I want to send some value to a asp.net form for sending sms by PHP but it doesnt send any value , i think the problem is from asp.net form element name for example a name of text field is "ctl00$ContentPlaceHolder1$txtnum"
my code :
<?
$text=$_GET['nome'];
$strCookie = "ASP.NET_SessionId=uwf4xv55la1ojtjsm0sbnynb;vipcard=210927C5B78543C4A0645F15A561D171F5D3FEADF320B173E380799EB6B5086F7472F9910C39496F84C6EF7C86356E5E1BB8E22F9E93C59C347FC7301D954CA669F22E6D4A3655136BD0929FE4AE1A36416DD2FAC65A6CF4EBC3DC5D7907B455C02D1762D11FFEA07C4DA8260371EA4dfgdfA6CEC59A7";
// set URL and other appropriate options
$url = 'http://www.sms.com/seller/HomePage.aspx';
//set POST variables
$fields = array(
'ctl00$ContentPlaceHolder1$txtnum' => '092983940***',
'ctl00$ContentPlaceHolder1$dds1' => '30001607' ,
'ctl00$ContentPlaceHolder1$t3' => "hello how are u",
'ctl00$ContentPlaceHolder1$Button2' => 'submit'
);
// set user agent
$useragent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5';
//open connection
$ch = curl_init();
//set the url, POST data, UserAgent, Timeout, etc.
curl_setopt( $ch, CURLOPT_COOKIE, $strCookie );
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_POSTFIELDS,$fields);
//curl_setopt($ch, CURLOPT_CONNECTTIMEOUT_MS, 500000); //time out of 0.5 seconds.
//execute post
curl_exec($ch);
?>
is this possible to send value to asp.net form ?
is there any other idea ?
Thanks
It is possible to send data directly to an asp.net web page, however it may ignore the request if it isn't designed to process direct posts.
In reference to the form names you are seeing asp.net builds control names based on their location in the page hierarchy.
The name ctl00$ContentPlaceHolder1$txtnum implies that the field named txtnum is placed inside a contentplaceholder.
On the server side the asp.net form collection will contain a form post variable named txtnum, and not the longer version which is there to ensure uniqueness within the page.
All this being said if the page is not setup to process direct post submissions then it will ignore the data being sent.
ASP.net pages typically will work using post back events which means the processing of the data will be placed inside an onclick event for that button control, the event is raised and handled within the page lifecycle.
If you need to post directly to the ASP.net page I would check with the company hosting the page if they have a page or service that you can post directly to.
Related
I need to retrieve and parse the text of public domain books, such as those found on gutenberg.org, with PHP.
To retrieve the content of most webpages I am able to use CURL requests to retrieve the HTML exactly as I would find had I navigated to the URL in a browser.
Unfortunately on some pages, most importantly gutenberg.org pages, the websites display different content or send a redirect header.
For example, when attempting to load this target, gutenberg.org, page a curl request gets redirected to this different but logically related, gutenberg.org, page. I am successfully able to visit the target page with both cookies and javascript turned off on my browser.
Why is the curl request being redirected while a regular browser request to the same site is not?
Here is the code I use to retrieve the webpage:
$urlToScan = "http://www.gutenberg.org/cache/epub/34175/pg34175.txt";
if(!isset($userAgent)){
$userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36";
}
$ch = curl_init();
$timeout = 15;
curl_setopt($ch, CURLOPT_COOKIESESSION, true );
curl_setopt($ch, CURLOPT_USERAGENT,$userAgent);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
#curl_setopt($ch, CURLOPT_HEADER, 1); // return HTTP headers with response
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_URL, $urlToScan);
$html = curl_exec($ch);
curl_close($ch);
if($html == null){
return false;
}
print $html;
The hint is probably in the url: it says "welcome stranger". They are redirecting every "first" time visitor to this page. Once you have visited the page, they will not redirect you anymore.
THey don't seem to be saving a lot of stuff in your browser, but they do set a cookie with a session id. This is the most logical thing really: check if there is a session.
What you need to do is connect with curl AND a cookie. You can use your browsers cookie for this, but in case it expires, you'd be better of doing
request the page.
if the page is redirected, safe the cookie (you now have a session)
request the page again with that cookie.
If all goes well, the second request will not redirect. Until the cookie / session expires, and then you start again. see the manual to see how to work with cookies/cookie-jars
The reason that one could navigate to the target page in a browser without cookies or javascript, yet not by curl, was due to the website tracking the referrer in the header. The page can be loaded without cookies by setting the appropriate referrer header:
curl_setopt($ch, CURLOPT_REFERER, "http://www.gutenberg.org/ebooks/34175?msg=welcome_stranger");
As pointed out by #madshvero, the page also be, surprisingly, loaded by simply excluding the user agent.
I'm trying to make a script that would run through some sites that I visit every day and get the most interesting info/statistics from them. I wanted to use curl for this purpose, because some of these sites require authentification. Everything was ok until I bumped into the site: rossnet.pl which seems to be somehow secured 'cause I can't authenticate myself at all.
The form that I want to use can be found here:
https://www.rossnet.pl/rossnetlogin.aspx
On the left, under the text: "Mam konto w Rossnet.pl - Logowanie". It doesn't seem to have any hidden input fields, only two text fields for credentials, called:
- "dnn$ctr1203$ViewLogin$txtUserLogin"
- "dnn$ctr1203$ViewLogin$txtUserPass"
I'm using the code shown below but the page returned by the server seems as if exactly nothing happened (no error messages, it seems to look the same as when I don't send any POST data).
Does anyone have a clue about what may be wrong? In the code below I put in actual account credentials for you to be able to test the script if you wish to help me.
Here you can see how does the script below work on my server:
http://kremuwa.netii.net/rossman/skrypt.php
<?php
$url = "https://www.rossnet.pl/rossnetlogin.aspx";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'dnn$ctr1203$ViewLogin$txtUserLogin=warzywko3000&dnn$ctr1203$ViewLogin$txtUserPass=password123');
$output = curl_exec($ch);
curl_close($ch);
echo $output;
?>
Login forms are sometimes protected with challenges that prevent you from directly submitting the form without loading the page first. I've listed a few options that could stand in your way.
One option is cookie challenges, it's also the easiest to deal with by just loading the page (fetch the cookie) and send it along with the form submission.
Another option is a hidden field challenge; a hidden form field is populated with a challenge code and the submission expects that value to be sent as well.
The last option I can think of is an even more difficult approach involving JavaScript; the page would use JavaScript to load the challenge string, maybe obfuscate it a bit and then send it along (via hidden form field or ajax request).
THE BACKGROUND DETAILS:
I have a custom shopping cart that uses PayPal for payment processing. I have an intermediary page between the cart and PayPal that adds the order to a database and sends confirmation emails.
Until now, I had the intermediary page set up to include all the necessary data as hidden form fields and submit the form to PayPal onload.
Now I'm experimenting with using cURL in PHP to send the POST data to PayPal.
$ch=curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.paypal.com/cgi-bin/webscr');
//curl_setopt($ch, CURLOPT_URL, 'http://localhost/postecho.php');
// ^ this one is a simple page that echoes all POST data using print_r
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $poststring);
// Some options that didn't seem to help
//curl_setopt($ch, CURLOPT_HEADER, 1);
//curl_setopt($ch, CURLOPT_POST, 1);
//curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS);
// User agent spoofing which also didn't seem to help
//$agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)";
//curl_setopt($ch, CURLOPT_USERAGENT, $agent);
$result=curl_exec($ch);
curl_close($ch);
$poststring contains all the POST data that I had previously been passing in param1=value¶m2=value format. Running this through test page postecho.php reveals that POST data seems to be alright.
THE PROBLEM:
"Sorry — your last action could not be completed"
This is what PayPal tells me when I try to do things the cURL way. It doesn't really give me any helpful information concerning the resolution of this problem. I figure there's gotta be something in the headers or something that it doesn't like. How do I make PayPal and cURL work together?
most likely you are missing cookie/session data. if i were you i would capture the raw http message that goes from your browser to paypal.com. some of it's info isn't going to be needed for the request to work, but at least it's going to contain all info you need. then try to emulate it with curl.
long answer short: first capture raw http message, then emulate it with curl.
Have you checked the API docs for PHP?
https://cms.paypal.com/us/cgi-bin/?&cmd=_render-content&content_ID=developer/library_code
I have the following code to login into an external site application (asp.net app) from a local site login form (written in php):
<?php
$curl_connection = curl_init('www.external.com/login.aspx');
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT,
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
// Post data array
$post_data['LoginControl$UserName'] = 'ExampleUName';
$post_data['LoginControl$Password'] = 'ExamplePWord';
// Add form fields into an array to get ready to post
foreach ($post_data as $key => $value)
{
$post_items[] = $key . '=' . $value;
}
$post_string = implode ('&', $post_items);
// Tell cURL which string to post
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
// Execute and post
$result = curl_exec($curl_connection);
?>
I get directed to the login form of the external site instead of being directed to the application logged in. I think the problem is that I need to pass the viewstate values through, but i'm not sure how to go about doing that?
I don't have control over the external application. But we want users to be able to login to the application through our website, to maintain branding etc.
I've posted a couple of other threads recently about the use of php cURL, but I'm at the stage now where I think the viewstate is the problem ...
Thanks, Mark.
This seems to be a real problem when trying to scrape the asp.net pages.
The pages contain a hidden field named "__VIEWSTATE" which contains a base64 encoded set of va;ues containing some or all of the page state when the page was sent. It usually also contains the SHA1 of the viewstate.
What this means is that your post must contain everything in the _VIEWSTATE or it will fail.
I have been able to post a simple login page that has only 2 fields but not a more complex page in which the author has chosen to put the entire page state in the viewstate.
As yet I have not been able to come up with a solution.
Change:
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
To:
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, false);
You also need to set up a cookie file, take a look at CURLOPT_COOKIEFILE
CURLOPT_COOKIEFILE:
The name of the file containing the cookie data. The cookie file can be in Netscape format, or just plain HTTP-style headers dumped into a file.
CURLOPT_COOKIE:
The contents of the "Cookie: " header to be used in the HTTP request. Note that multiple cookies are separated with a semicolon followed by a space (e.g., "fruit=apple; colour=red")
CURLOPT_COOKIEJAR:
he name of a file to save all internal cookies to when the connection closes.
#see http://www.php.net/manual/en/function.curl-setopt.php
curl_setopt($curl_connection, CURLOPT_COOKIEFILE, 'cookiefile.txt');
curl_setopt($curl_connection, CURLOPT_COOKIEJAR, 'cookiefile.txt');
Don't expect it to work without encoding the __VIEWSTATE string in php using
rawurlencode($viewstate);
I've encountered the same problem recently, so I just leave my way to go about it here, in case someone else stumbles on this thread looking for an answer too.
I solved this by preceding every POST request with a GET request to the same url, and scraping all the input fields into an array of key-value pairs out of the response from that GET. Then I replaced some values in that array (login field values, for example), and sent the whole thing back in the subsequent POST. This way my POST request contained all the valid __VIEWSTATE, __EVENTVALIDATOR and yada-yada data generated for that particular url too.
This way the site allowed me to log in and visit subdomains normally.
I am trying to write a script that fills out forms automatically and then automatically presses the submit button.
I have read that you can use curl to post HTTP requests, but what do you do when the form handles the post request with JavaScript, like the code below?
<form name="myform" action="javascript:void(0)" method="POST" onsubmit="return fancy_function(this)">
Based off your answer to the comments above, what you want to do is not "fill out the form" with curl, but rather post the completed form to the same page the form would normally send to.
This is also called cross-site posting, and many developers specifically test for and don't allow it to improve security. This will also be much much harder if the form has a captcha.
Assuming that it still makes sense to do (I've used this technique before for a newsletter signup form), here's what you want to do:
To get the form's action url, you'll need to look through the Javascript code for the site and find where funcy_function() is defined. Then in the body of the function, you'll likely see the destination url. You'll also need to note the specific names of the form variables in the html. You'll need to setup your variables with the exact same names. Then your curl setup will look like this:
$url = 'http://www.targeturl.com';
$myvars = 'myvar1=' . $myvar1 . '&myvar2=' . $myvar2;
$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_POST, 1);
curl_setopt( $ch, CURLOPT_POSTFIELDS, $myvars);
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt( $ch, CURLOPT_HEADER, 0);
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec( $ch );
This will send the post variables to the specified url, imitating what would normally happen from the form. The html that the page returns will be in $response if you want to parse or use it.
If you want to use cURL:
You can capture every HTTP request (GET or POST forms) with Firefox Web-Tools:
Web-Tools -> Network -> send your form -> context menu of the form URL (right click on form script) -> Copy => copy as cURL address
More infos: https://everything.curl.dev/usingcurl/copyas