[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Field names?



Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>

>
> When posting to a web page do you assign values to the name= tag as opposed
> to an id= tag?

You mean the "name" and "id" attributes of an <INPUT> tag, correct?

The name of the variable that's submitted is what's found under "name".
Id is for associating with style sheets and a few other things, but not
for submitting forms.

> With my recent adventures in web access with the HTTP API's
> I'm now trying to do a login to an internal site that runs off of one of
> our NT servers.  I can log in find from a browser but the message that I'm
> getting back is the HTML for the invalid employee number.  Any thoughts
> would be appreciated.
[SNIP]
> eval      data='emplnbr=12345&pass=xxxxx' + CRLF
> eval      url='http://10.24.3.1/spede/SpMenu.asp'
> eval      rc = http_url_post(url:
>           %addr(data): %len(%trimr(data)):
>           '/tmp/SPEDELogon.html')

Are you escaping the contents of the employee number and/or password
properly? Your example shows "12345" and "xxxxx" which do not need to be
escaped -- but I have a strange feeling that these aren't the actual
values that you're sending :)

Also, unless the CRLF characters are part of the password, you might want
to remove the "+ CRLF" from the end of "data."

If you're able to get things working with a web browser and not with
HTTPAPI, a great way to determine what's happening is to run a packet
sniffer on the PC that's got the web browser.  You can then look at
exactly what the web browser is sending, and compare that with HTTPAPI.

Personally, I like Ethereal.  It's a free, cross-platform, packet sniffer.
You can get your copy here:
  http://www.ethereal.com/

To capture packets, you also need to install WinPCap. Instructions can be
found here:
  ftp://mirror.sg.depaul.edu/pub/security/ethereal/win32/HEADER.html


Once you've got ethereal running, you do the following:

  a) Start ethereal

  b) Start capturing packets

  c) use your web browser to do the post.

  d) Stop capturing packets

  e) Right-click one of the HTTP packets from your session and choose
         "follow TCP stream"

There's no better tool for troubleshooting sockets programs than ethereal!
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------