SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Enthusiast
    Join Date
    Apr 2012
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    form submit to navigate - confusing me!

    I'm trying to access the data at http://www.bogc.dnrc.mt.gov/WebApps/...ltiSearch.aspx

    If I search a county like "richland" it returns results. Then I can click pages. Every link on their site uses a function to navigate. The script is below:

    HTML Code:
    <script type="text/javascript">
    //<![CDATA[
    var theForm = document.forms['aspnetForm'];
    if (!theForm) {
        theForm = document.aspnetForm;
    }
    function __doPostBack(eventTarget, eventArgument) {
        if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
            theForm.__EVENTTARGET.value = eventTarget;
            theForm.__EVENTARGUMENT.value = eventArgument;
            theForm.submit();
        }
    }
    //]]>
    </script>
    The function is accessed like so: (

    HTML Code:
    <a href="javascript:__doPostBack('ctl00$SiteContentPlaceHolder$DataGrid1$ctl01$ctl06','')">7</a>

    All it it appears to do is change the values of the below inputs, and submit the form.
    HTML Code:
    <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
    <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
    It also has a hidden input called __VIEWSTATE which appears to be some type of session ID which has to be changed to send the POST. No big deal.

    The real question is, when I input the values into the hidden inputs themselves (EVENTTARGET AND EVENTARGUMENT), and post the form to their site, it doesn't return anything. But if I use the function to post, it works! Ideas?

  2. #2
    SitePoint Wizard bronze trophy chris.upjohn's Avatar
    Join Date
    Apr 2010
    Location
    Melbourne, AU
    Posts
    2,198
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    The code use above is for .NET postbacks which should only ever be used in .NET applications as ASP.NET compiles the JavaScript above dynamically.

    My question to you is what platform are you using and what data are you trying to retrieve for your query?

  3. #3
    SitePoint Enthusiast
    Join Date
    Apr 2012
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    All I really wanted was to grab their data and store it in my database. I was going to use CURL to post parameters to the page, and get the results. I acquired a fresh VIEWSTATE and VALIDATIONID generated by their site, and posted those too, so I'm confident it my failed POST wasn't because of that.


    To be honest, I found an alternative resource, but I would still like to know why I couldn't POST the fields found in their site via CURL and receive a response. I even put the page code on my site, clicked the search using their callback function, and it worked. But if I used a regular "Submit" button, the results were blank.

  4. #4
    SitePoint Wizard bronze trophy chris.upjohn's Avatar
    Join Date
    Apr 2010
    Location
    Melbourne, AU
    Posts
    2,198
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    As I said before these are post back specific fields so there is no way you will be able to use them as they are re-generated every single time a new connection is made to the page, you would need to have a direct API that bypasses all this and goes directly to their code source otherwise there is no way for you to collect information from them.

  5. #5
    SitePoint Enthusiast
    Join Date
    Apr 2012
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh my god. I see. Couldn't it still be done by getting the initial page contents, analyze the fields and POST back with propper information? eg.

    HTML Code:
    Well name: <input id="generatedid" name="generatedid">
    Then use PHP to match between Well name: <input id=" and ", and posting "generatedid" with my own value back to their server. Or am I missing something?

  6. #6
    SitePoint Wizard bronze trophy chris.upjohn's Avatar
    Join Date
    Apr 2010
    Location
    Melbourne, AU
    Posts
    2,198
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    No, any new request made to the file will be invalid as .NET manages all form values to prevent XSS attacks

  7. #7
    SitePoint Enthusiast
    Join Date
    Apr 2012
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Chris, forgive me for my lack of knowledge.

    So when I choose the search type (like API, name, county, etc) I can see it makes a request to update the values. While it's beyond my skills, it seems plausible that specialty software could mimic a user using a web browser to send a page request, modify the fields and allow the updated values, and post back. Do you know of anything like this?

  8. #8
    SitePoint Wizard bronze trophy chris.upjohn's Avatar
    Join Date
    Apr 2010
    Location
    Melbourne, AU
    Posts
    2,198
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Microsoft has designed .NET so you can't do that, basically this is what's happening when the page loads.

    1. A new session is created for the user with the unique _EVENT values
    2. The compiler finds the form within the current context and appends the 2 form fields
    3. The session is validated for the request
    4. Anytime a post back is requested these values are validated based on the active session of the user


    If an _EVENT value doesn't match what was found for the users session it will automatically alert the user that something has gone wrong.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •