password vailidation failing using mechanize/python

Question

I'm trying to log on onto a website with mechanize for python; however when presented with correct credentials in the form it fails to log in.

Here's what I'm doing following the mechanize tutorial:

def logon(self):
    baseurl = "https://www.website.com/login"
    br = mechanize.Browser(factory=mechanize.RobustFactory())
    br.open(baseurl)
    br.select_form(nr=0)
    br.form["username"] = self.username
    br.form["password"] = self.password
    response = br.submit()
    print response.geturl()

That should take me to the website.com/dashboard but it's saying at the website.com/login page as though it failed. I can log in manually, and everything passed through the debugger so I'm not sure what I'm doing wrong. I did some digging, and I checked through the form HTML for javascript, and the form doesn't seem to have any attached to it.

Here's the form:

<form method="post" class="login-form">
                <fieldset>
                    <div class="row form-section">
                        <label for="email">Email Address</label>
                        <span class="input-text"><input class="required-email" type="text" id="email" value="" name="username" /><span class="required">Required Info</span></span>
                        <!--<input type="text" id="email" name="username" placeholder="Enter Email Address" class="text" aria-required="true" required="required" style='float:right;' size="30" value="" /><p>  -->
                    </div>
                    <div class="row form-section">
                        <label for="pass">Password</label>
                        <span class="input-text"><input class="required-text" type="password" id="pass" value="" name="password" /><span class="required">Required Info</span></span>
                        <!--<input type="password" placeholder="Enter Password" class="text" size="30" autocomplete="off"  value="" id="password" name="password" style='float:right;' aria-required="true" required="required" />-->
                    </div>
                    <div class="row row-btn">
                        <input type="submit" value="Log in" />
                        <span><a href="/sign-up" class="sign-in">Don't have an account?</a><br><br><a href="/component/com_oms/task,reset-password/view,user/" class="sign-in">Forgot your password?</a>&nbsp;&nbsp;<a href="/resend-activation" class="sign-in">Didn't get your activation email?</a></span>
                    </div>
                </fieldset>
                <input type="hidden" value="com_oms" name="option">
                <input type="hidden" value="login" name="task">
                <input type="hidden" name="return" value="">
                <input type="hidden" name="9402951e32acb8d73d4a6972ae540c63" value="1" />
</form>

I know there were some similar questions asked but there haven't seemed to be any clear answers that my searching has brought up. Can anyone shed some light on what is going on?

Answer 1

Would like to add as a comment but am not able to: I doubt if the few hidden inputs especially the string serve as a verification to prevent CSRF attacks. Did you try submitting the hidden fields back along with email/password? That might help you out.