Re: [PHP] CURL de-bugging: So why am I not getting the results page on the target site?
I would like someone to help me on this outside the group discussion. Is there anyone out there that would look at a curl problem with me? Thanks, John ioannes wrote: My current theory on this is that the initial input page creates a per-session cookie. Is CURL able to send this when the page is submitted and if so how do I find out the name and value of the cookie as per my reading it is not stored on the computer, though I reckon it must be there somewhere. The initial page is in this format: https://www.targetsite.com/subdir/page.asp?serialno=GM201&OtherCode=&NextCode= So I have various GET parameters. The initial input page also has POST parameters which I can see the in page source, and so send via CURL. I cannot find any javascript doing a set_cookie, including in any included files of which there are none anyway. But there is some session going on as the serialno parameter is not in a hidden field or explicitly set cookie, so it must be a per-session cookie maybe with a different name, I reason. How do I find out about these? John ioannes wrote: My code is as below. It comes back with 'Bad session variable name - CompanySerialNo' from the site.but the COOKIEJAR does not show this variable name and it is not sent, it just shows: www.targetsite.comFALSE/FALSE0 ASPSESSIONIDQCSQDTABLKAONANAFJPNMFFECLFNCLBP There is a serialno but that is sent in the GET (URL below). Question is: What to test now? I am trying to get a results page from an input page. What code below is trying to do is access the page, get any cookies set then try the page again with the relevant inputs. $url="https://www.targetsite.com/subdir/page.asp?serialno=GM201&OtherCode=&NextCode=";; $ch = curl_init(); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt ($ch, CURLOPT_COOKIEJAR, "cookies.txt"); curl_setopt ($ch, CURLOPT_COOKIEFILE, "cookies.txt"); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_AUTOREFERER, true); curl_setopt($ch, CURLOPT_URL, $url); /* //GET list from submitting POST form as GET https://www.shortstay-london.com/checkavail.asp? 1 - clock=+09%3A54 2 - &StartDay=6 3 - &StartMonth=September+%3A+2008 4 - &EndDay=13 5 - &EndMonth=September+%3A+2008 13 - &CheckThis=Check+This use this list to create POST data */ curl_setopt($ch, CURLOPT_POST, 1); $curlPost=array(); $curlPost["clock"]=" 09:54"; $curlPost["StartDay"]="6"; $curlPost["StartMonth"]="September : 2008"; $curlPost["EndDay"]="13"; $curlPost["EndMonth"]="September : 2008"; //etc $curlPost["CheckThis"]="Check This"; curl_setopt($ch, CURLOPT_POSTFIELDS,$curlPost); curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,1); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); $store = curl_exec ($ch); curl_close ($ch); print($store); ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CURL de-bugging: So why am I not getting the results page on the target site?
The way this page works is you access index.asp?SerialNo=abc123 from a link, that is re-directed to a frameset containing the main page, main.asp, just that. main.asp does not have any fields showing the SerialNo, there is a comment with it but that is all. Fom this page, you input some dates and submit, and the form action is on a page like /checkthis.asp. What I can't see is how /checkthis.asp knows the SerialNo, which it needs. Is there some other way that asp pages transfer information between pages? I looked at the cache for IE after each page load and it does not have SerialNo as cookies or any cookies from this site other than google conversion tracking. On main.asp the button that submits the form does not refer to the SerialNo either. Nevertheless the results page creates the relevant data from the database. But it does produce error messages like, The Object has been Moved here, with my site plus ?lngSessionId=234984987&SerialNo=abd123&WinMode=&AgentCode=&CustCode=. If I add these parameters to the target URL in the CURL script it looks for displaymode (the message with my url in the display line at end of browser window: www.mysite.com/displaymode=). John ioannes wrote: My current theory on this is that the initial input page creates a per-session cookie. Is CURL able to send this when the page is submitted and if so how do I find out the name and value of the cookie as per my reading it is not stored on the computer, though I reckon it must be there somewhere. The initial page is in this format: https://www.targetsite.com/subdir/page.asp?serialno=GM201&OtherCode=&NextCode= So I have various GET parameters. The initial input page also has POST parameters which I can see the in page source, and so send via CURL. I cannot find any javascript doing a set_cookie, including in any included files of which there are none anyway. But there is some session going on as the serialno parameter is not in a hidden field or explicitly set cookie, so it must be a per-session cookie maybe with a different name, I reason. How do I find out about these? John ioannes wrote: My code is as below. It comes back with 'Bad session variable name - CompanySerialNo' from the site.but the COOKIEJAR does not show this variable name and it is not sent, it just shows: www.targetsite.comFALSE/FALSE0 ASPSESSIONIDQCSQDTABLKAONANAFJPNMFFECLFNCLBP There is a serialno but that is sent in the GET (URL below). Question is: What to test now? I am trying to get a results page from an input page. What code below is trying to do is access the page, get any cookies set then try the page again with the relevant inputs. $url="https://www.targetsite.com/subdir/page.asp?serialno=GM201&OtherCode=&NextCode=";; $ch = curl_init(); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt ($ch, CURLOPT_COOKIEJAR, "cookies.txt"); curl_setopt ($ch, CURLOPT_COOKIEFILE, "cookies.txt"); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_AUTOREFERER, true); curl_setopt($ch, CURLOPT_URL, $url); /* //GET list from submitting POST form as GET https://www.shortstay-london.com/checkavail.asp? 1 - clock=+09%3A54 2 - &StartDay=6 3 - &StartMonth=September+%3A+2008 4 - &EndDay=13 5 - &EndMonth=September+%3A+2008 13 - &CheckThis=Check+This use this list to create POST data */ curl_setopt($ch, CURLOPT_POST, 1); $curlPost=array(); $curlPost["clock"]=" 09:54"; $curlPost["StartDay"]="6"; $curlPost["StartMonth"]="September : 2008"; $curlPost["EndDay"]="13"; $curlPost["EndMonth"]="September : 2008"; //etc $curlPost["CheckThis"]="Check This"; curl_setopt($ch, CURLOPT_POSTFIELDS,$curlPost); curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,1); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); $store = curl_exec ($ch); curl_close ($ch); print($store); ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CURL de-bugging: So why am I not getting the results page on the target site?
My current theory on this is that the initial input page creates a per-session cookie. Is CURL able to send this when the page is submitted and if so how do I find out the name and value of the cookie as per my reading it is not stored on the computer, though I reckon it must be there somewhere. The initial page is in this format: https://www.targetsite.com/subdir/page.asp?serialno=GM201&OtherCode=&NextCode= So I have various GET parameters. The initial input page also has POST parameters which I can see the in page source, and so send via CURL. I cannot find any javascript doing a set_cookie, including in any included files of which there are none anyway. But there is some session going on as the serialno parameter is not in a hidden field or explicitly set cookie, so it must be a per-session cookie maybe with a different name, I reason. How do I find out about these? John ioannes wrote: My code is as below. It comes back with 'Bad session variable name - CompanySerialNo' from the site.but the COOKIEJAR does not show this variable name and it is not sent, it just shows: www.targetsite.comFALSE/FALSE0 ASPSESSIONIDQCSQDTABLKAONANAFJPNMFFECLFNCLBP There is a serialno but that is sent in the GET (URL below). Question is: What to test now? I am trying to get a results page from an input page. What code below is trying to do is access the page, get any cookies set then try the page again with the relevant inputs. $url="https://www.targetsite.com/subdir/page.asp?serialno=GM201&OtherCode=&NextCode=";; $ch = curl_init(); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt ($ch, CURLOPT_COOKIEJAR, "cookies.txt"); curl_setopt ($ch, CURLOPT_COOKIEFILE, "cookies.txt"); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_AUTOREFERER, true); curl_setopt($ch, CURLOPT_URL, $url); /* //GET list from submitting POST form as GET https://www.shortstay-london.com/checkavail.asp? 1 - clock=+09%3A54 2 - &StartDay=6 3 - &StartMonth=September+%3A+2008 4 - &EndDay=13 5 - &EndMonth=September+%3A+2008 13 - &CheckThis=Check+This use this list to create POST data */ curl_setopt($ch, CURLOPT_POST, 1); $curlPost=array(); $curlPost["clock"]=" 09:54"; $curlPost["StartDay"]="6"; $curlPost["StartMonth"]="September : 2008"; $curlPost["EndDay"]="13"; $curlPost["EndMonth"]="September : 2008"; //etc $curlPost["CheckThis"]="Check This"; curl_setopt($ch, CURLOPT_POSTFIELDS,$curlPost); curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,1); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); $store = curl_exec ($ch); curl_close ($ch); print($store); ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CURL de-bugging: So why am I not getting the results page on the target site?
My code is as below. It comes back with 'Bad session variable name - CompanySerialNo' from the site.but the COOKIEJAR does not show this variable name and it is not sent, it just shows: www.targetsite.comFALSE/FALSE0 ASPSESSIONIDQCSQDTABLKAONANAFJPNMFFECLFNCLBP There is a serialno but that is sent in the (URL below). Question is: What to test now? I am trying to get a results page from an input page. What code below is trying to do is access the page, get any cookies set then try the page again with the relevant inputs. $url="https://www.targetsite.com/subdir/page.asp?serialno=GM201&OtherCode=&NextCode=";; $ch = curl_init(); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt ($ch, CURLOPT_COOKIEJAR, "cookies.txt"); curl_setopt ($ch, CURLOPT_COOKIEFILE, "cookies.txt"); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_AUTOREFERER, true); curl_setopt($ch, CURLOPT_URL, $url); /* //GET list from submitting POST form as GET https://www.shortstay-london.com/checkavail.asp? 1 - clock=+09%3A54 2 - &StartDay=6 3 - &StartMonth=September+%3A+2008 4 - &EndDay=13 5 - &EndMonth=September+%3A+2008 13 - &CheckThis=Check+This use this list to create POST data */ curl_setopt($ch, CURLOPT_POST, 1); $curlPost=array(); $curlPost["clock"]=" 09:54"; $curlPost["StartDay"]="6"; $curlPost["StartMonth"]="September : 2008"; $curlPost["EndDay"]="13"; $curlPost["EndMonth"]="September : 2008"; //etc $curlPost["CheckThis"]="Check This"; curl_setopt($ch, CURLOPT_POSTFIELDS,$curlPost); curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,1); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); $store = curl_exec ($ch); curl_close ($ch); print($store); ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CURL de-bugging: So why am I not getting the results page on the target site?
> -Original Message- > From: Chris [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 01, 2008 9:42 PM > To: [EMAIL PROTECTED] > Cc: php-general@lists.php.net > Subject: Re: [PHP] CURL de-bugging: So why am I not getting the results > page on the target site? > > ioannes wrote: > > I didn't get any brave response on this, but given the other thread > on > > 'encription' I was wondering could anyone decrypt the __VIEWSTATE > string > > at the end of this message. It is part of the input page whose > results > > page I am trying to retrieve back onto my server for further php > work. > > I replicated the source from that input page onto a page on my > server, > > and when I click the submit button it correctly goes to the target > > results page, on the other site though, however it did not work > without > > the whole of the string below. The experiment proved though that > > without the __VIEWSTATE the results page will not return. So I am > just > > wondering, as I have not been able to repeat this using curl, what > the > > is included in that string. There's a challenge for anyone with > > whatever resources it takes. > > echo base64_decode($view_state_string); > > viewstate in asp.net is like sessions in php (I believe, I could be > completely wrong :P). Ehrm... you're not *completely* wrong. ;) I do most of my programming at work in ASP.NET/VB.NET, and I've come to understand that the VIEWSTATE in an ASP.NET page is more or less for retaining form values and client-side settings. IIS/ASP.NET still uses sessions--and in much the same way as PHP. Todd Boyd Web Programmer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CURL de-bugging: So why am I not getting the results page on the target site?
Thanks Chris and Andrew, An interesting article here on VIEWSTATE in asp: http://www.dotnetjohn.com/articles.aspx?articleid=71 refers to MAC encoding using SHA1 or MD5, alternatively Triple DES symmetric algorithm. However, in either event, VIEWSTATE seems to be just what is sent by the server which the server expects to receive back unmodified. I tried the same input form as on the target server on a test page on my site with the action on the form to the target server and that works OK to get the results page on the target server. I have also tested on my server that the CURL POST variables are giving sensible inputs like the ones that the page would produce on GET. In the process, I also learned that colons in the POST variable names don't need to be changed for HTML encoding, spaces in the variable values do need to be, anyway the POST variables seem to work OK as I said. Whatever is or is not being sent by the script as opposed to the input form on a test page of my site is the difference that I am looking for. I will try another site see can I learn anything in the process. Oh, and decoding the string as suggested (print_r(base64_decode($view_state_string));) gives one value in the array and a mixture of English and other characters plus most of the page: eg d2Ö8 Version=0.0.0.0, and other characters that do not copy to this email etc. As above, I don't see that this is interfering with CURLing the results page if it is simply sent back in the post. John -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CURL de-bugging: So why am I not getting the results page on the target site?
On Tue, Jul 1, 2008 at 5:23 PM, ioannes <[EMAIL PROTECTED]> wrote: > I didn't get any brave response on this, but given the other thread on > 'encription' I was wondering could anyone decrypt the __VIEWSTATE string at > the end of this message. It is part of the input page whose results page I > am trying to retrieve back onto my server for further php work. I > replicated the source from that input page onto a page on my server, and > when I click the submit button it correctly goes to the target results page, > on the other site though, however it did not work without the whole of the > string below. The experiment proved though that without the __VIEWSTATE the > results page will not return. So I am just wondering, as I have not been > able to repeat this using curl, what the is included in that string. > There's a challenge for anyone with whatever resources it takes. > > John > > > ioannes wrote: >> >> For those that like CURL and calendars. >> ... >> >> VIEWSTATE >> >> curl_setopt($ch, >> CURLOPT_POSTFIELDS,"__VIEWSTATE=/wEPDwUKMTMyMjM3NTUzNw9kFgZmDxYCHgRUZXh0BYcMPHRhYmxlIGFsaWduPSJjZW50ZXIiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgYm9yZGVyPSIwIj48dHI+PHRkPg0KPHVsIGlkPSJza2lwIj4NCiA8bGk+PGEgaHJlZj0iI21haW4iPlNraXAgdG8gbWFpbiBjb250ZW50PC9hPjwvbGk+DQo8L3VsPg0KPGRpdiBpZD0id3JhcHBlciIgY2xhc3M9ImNsZWFyIj4NCiA8ZGl2IGlkPSJoZWFkZXIiPg0KICAgICAgICAgICAgPGgxPg0KICAgICAgICAgICAgICAgIDxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS8iIHRpdGxlPSJEb2xwaGluIEhvdXNlIGhvbWUgcGFnZSI+RG9scGhpbg0KICAgICAgICAgICAgICAgICAgICBIb3VzZTwvYT48L2gxPg0KICAgICAgICAgICAgPGRpdiBpZD0ibmF2aWdhdGlvbiI+DQogICAgICAgICAgICAgICAgPHVsIGlkPSJuYXZfbWFpbiI+DQogICAgICAgICAgICAgICAgICAgIDxsaSBjbGFzcz0iYWJvdXQiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS9hYm91dC8iIHRpdGxlPSJBYm91dCBEb2xwaGluIEhvdXNlIj4NCiAgICAgICAgICAgICAgICAgICAgICAgIEFib3V0IHVzPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImFyZWEiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS90aGVhcmVhLyIgdGl0bGU9IlRoZSBhcmVhIj4NCiAgICAgICAgICAgICAgICAgICAgICAgIFRoZSBhcmVhPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImZhY2lsaXRpZXMiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS9mYWNpbGl0aWVzLyINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJGYWNpbGl0aWVzIj5GYWNpbGl0aWVzPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImFwYXJ0bWVudHMiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS9hcGFydG1lbnRzLyINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJUaGUgYXBhcnRtZW50cyI+QXBhcnRtZW50czwvYT4gPC9saT4NCiAgICAgICAgICAgICAgICAgICAgPGxpIGNsYXNzPSJib29rIj48YSBocmVmPSJodHRwczovL3Jlc2VydmF0aW9ucy5zeW54aXMuY29tL0xCRS9yZXouYXNweD9Ib3RlbD0xODQ4MyZDaGFpbj03MzcxJmxvY2FsZT1lbi1HQiINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJCb29rIG9ubGluZSI+Qm9vayBvbmxpbmU8L2E+PC9saT4NCiAgICAgICAgICAgICAgICAgICAgPGxpIGNsYXNzPSJjb250YWN0Ij48YSBocmVmPSJodHRwOi8vd3d3LmRvbHBoaW5zcXVhcmUuY28udWsvaG91c2UvY29udGFjdHVzLnBocCINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJDb250YWN0IHVzIj5Db250YWN0IHVzPC9hPjwvbGk+DQogICAgICAgICAgICAgICAgPC91bD4NCiAgICAgICAgICAgIDwvZGl2Pg0KICAgICAgICA8L2Rpdj4NCiA8ZGl2IGlkPSJtYWluIj4NCiAgPHA+DQogIGQCAQ9kFgICAQ8PFgIeB0xCRURhdGEy1jgAAQAAAP8BAAwCQUJFQnVzaW5lc3MsIFZlcnNpb249MC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1udWxsDAMAAABDQnVzaW5lc3MsIFZlcnNpb249NC42LjAuMzI4NTIsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49bnVsbAUBLFN5bnhpcy5BcHBsaWNhdGlvbi5CRS5CRUJ1c2luZXNzLkxCRS5MQkVEYXRhhA5faXNJbml0aWFsaXplZA1faG90ZWxDaGFuZ2VkFF9jdXN0b21lckluZm9DaGFuZ2VkDF9sb2dpbkZhaWxlZAtfbG9naW5FbWFpbA5faG90ZWxBdHRyRGF0YQhfaG90ZWxJRAhfY2hhaW5JRAlfaEFsaWFzSUQJX2NBbGlhc0lECV9hbHRTaGVsbAxfb3JpZ0hvdGVsSUQOX29yaWdIb3RlbE5hbWUOX2hvdGVsSXNBY3RpdmUJX2Rlc3RDb2RlCV9yZXpMZXZlbA9fcGF0aFRha2VuTGV2ZWwKX3N0ZXBGaWxlcxBfYnJlYWRDcnVtYnNGaWxlD19jb25maWdGaWxlUGF0aAdfbGFuZ0lEB19sb2NhbGUKX2hvdGVsR3VpZApfY2hhaW5HdWlkCV9kZXN0R3VpZAhfcmV6R3VpZApfaG90ZWxOYW1lCl9ob3RlbENvZGUKX2NoYWluTmFtZQlfZGVzdE5hbWUMX3JlelN0YXR1c0lECl9jb25maXJtTm8JX2NhbmNlbE5vEl9jYWxlbmRhclN0YXJ0RGF0ZQxfYXJyaXZhbERhdGUOX2RlcGFydHVyZURhdGUJX25pZ2h0UXR5CV9hZHVsdFF0eQlfY2hpbGRRdHkKX2p1bmlvclF0eQpfaW5mYW50UXR5Cl9zZW5pb3JRdHkIX3Jvb21RdHkRX3BhY2thZ2VEYXRhQXJyYXkSX3BhY2thZ2VUb3RhbFByaWNlCl9wcm9tb0NvZGULX2lhdGFOdW1iZXIQX3ZhbGlkSWF0YU51bWJlcghfYWdlbnRJRA9fdmFsaWRBZ2VudEd1aWQKX2dyb3VwQ29kZQ5fc3ViU291cmNlQ29kZQ1fYWxsb3dlZFJhdGVzDV9hbGxvd2VkUm9vbXMNX2F2ZXJhZ2VQcmljZRBfZmlyc3ROaWdodFByaWNlC190b3RhbFByaWNlEl90b3RhbFByaWNlV2l0aFRheA1fZGF0ZVJhdGVMaXN0DV9kYWlseVRheExpc3QOX2RhaWx5TWVhbExpc3QJX3JhdGVDb2RlCV9yYXRlR3VpZAlfcmF0ZU5hbWURX2lzU3VwcHJlc3NlZFJhdGUJX3Jvb21Db2RlCV9yb29tR3VpZAlfcm9vbU5hbWUOX3Jvb21Hcm91cENvZGUOX3Jvb21Hcm91cEd1aWQKX2ZpbHRlckJBUhVfaGFzQXZhaWxhYmxlUGFja2FnZXMSX2Jvb2tpbmdQb2xpY3lHdWlkEV9jYW5jZWxQb2xpY3lHdWlkD19jdXJyZW5jeVJhdGVJRA9fY3VycmVuY3lQcmVmaXgUX2hvdGVsQ3VycmVuY3lQcmVmaXgNX2N1cnJlbmN5Q29kZQlfY3VzdEd1aWQNX2N1c3RMb2NhdGlvbgpfZXh0Q3VzdENEBl90aXRsZQlfZnVsbE5hbWUKX2ZpcnN0TmFtZQ5fbWlkZGxlSW5pdGlhbAlfbGFzdE5hbWUNX2J1c2lu
Re: [PHP] CURL de-bugging: So why am I not getting the results page on the target site?
Chris wrote: > ioannes wrote: >> I didn't get any brave response on this, but given the other thread on >> 'encription' I was wondering could anyone decrypt the __VIEWSTATE string >> at the end of this message. It is part of the input page whose results >> page I am trying to retrieve back onto my server for further php work. >> I replicated the source from that input page onto a page on my server, >> and when I click the submit button it correctly goes to the target >> results page, on the other site though, however it did not work without >> the whole of the string below. The experiment proved though that >> without the __VIEWSTATE the results page will not return. So I am just >> wondering, as I have not been able to repeat this using curl, what the >> is included in that string. There's a challenge for anyone with >> whatever resources it takes. > > echo base64_decode($view_state_string); or maybe print_r(base64_decode($view_state_string)); I don't know if it will return a string or an array or something else. -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CURL de-bugging: So why am I not getting the results page on the target site?
ioannes wrote: > I didn't get any brave response on this, but given the other thread on > 'encription' I was wondering could anyone decrypt the __VIEWSTATE string > at the end of this message. It is part of the input page whose results > page I am trying to retrieve back onto my server for further php work. > I replicated the source from that input page onto a page on my server, > and when I click the submit button it correctly goes to the target > results page, on the other site though, however it did not work without > the whole of the string below. The experiment proved though that > without the __VIEWSTATE the results page will not return. So I am just > wondering, as I have not been able to repeat this using curl, what the > is included in that string. There's a challenge for anyone with > whatever resources it takes. echo base64_decode($view_state_string); viewstate in asp.net is like sessions in php (I believe, I could be completely wrong :P). -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CURL de-bugging: So why am I not getting the results page on the target site?
I didn't get any brave response on this, but given the other thread on 'encription' I was wondering could anyone decrypt the __VIEWSTATE string at the end of this message. It is part of the input page whose results page I am trying to retrieve back onto my server for further php work. I replicated the source from that input page onto a page on my server, and when I click the submit button it correctly goes to the target results page, on the other site though, however it did not work without the whole of the string below. The experiment proved though that without the __VIEWSTATE the results page will not return. So I am just wondering, as I have not been able to repeat this using curl, what the is included in that string. There's a challenge for anyone with whatever resources it takes. John ioannes wrote: For those that like CURL and calendars. ... VIEWSTATE curl_setopt($ch, CURLOPT_POSTFIELDS,"__VIEWSTATE=/wEPDwUKMTMyMjM3NTUzNw9kFgZmDxYCHgRUZXh0BYcMPHRhYmxlIGFsaWduPSJjZW50ZXIiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgYm9yZGVyPSIwIj48dHI+PHRkPg0KPHVsIGlkPSJza2lwIj4NCiA8bGk+PGEgaHJlZj0iI21haW4iPlNraXAgdG8gbWFpbiBjb250ZW50PC9hPjwvbGk+DQo8L3VsPg0KPGRpdiBpZD0id3JhcHBlciIgY2xhc3M9ImNsZWFyIj4NCiA8ZGl2IGlkPSJoZWFkZXIiPg0KICAgICAgICAgICAgPGgxPg0KICAgICAgICAgICAgICAgIDxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS8iIHRpdGxlPSJEb2xwaGluIEhvdXNlIGhvbWUgcGFnZSI+RG9scGhpbg0KICAgICAgICAgICAgICAgICAgICBIb3VzZTwvYT48L2gxPg0KICAgICAgICAgICAgPGRpdiBpZD0ibmF2aWdhdGlvbiI+DQogICAgICAgICAgICAgICAgPHVsIGlkPSJuYXZfbWFpbiI+DQogICAgICAgICAgICAgICAgICAgIDxsaSBjbGFzcz0iYWJvdXQiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS9hYm91dC8iIHRpdGxlPSJBYm91dCBEb2xwaGluIEhvdXNlIj4NCiAgICAgICAgICAgICAgICAgICAgICAgIEFib3V0IHVzPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImFyZWEiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS90aGVhcmVhLyIgdGl0bGU9IlRoZSBhcmVhIj4NCiAgICAgICAgICAgICAgICAgICAgICAgIFRoZSBhcmVhPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImZhY2lsaXRpZXMiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS9mYWNpbGl0aWVzLyINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJGYWNpbGl0aWVzIj5GYWNpbGl0aWVzPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImFwYXJ0bWVudHMiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS9hcGFydG1lbnRzLyINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJUaGUgYXBhcnRtZW50cyI+QXBhcnRtZW50czwvYT4gPC9saT4NCiAgICAgICAgICAgICAgICAgICAgPGxpIGNsYXNzPSJib29rIj48YSBocmVmPSJodHRwczovL3Jlc2VydmF0aW9ucy5zeW54aXMuY29tL0xCRS9yZXouYXNweD9Ib3RlbD0xODQ4MyZDaGFpbj03MzcxJmxvY2FsZT1lbi1HQiINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJCb29rIG9ubGluZSI+Qm9vayBvbmxpbmU8L2E+PC9saT4NCiAgICAgICAgICAgICAgICAgICAgPGxpIGNsYXNzPSJjb250YWN0Ij48YSBocmVmPSJodHRwOi8vd3d3LmRvbHBoaW5zcXVhcmUuY28udWsvaG91c2UvY29udGFjdHVzLnBocCINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJDb250YWN0IHVzIj5Db250YWN0IHVzPC9hPjwvbGk+DQogICAgICAgICAgICAgICAgPC91bD4NCiAgICAgICAgICAgIDwvZGl2Pg0KICAgICAgICA8L2Rpdj4NCiA8ZGl2IGlkPSJtYWluIj4NCiAgPHA+DQogIGQCAQ9kFgICAQ8PFgIeB0xCRURhdGEy1jgAAQAAAP8BAAwCQUJFQnVzaW5lc3MsIFZlcnNpb249MC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1udWxsDAMAAABDQnVzaW5lc3MsIFZlcnNpb249NC42LjAuMzI4NTIsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49bnVsbAUBLFN5bnhpcy5BcHBsaWNhdGlvbi5CRS5CRUJ1c2luZXNzLkxCRS5MQkVEYXRhhA5faXNJbml0aWFsaXplZA1faG90ZWxDaGFuZ2VkFF9jdXN0b21lckluZm9DaGFuZ2VkDF9sb2dpbkZhaWxlZAtfbG9naW5FbWFpbA5faG90ZWxBdHRyRGF0YQhfaG90ZWxJRAhfY2hhaW5JRAlfaEFsaWFzSUQJX2NBbGlhc0lECV9hbHRTaGVsbAxfb3JpZ0hvdGVsSUQOX29yaWdIb3RlbE5hbWUOX2hvdGVsSXNBY3RpdmUJX2Rlc3RDb2RlCV9yZXpMZXZlbA9fcGF0aFRha2VuTGV2ZWwKX3N0ZXBGaWxlcxBfYnJlYWRDcnVtYnNGaWxlD19jb25maWdGaWxlUGF0aAdfbGFuZ0lEB19sb2NhbGUKX2hvdGVsR3VpZApfY2hhaW5HdWlkCV9kZXN0R3VpZAhfcmV6R3VpZApfaG90ZWxOYW1lCl9ob3RlbENvZGUKX2NoYWluTmFtZQlfZGVzdE5hbWUMX3JlelN0YXR1c0lECl9jb25maXJtTm8JX2NhbmNlbE5vEl9jYWxlbmRhclN0YXJ0RGF0ZQxfYXJyaXZhbERhdGUOX2RlcGFydHVyZURhdGUJX25pZ2h0UXR5CV9hZHVsdFF0eQlfY2hpbGRRdHkKX2p1bmlvclF0eQpfaW5mYW50UXR5Cl9zZW5pb3JRdHkIX3Jvb21RdHkRX3BhY2thZ2VEYXRhQXJyYXkSX3BhY2thZ2VUb3RhbFByaWNlCl9wcm9tb0NvZGULX2lhdGFOdW1iZXIQX3ZhbGlkSWF0YU51bWJlcghfYWdlbnRJRA9fdmFsaWRBZ2VudEd1aWQKX2dyb3VwQ29kZQ5fc3ViU291cmNlQ29kZQ1fYWxsb3dlZFJhdGVzDV9hbGxvd2VkUm9vbXMNX2F2ZXJhZ2VQcmljZRBfZmlyc3ROaWdodFByaWNlC190b3RhbFByaWNlEl90b3RhbFByaWNlV2l0aFRheA1fZGF0ZVJhdGVMaXN0DV9kYWlseVRheExpc3QOX2RhaWx5TWVhbExpc3QJX3JhdGVDb2RlCV9yYXRlR3VpZAlfcmF0ZU5hbWURX2lzU3VwcHJlc3NlZFJhdGUJX3Jvb21Db2RlCV9yb29tR3VpZAlfcm9vbU5hbWUOX3Jvb21Hcm91cENvZGUOX3Jvb21Hcm91cEd1aWQKX2ZpbHRlckJBUhVfaGFzQXZhaWxhYmxlUGFja2FnZXMSX2Jvb2tpbmdQb2xpY3lHdWlkEV9jYW5jZWxQb2xpY3lHdWlkD19jdXJyZW5jeVJhdGVJRA9fY3VycmVuY3lQcmVmaXgUX2hvdGVsQ3VycmVuY3lQcmVmaXgNX2N1cnJlbmN5Q29kZQlfY3VzdEd1aWQNX2N1c3RMb2NhdGlvbgpfZXh0Q3VzdENEBl90aXRsZQlfZnVsbE5hbWUKX2ZpcnN0TmFtZQ5fbWlkZGxlSW5pdGlhbAlfbGFzdE5hbWUNX2J1c2luZXNzTmFtZQ1fYnVzaW5lc3NVbml0CV9hZGRyZXNzMQlfYWRkcmVzczIJX2FkZHJlc3MzBV9jaXR5CF96aXBDb2RlB19waG9uZTEEX2Zh
[PHP] CURL de-bugging: So why am I not getting the results page on the target site?
For those that like CURL and calendars. Using CURL, I am accessing a form on a 'target' third party site (it is built around JavaScript DHTML DatePicker) and trying to POST various date and other inputs from its form and return the results page to my site for further processing with php. However, I can only get the inputs page returned. The third party site works fine when submitted from a browser. I have tried testing various ways. I put the source code of the target inputs page on my site. I then changed the form to method=get and checked that my CURL expressions curl_setopt($curl_session, CURLOPT_POSTFIELDS,"variable_name") were all in the right order and had the correct HTML substitutions for colons and spaces etc. Testing whether eg the submit variable has been posted, I get a good result. Here is the bit of testing code on the test page: if(ISSET($_POST["SubmitButton"])&&$_POST{"SubmitButton"}=="SubmitButton Value") { print("submitted - test.php page line 32"); // I can get this } else { print("not submitted - test.php page line 35 "); } I have 17 variables being submitted. I do notice that I only get the above result if the curl_setopt($curl_session, CURLOPT_POSTFIELDS,"submit_variable_name") is written in the calling page as the last in these expressions, whereas in the list of GET variables it comes 14th. This worries me, it does not seem to be a problem with other variables, perhaps because the submit variable has a value with a space in it (becomes +). curl_setopt($curl_sess, CURLOPT_POSTFIELDS,"Control%3ACheck_0%3AButton=Submit+This"); Thank you for staying with me so far. I read that variables need to be in the right order for some reason. I suspected that the page was trying to avoid spoofing by using sessions, but when I deleted all cookies on my computer and submit from the input page using a browser, I still got back a results page but not from the script. So lack of sessions data was not what stops the page responding. The input form page actually is coded as an aspx page. It uses various javascripts and hidden fields like _EVENTTARGET, __EVENTARGUMENT, __LASTFOCUS, __VIEWSTATE (below). The last is an encrypted version of the page to enable the Back button to work. I suppose this could include something like a timestamp that stops CURL requests. If interested, I can send you the actual URLs. Any ideas on how to grab this result page? John PS VIEWSTATE curl_setopt($ch, CURLOPT_POSTFIELDS,"__VIEWSTATE=/wEPDwUKMTMyMjM3NTUzNw9kFgZmDxYCHgRUZXh0BYcMPHRhYmxlIGFsaWduPSJjZW50ZXIiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgYm9yZGVyPSIwIj48dHI+PHRkPg0KPHVsIGlkPSJza2lwIj4NCiA8bGk+PGEgaHJlZj0iI21haW4iPlNraXAgdG8gbWFpbiBjb250ZW50PC9hPjwvbGk+DQo8L3VsPg0KPGRpdiBpZD0id3JhcHBlciIgY2xhc3M9ImNsZWFyIj4NCiA8ZGl2IGlkPSJoZWFkZXIiPg0KICAgICAgICAgICAgPGgxPg0KICAgICAgICAgICAgICAgIDxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS8iIHRpdGxlPSJEb2xwaGluIEhvdXNlIGhvbWUgcGFnZSI+RG9scGhpbg0KICAgICAgICAgICAgICAgICAgICBIb3VzZTwvYT48L2gxPg0KICAgICAgICAgICAgPGRpdiBpZD0ibmF2aWdhdGlvbiI+DQogICAgICAgICAgICAgICAgPHVsIGlkPSJuYXZfbWFpbiI+DQogICAgICAgICAgICAgICAgICAgIDxsaSBjbGFzcz0iYWJvdXQiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS9hYm91dC8iIHRpdGxlPSJBYm91dCBEb2xwaGluIEhvdXNlIj4NCiAgICAgICAgICAgICAgICAgICAgICAgIEFib3V0IHVzPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImFyZWEiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS90aGVhcmVhLyIgdGl0bGU9IlRoZSBhcmVhIj4NCiAgICAgICAgICAgICAgICAgICAgICAgIFRoZSBhcmVhPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImZhY2lsaXRpZXMiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS9mYWNpbGl0aWVzLyINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJGYWNpbGl0aWVzIj5GYWNpbGl0aWVzPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImFwYXJ0bWVudHMiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS9hcGFydG1lbnRzLyINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJUaGUgYXBhcnRtZW50cyI+QXBhcnRtZW50czwvYT4gPC9saT4NCiAgICAgICAgICAgICAgICAgICAgPGxpIGNsYXNzPSJib29rIj48YSBocmVmPSJodHRwczovL3Jlc2VydmF0aW9ucy5zeW54aXMuY29tL0xCRS9yZXouYXNweD9Ib3RlbD0xODQ4MyZDaGFpbj03MzcxJmxvY2FsZT1lbi1HQiINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJCb29rIG9ubGluZSI+Qm9vayBvbmxpbmU8L2E+PC9saT4NCiAgICAgICAgICAgICAgICAgICAgPGxpIGNsYXNzPSJjb250YWN0Ij48YSBocmVmPSJodHRwOi8vd3d3LmRvbHBoaW5zcXVhcmUuY28udWsvaG91c2UvY29udGFjdHVzLnBocCINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJDb250YWN0IHVzIj5Db250YWN0IHVzPC9hPjwvbGk+DQogICAgICAgICAgICAgICAgPC91bD4NCiAgICAgICAgICAgIDwvZGl2Pg0KICAgICAgICA8L2Rpdj4NCiA8ZGl2IGlkPSJtYWluIj4NCiAgPHA+DQogIGQCAQ9kFgICAQ8PFgIeB0xCRURhdGEy1jgAAQAAAP8BAAwCQUJFQnVzaW5lc3MsIFZlcnNpb249MC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1udWxsDAMAAABDQnVzaW5lc3MsIFZlcnNpb249NC42LjAuMzI4NTIsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49bnVsbAUBLFN5bnhpcy5BcHBsaWNhdGlvbi5CRS5CRUJ1c2luZXNzLkxCRS5MQkVEYXRhhA5faXNJbml0aWFsaXplZA1faG90ZWx