coderanger
Member
Just for tracking purposes, this redirects outside of mafia, which you aren't logged in to so it dumps to the front page.
New Content - Implemented Subscriptions page
- Thread starter coderanger
- Start date
CDMoyer says that link won't work through mafia, so I think the best we can do is make that link load something else telling people to do it outside of mafia.
Code:
Requesting: http://www.kingdomofloathing.com/account_subscription.php
2 request properties
Field: Cookie = [appserver=www10; PHPSESSID=ai0uh6k5i0jkg2dtddnim54d96]
Field: User-Agent = [Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:33.0) Gecko/20100101 Firefox/33.0]
Retrieving server reply...
Retrieved: http://www.kingdomofloathing.com/account_subscription.php
11 header fields
Field: null = [HTTP/1.1 302 Found]
Field: location = [https://www.kingdomofloathing.com/account_subscription.php]
Field: Date = [Mon, 08 Dec 2014 04:21:23 GMT]
Field: Content-Length = [0]
Field: Expires = [Thu, 19 Nov 1981 08:52:00 GMT]
Field: Connection = [keep-alive]
Field: Content-Type = [text/html; charset=UTF-8]
Field: X-Powered-By = [PHP/5.3.3]
Field: Server = [nginx/1.0.15]
Field: Pragma = [no-cache]
Field: Cache-Control = [no-store, no-cache, must-revalidate, post-check=0, pre-check=0]If they are intentionally suppressing access to this through the KoLmafia Relay Browser, that seems like they are intentionally trying to limit donations. Seems odd, but I say we shrug and just let it fail.
P.S. It does not "redirect outside of mafia". When I do it in the browser, I end up on a subscription page - but the URL in the location bar is game.php, somehow.
My debug log also has
and I end up at KoL's login page (without being logged out).
Apparently Amazon won't allow 127.0.0.1 (or localhost) as the referrer after submitting the form, so even if it did load it wouldn't do much good.
Code:
-----To Browser-----
HTTP/1.1 302 Found
Date: Sun Dec 07 23:47:09 EST 2014
Server: KoLmafia v16.7
Location: https://www.kingdomofloathing.com/account_subscription.php
Connection: closeApparently Amazon won't allow 127.0.0.1 (or localhost) as the referrer after submitting the form, so even if it did load it wouldn't do much good.
I was wrong.
Field: location = [https://www.kingdomofloathing.com/account_subscription.php]
OK, this should be doable. We already can log in using https. I do that - which is why I never see the login page and twitch announcements. :-/
We might have some assumptions built-in that https is only for logging in, but I think we have everything we need in order to use it.
Edit: we can set the referrer to anything we want. I am sure that if we want to go to Amazon to set up a subscription, we can make THAT page have a referrer to a page on www.kingdomofloathing.com.
Last edited:
coderanger
Member
From having just set one up, I can see the issue CDM is worried about. To actually create (or probably change/cancel) a subscription you'll have to be logged in with a cookie for kingdomofloathing.com because thats where Amazon will send your browser. You should be able to see your subscription info though, and adjust the IOTM vs. Mr A split thought mafia just fine.
I'm now thinking that we do not want to act as a proxy for https sessions. For one thing, we don't keep connections open; we open a new one for every request. So, we want to pass the redirection down to the browser - and that is exactly what we are doing.
I'm not sure why the browser is not going to the subscription page. I notice that KoL says "Field: Connection = [keep-alive]" but we pass down "Connection: close". We also do not pass down the cache control stuff for redirects. I have no idea if these are issues.
Code:
-----From Browser-----
GET /account_subscription.php HTTP/1.1
Host: 127.0.0.1:60080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:60080/mrstore.php
Cookie: chatpwd=224; charpwd=200
Connection: keep-alive
----------
class net.sourceforge.kolmafia.request.RelayRequest
Connecting to account_subscription.php...
Requesting: http://www.kingdomofloathing.com/account_subscription.php
2 request properties
Field: Cookie = [appserver=www11; PHPSESSID=lt7i06ngkh8jdgfis6qv4r63m1]
Field: User-Agent = [Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:33.0) Gecko/20100101 Firefox/33.0]
Retrieving server reply...
Retrieved: http://www.kingdomofloathing.com/account_subscription.php
11 header fields
Field: null = [HTTP/1.1 302 Found]
Field: location = [https://www.kingdomofloathing.com/account_subscription.php]
Field: Date = [Mon, 08 Dec 2014 16:06:58 GMT]
Field: Content-Length = [0]
Field: Expires = [Thu, 19 Nov 1981 08:52:00 GMT]
Field: Connection = [keep-alive]
Field: Content-Type = [text/html; charset=UTF-8]
Field: X-Powered-By = [PHP/5.3.3]
Field: Server = [nginx/1.0.15]
Field: Pragma = [no-cache]
Field: Cache-Control = [no-store, no-cache, must-revalidate, post-check=0, pre-check=0]
-----To Browser-----
HTTP/1.1 302 Found
Date: Mon Dec 08 11:06:58 EST 2014
Server: KoLmafia v16.7
Location: https://www.kingdomofloathing.com/account_subscription.php
Connection: close
----------OK, I see this from the browser:
and we submit this to KoL:
I can see that if the browser submitted the redirect with the cookie it sent to us, KoL will not understand which session it is and will give you the "not logged in" page.
Code:
Cookie: chatpwd=224; charpwd=200
Code:
Cookie = [appserver=www11; PHPSESSID=lt7i06ngkh8jdgfis6qv4r63m1]This is a can of worms. I've determined that this has to do with the Browser sending incorrect session cookies to KoL. I changed KoLmafia to send KoL's cookies down to the Browser.
I then turned on Network and Persistent Log in Firefox and went to the Subscription link:
In other words, two Set-Cookie headers, as required. Those are the actual session cookies that KoLmafia uses to connect to the KoL session.
And those cookies that the Browser sent came from ... where?
Answer: a previous session where I logged in to KoL from vanilla Firefox.
Looking at my saved cookies in Firefox, I see these:
Name: appserver
Content: www8
Host: 127.0.0.1
Path: /
Send For: Any type of connection
Expires: At end of session
Name: PHPSESSID
Content: jtc2jo0vpd8oih7r1fuo33r4f3
Host: 127.0.0.1
Path: /
Send For: Any type of connection
Expires: At end of session
In other words, these are the cookies that KoLmafia told the Browser to use via Set-Cookie.
However, I also see these cookies:
Name: appserver
Content: www10
Host: www.kingdomofloathing.com
Path: /
Send For: Any type of connection
Expires: At end of session
Name: PHPSESSID
Content: gk8deg6vhqvs8m37siqvjfi1m4
Host: www.kingdomofloathing.com
Path: /
Send For: Any type of connection
Expires: At end of session
And these are the cookies the browser saved last time it went straight to KoL.
Since we redirect to https:://www.kingdomofloathing.com, the Browser will pay no attention whatsoever to cookies that KoLmafia sends down to it for use when connecting to 127.0.0.1
I considered NOT munging the www.kolmafia.com URL on the mr_store.php page that goes to the subscription page - i.e., instead of changing it to go to 127.0.0.1, leaving it at www.kingdomofloathing.com - but that won't work either, since KoL has not sent up-to-date cookies to the Browser and it will sent stale ones.
We can't make this work. I think lost's idea is the only option: if you click on the subscription link in the Relay Browser, we intercept it and pop up something telling the user to go there in a vanilla browser.
I hope he does that; I have spent far more time that I intended running out of other ideas.
I then turned on Network and Persistent Log in Firefox and went to the Subscription link:
Code:
From Browser:
GET http://127.0.0.1:60080/account_subscription.php
Referer:"http://127.0.0.1:60080/mrstore.php"
Cookie:"chatpwd=224; charpwd=200; appserver=www8; PHPSESSID=jtc2jo0vpd8oih7r1fuo33r4f3"
From KoLmafia to Browser:
302 Found
Location:"https://www.kingdomofloathing.com/account_subscription.php"
Set-Cookie:"appserver=www8
PHPSESSID=jtc2jo0vpd8oih7r1fuo33r4f3"
Code:
From Browser:
GET https://www.kingdomofloathing.com/account_subscription.php
Referer:"http://127.0.0.1:60080/mrstore.php"
Cookie:"_ga=GA1.2.1471852556.1403495195; appserver=www10; PHPSESSID=gk8deg6vhqvs8m37siqvjfi1m4"
From KoL to Browser:
302 Found
Location:"login.php?notloggedin=1"Answer: a previous session where I logged in to KoL from vanilla Firefox.
Looking at my saved cookies in Firefox, I see these:
Name: appserver
Content: www8
Host: 127.0.0.1
Path: /
Send For: Any type of connection
Expires: At end of session
Name: PHPSESSID
Content: jtc2jo0vpd8oih7r1fuo33r4f3
Host: 127.0.0.1
Path: /
Send For: Any type of connection
Expires: At end of session
In other words, these are the cookies that KoLmafia told the Browser to use via Set-Cookie.
However, I also see these cookies:
Name: appserver
Content: www10
Host: www.kingdomofloathing.com
Path: /
Send For: Any type of connection
Expires: At end of session
Name: PHPSESSID
Content: gk8deg6vhqvs8m37siqvjfi1m4
Host: www.kingdomofloathing.com
Path: /
Send For: Any type of connection
Expires: At end of session
And these are the cookies the browser saved last time it went straight to KoL.
Since we redirect to https:://www.kingdomofloathing.com, the Browser will pay no attention whatsoever to cookies that KoLmafia sends down to it for use when connecting to 127.0.0.1
I considered NOT munging the www.kolmafia.com URL on the mr_store.php page that goes to the subscription page - i.e., instead of changing it to go to 127.0.0.1, leaving it at www.kingdomofloathing.com - but that won't work either, since KoL has not sent up-to-date cookies to the Browser and it will sent stale ones.
We can't make this work. I think lost's idea is the only option: if you click on the subscription link in the Relay Browser, we intercept it and pop up something telling the user to go there in a vanilla browser.
I hope he does that; I have spent far more time that I intended running out of other ideas.
Last edited:
coderanger
Member
Yep, that's going to be the best option. The whole browser security model is built specifically to prevent this kind of tampering. You could make it work to view subscription status via mafia, but you will definitely need an intercept-and-warn at some point. It can either be for the whole subscriptions page or just when you click Create.