[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Field names?
Sender: daparnin@xxxxxxxxxxxxxxxxxx
Scott,
I took the weekend off and was busy with other duties yesterday and am now
revisiting my project with HTTPAPI. I've read your comments from your
Friday message several times but I don't understand what you mean when you
say "Are you escaping the contents of the employee number and/or password
properly?" What is escaping? Is this putting delimeters or tags around
the data to identify it? Can this be determined from the HTML source?
Thanks.
Dave Parnin
Nishikawa Standard Company
Topeka, IN 46571
daparnin@xxxxxxxxxxxxxxxxxx
Scott Klement
<sk@xxxxxxxxxxxxx To: ftpapi@xxxxxxxxxxxxx@SMTP@xxx
com> cc: (bcc: David A Parnin/Topeka/NISCO/SPCO)
Sent by: Subject: Re: Field names?
owner-ftpapi@xxxx
e.ods.net
08/06/2004 04:32
PM
Please respond to
ftpapi
Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>
>
> When posting to a web page do you assign values to the name= tag as
opposed
> to an id= tag?
You mean the "name" and "id" attributes of an <INPUT> tag, correct?
The name of the variable that's submitted is what's found under "name".
Id is for associating with style sheets and a few other things, but not
for submitting forms.
> With my recent adventures in web access with the HTTP API's
> I'm now trying to do a login to an internal site that runs off of one of
> our NT servers. I can log in find from a browser but the message that
I'm
> getting back is the HTML for the invalid employee number. Any thoughts
> would be appreciated.
[SNIP]
> eval data='emplnbr=12345&pass=xxxxx' + CRLF
> eval url='http://10.24.3.1/spede/SpMenu.asp'
> eval rc = http_url_post(url:
> %addr(data): %len(%trimr(data)):
> '/tmp/SPEDELogon.html')
Are you escaping the contents of the employee number and/or password
properly? Your example shows "12345" and "xxxxx" which do not need to be
escaped -- but I have a strange feeling that these aren't the actual
values that you're sending :)
Also, unless the CRLF characters are part of the password, you might want
to remove the "+ CRLF" from the end of "data."
If you're able to get things working with a web browser and not with
HTTPAPI, a great way to determine what's happening is to run a packet
sniffer on the PC that's got the web browser. You can then look at
exactly what the web browser is sending, and compare that with HTTPAPI.
Personally, I like Ethereal. It's a free, cross-platform, packet sniffer.
You can get your copy here:
http://www.ethereal.com/
To capture packets, you also need to install WinPCap. Instructions can be
found here:
ftp://mirror.sg.depaul.edu/pub/security/ethereal/win32/HEADER.html
Once you've got ethereal running, you do the following:
a) Start ethereal
b) Start capturing packets
c) use your web browser to do the post.
d) Stop capturing packets
e) Right-click one of the HTTP packets from your session and choose
"follow TCP stream"
There's no better tool for troubleshooting sockets programs than ethereal!
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------