cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Yahoo Login

From: John Brayton <jb-curl_at_virtualsanity.com>
Date: Sun, 16 Jun 2002 16:00:22 -0400

> I am using libcurl for the first time to post data.
> Was trying to automate my login to yahoo mail, but
> it kept displaying the login page again.

I have done a limited amount of Yahoo!-specific client programming for
Yahoo!'s site. Specifically, I wrote a Java application to log in, and
download a user's address book CSV export file. To download the single
file, this is what I did:

1. Send a POST to the following URL:
     https://edit.secure.yahoo.com/config/login

     Send the following POST arguments:
         login: (Yahoo! username)
         passwd: (Yahoo! password)
         tries: 1
         .done: http://address.yahoo.com/yab/us
         .src: ab
         partner: (blank)
         .lg: us
         submit: Sign in

     I don't know if the ".done" URL would need to be modified to use
     a different Yahoo application or not. But you can grab the value
     from the hidden form field of the HTML form you are trying to
     simulate.

2. For each "Set-Cookie" header in the response, take the value of the
     header, chopping off the first semi-colon and everything after it.
     Combine the resulting list, delimiting that list with "; ".

3. Make the HTTP request for the URL you want to download, sending the
     cookie with the request. The header name to send is "Cookie", and
the
     value is the result from step 2.

Caveats:
-Whether or not the cookies change with every request, forcing you to
accept new cookies with every page request.
-I don't think there are any differences with the authentication process
for different Yahoo! applications, but there may be.
-How timeouts work.

Like I said, my program just retrieves one file after logging in. So,
your mileage will vary. But hopefully this will provide some useful
information. In addition, the code I'm working with will be public
domain anyway, so I'd be happy to send it to anyone who might find it
useful. Just send me private email.

Also, the original POST says that the goal is to automate logging into
Yahoo! mail. If sending the login request is done by a separate
application and the mail reading is done by a browser, the separate
application will need a way to put the cookie in the browser -- which
may not be feasible. But I don't know if I understood that correctly.

Interestingly enough, Yahoo! appears to have two different
authentication methods. The first, which I used, is to log in via the
HTTPS URL. It appears that browsers that do not execute the JavaScript
in the form do this. Browsers that do execute the JavaScript in the
form have some client-side scrambling or encryption of the password take
place on the client side, and that information is sent via HTTP (without
SSL) to a separate URL. I assume the second method is less expensive in
terms of processing power for Yahoo!

John

_______________________________________________________________

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
Received on 2002-06-16