In a message dated 1/31/2006 10:55:29 P.M. Eastern Standard Time,
[EMAIL PROTECTED] writes:
You can *not* get the target URL of a form POST by copying and pasting the
URL from a browser. You get the URL of the form POST by looking at the HTML
source code of the page that provides the form. There, you search for a tag
<form method="POST" target="*this*is*the*URL*to*POST*to">
Okay. I checked the form tag. Here it is:
<FORM action= /NASApp/tsp/authenticate.do?_name=nfclogin&SessionKey$=1ABC123
method="POST" name ="form" onSubmit="return checkInput()"
AUTOCOMPLETE="off">
Do you see anything significant in the checkInput() script at the bottom of
this e-mail? I did not?
Note: No "target=" attribute in the <form> tag. I did, however, find an
additional hidden field that I had previously missed. So, I added another
NameValuePair to the "data" object. Then I added the line
pmethod.addRequestHeader("Referer",urlA);
that I had mentioned in my first e-mail in this thread.
Result: Another 405!
Jerry
<!--
function checkInput() {
var version;
version = 2;
if ((navigator.userAgent.indexOf("MSIE") != "-1") &&
(navigator.userAgent.length > 1)) {
version = pdfObj.GetVersions();
var pos1 = version.indexOf("AcroForm");
if (pos1 >= 0)
version = version.substring(pos1+9,pos1+12);
document.form.acrover.value = version;
}else {
document.form.acrover.value="y";
if (navigator.plugins && navigator.plugins["Adobe Acrobat"].description !=
"") {
version = navigator.plugins["Adobe Acrobat"].description;
var tmp = "Adobe Acrobat Plug-In Version ";
var tmp2 = " for Netscape";
var pos = tmp.length;
var pos2 = version.indexOf(tmp2);
version = parseFloat(version.substring(pos, pos2));
document.form.acrover.value =version;
}
}
var result = true;
var indata= document.form.partId.value;
if (!isValidId( indata ) ) {
result = false;
}
indata= document.form.password.value;
if (!isValidPIN( indata ) ) {
result = false;
}
if ( result==false) {
window.alert( "Invalid SSN or PIN entered.\n\nNote:\n SSN must be 9
digits.\n PIN must be 4 digits.");
}
//window.alert(" ***** PLEASE NOTE *****\n\nDue to high
volumes of inquiry traffic, system response may be slow at\ntimes. If you
experience slow transaction times, please try back later.\n\n");
return result;
}
function numTest(val){
var numit = "";
var goodOnes = "1234567890";
for (var pos = 0; pos < val.length; pos++) {
if (goodOnes.indexOf(val.charAt(pos)) != -1) {
numit = numit + val.charAt(pos);
} else {
return false;
}
}
return true;
}
function isValidPIN( str ) {
return ( str != "" && str.length==4 && numTest(str));
}
function isValidId( str ) {
return ( str != "" && str.length==9 && numTest(str) && str !="000000000");
}
//-->
