I am trying to authenticate users in a VBulletin forum by using a desktop application using package components swing
, the code is working but I believe this is not the best way to do it.
Logic
I used the Live HTTP Headers plugin in Firefox to find the attributes to be sent in the login form. They are:
vb_login_md5password --> A senha em MD5
vb_login_md5password_utf --> Idem ao anterior
vb_login_username --> Nome de usuário
So I created a String with these parameters, so:
String query = "do=login&url=index.php" // url de login
+ "&vb_login_md5password=" + password // a senha já em MD5
+ "&vb_login_md5password_utf=" + password // a senha novamente
+ "&s=&securitytoken=guest&vb_login_username=" + username // o nome de usuário
+ "&vb_login_password="; // !importante
Next I make a request for the login page with a HttpURLConnection
and I get the code HTML
from the next page - which can be an error page or the correct page if the authentication is correct. So I look for information that only a logged in user could see, in the case it is a message written "Welcome {user name}" at the beginning of the code HTML
.
The problem ...
... is that all the HTML
source code of the page is downloaded so that it can be searched inside it for String
"Bem Vindo" that is in the beginning, that is, it is downloading a lot of information besides required. I do not believe this is the best way to do it, I'm already thinking about performance, some forums can have many sub-forums and this download of code followed by word search can be very slow.
Another problem is that a user can change the forum language. Assuming he is using the English version (defined in preferences in the forum) my logic would be useless since there would be a word "Welcome" and "Welcome". So, even if the username and password were correct, authentication would not occur - in the application, because of logic.
I did some research and found JSoup , but it serves to extract and manipulate information from an HTML code (for example, ID) and it's not what I'm looking for.
PS : I do not need more information about the user. It is quite simple, just to know if he is a member of a certain forum, i.e. if he has an account. Authenticated = you have an account, you are a member. You did not authenticate = not a member.
How can I authenticate a user to VBulletin forums through an HTTP connection?