Arial" color="#000080">For security reasons, we recommend that you close your Web browser when you are
finished accessing your TSP account because this information will remain in your
Web browser's memory until you close the browser.  Please read the
Privacy Act Notice</a> below.  To continue to the Account Access Menu, enter the following
information and click on the <strong>Login</strong> button:</font>
</p>

<p><font face="Arial" color="#000080" size=2>For your security, the TSP has begun masking your Social Security number (SSN).
If you get an error message that says your SSN or PIN is not valid,
please reenter the information carefully.

<FORM action= /NASApp/tsp/authenticate.do?_name=nfclogin&SessionKey$=3ABC123 method="POST" name ="form" onSubmit="return checkInput()" AUTOCOMPLETE="off">
  <input type="hidden" name="VTI-GROUP" value="0">
  <div align="center"><center><table border="0" cellspacing="5" cellpadding="5" width="678">
    <tr>
      <td align="left" >
      <strong>Social Security Number</strong>
      </td>
      <td align="left" >
      <input type="password" size="9" maxlength="9" name="partId" >
        (Do not use hyphens or spaces.)
      </td>
    </tr>
    <tr>
      <td align="left" width="237"><strong>TSP PIN </strong></td>
      <td align="left" width="281">
      <input type="password" size="4" maxlength="4" name="password" > (Use numbers only.)</td>
    </tr>
    <tr>
      <td></td>
      <td>
        <input type="hidden" name=acrover >
        <input type="hidden" name=fileDigit value="A" >
      </td>
    </tr>
    <tr>
      <td align="left" width="260"><font size="2" color="#000080" face="Arial">
      <strong>If you have forgotten your PIN</strong> 
      <A href="/pinreplace.htm" > click here</A><br>
      </font></td>
      <td align="left" width="281"></td>
    </tr>
    <tr>
      <td valign="top" align="center" colspan="2" width="536">
      <input type="submit" name="Enter" value="Login" style="color: #000080; text-transform: capitalize; font-weight: bold; font-family: Arial; font-size: 12pt"> 
      <input type="reset" name="Enter" value="Clear" style="color: #000080; text-transform: capitalize; font-weight: bold; font-family: Arial; font-size: 12pt">
      <NOSCRIPT>
       <input type="hidden" name=noscript value="y">
      </NOSCRIPT>
      <td valign="top" align="left" width="1"></td>
    </tr>
  </table>
  </center></div>
</FORM >
<div align="center">
<p align="left">
<font size="2" face="Arial" color="#000080"><b>Privacy Act Notice.</b> We are authorized to
request this information under 5 U.S.C. Chapter 84.  Executive Order 9397 authorizes
us to ask for your Social Security number, which will be used to identify your
account.  We will use the information you provide to process the transaction you
request on the TSP Web site.  This information may also be shared with other Federal
agencies to administer your account or for statistical, auditing, or archiving
purposes.  In addition, we may share the information with law enforcement agencies
investigating, prosecuting, or enforcing a violation of civil or criminal law or with
other agencies for the purpose of implementing a statute, rule, or order.  It may
also be shared with congressional offices, the TSP annuity vendor, retirement plan
sponsors, auditing firms, spouses, former spouses, beneficiaries, persons responsible for
your care, and representatives of your estate.  It may also be released in response
to a court subpoena or to appropriate parties preparing for or engaged in litigation
affecting your TSP account.  You are not required by law to provide this information,
but if you do not provide it, it may not be possible to process the actions you request on
this Web site.</font>
</p>
</div>

</body>
</html>
//// File account_direct_4.txt end ////
Received on 2006-11-29

This message: [ Message body ]
Next message: Dan Fandrich: "Re: Changing to a directory on MVS"
Previous message: Lisa M Saichompoo: "Changing to a directory on MVS"
Next in thread: Daniel Stenberg: "Re: Newbie trying to do transaction on a https website"
Reply: Daniel Stenberg: "Re: Newbie trying to do transaction on a https website"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]