CURL de-bugging: So why am I not getting the results page on the target site?

For those that like CURL and calendars.

Using CURL, I am accessing a form on a 'target' third party site (it is
built around JavaScript DHTML DatePicker) and trying to POST various
date and other inputs from its form and return the results page to my
site for further processing with php.  However, I can only get the
inputs page returned.  The third party site works fine when submitted
from a browser.

I have tried testing various ways.

I put the source code of the target inputs page on my site.  I then
changed the form to method=get and checked that my CURL expressions
curl_setopt($curl_session, CURLOPT_POSTFIELDS,"variable_name") were all
in the right order and had the correct HTML substitutions for colons and
spaces etc.  Testing whether eg the submit variable has been posted, I
get a good result.  Here is the bit of testing code on the test page:

   
if(ISSET($_POST["SubmitButton"])&&$_POST{"SubmitButton"}=="SubmitButton
Value") {
        print("<br>submitted - test.php page line 32"); // I can get this
    } else {
        print("<br>not submitted - test.php page line 35 ");
    }

I have 17 variables being submitted.  I do notice that I only get the
above result if the curl_setopt($curl_session,
CURLOPT_POSTFIELDS,"submit_variable_name") is written in the calling
page as the last in these expressions, whereas in the list of GET
variables it comes 14th.  This worries me, it does not seem to be a
problem with other variables, perhaps because the submit variable has a
value with a space in it (becomes +).

curl_setopt($curl_sess,
CURLOPT_POSTFIELDS,"Control%3ACheck_0%3AButton=Submit+This");

Thank you for staying with me so far.  I read that variables need to be
in the right order for some reason.

I suspected that the page was trying to avoid spoofing by using
sessions, but when I deleted all cookies on my computer and submit from
the input page using a browser, I still got back a results page but not
from the script.  So lack of sessions data was not what stops the page
responding.

The input form page actually is coded as an aspx page.  It uses various
javascripts and hidden fields like _EVENTTARGET, __EVENTARGUMENT,
__LASTFOCUS, __VIEWSTATE (below).  The last is an encrypted version of
the page to enable the Back button to work.  I suppose this could
include something like a timestamp that stops CURL requests.

If interested, I can send you the actual URLs.

Any ideas on how to grab this result page?

John

PS

VIEWSTATE

curl_setopt($ch,
CURLOPT_POSTFIELDS,"__VIEWSTATE=/wEPDwUKMTMyMjM3NTUzNw9kFgZmDxYCHgRUZXh0BYcMPHRhYmxlIGFsaWduPSJjZW50ZXIiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgYm9yZGVyPSIwIj48dHI+PHRkPg0KPHVsIGlkPSJza2lwIj4NCiA8bGk+PGEgaHJlZj0iI21haW4iPlNraXAgdG8gbWFpbiBjb250ZW50PC9hPjwvbGk+DQo8L3VsPg0KPGRpdiBpZD0id3JhcHBlciIgY2xhc3M9ImNsZWFyIj4NCiA8ZGl2IGlkPSJoZWFkZXIiPg0KICAgICAgICAgICAgPGgxPg0KICAgICAgICAgICAgICAgIDxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS8iIHRpdGxlPSJEb2xwaGluIEhvdXNlIGhvbWUgcGFnZSI+RG9scGhpbg0KICAgICAgICAgICAgICAgICAgICBIb3VzZTwvYT48L2gxPg0KICAgICAgICAgICAgPGRpdiBpZD0ibmF2aWdhdGlvbiI+DQogICAgICAgICAgICAgICAgPHVsIGlkPSJuYXZfbWFpbiI+DQogICAgICAgICAgICAgICAgICAgIDxsaSBjbGFzcz0iYWJvdXQiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS9hYm91dC8iIHRpdGxlPSJBYm91dCBEb2xwaGluIEhvdXNlIj4NCiAgICAgICAgICAgICAgICAgICAgICAgIEFib3V0IHVzPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImFyZWEiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS90aGVhcmVhLyIgdGl0bGU9IlRoZSBhcmVhIj4NCiAgICAgICAgICAgICAgICAgICAgICAgIFRoZSBhcmVhPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImZhY2lsaXRpZXMiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS9mYWNpbGl0aWVzLyINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJGYWNpbGl0aWVzIj5GYWNpbGl0aWVzPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImFwYXJ0bWVudHMiPjxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS9hcGFydG1lbnRzLyINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJUaGUgYXBhcnRtZW50cyI+QXBhcnRtZW50czwvYT4gPC9saT4NCiAgICAgICAgICAgICAgICAgICAgPGxpIGNsYXNzPSJib29rIj48YSBocmVmPSJodHRwczovL3Jlc2VydmF0aW9ucy5zeW54aXMuY29tL0xCRS9yZXouYXNweD9Ib3RlbD0xODQ4MyZDaGFpbj03MzcxJmxvY2FsZT1lbi1HQiINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJCb29rIG9ubGluZSI+Qm9vayBvbmxpbmU8L2E+PC9saT4NCiAgICAgICAgICAgICAgICAgICAgPGxpIGNsYXNzPSJjb250YWN0Ij48YSBocmVmPSJodHRwOi8vd3d3LmRvbHBoaW5zcXVhcmUuY28udWsvaG91c2UvY29udGFjdHVzLnBocCINCiAgICAgICAgICAgICAgICAgICAgICAgIHRpdGxlPSJDb250YWN0IHVzIj5Db250YWN0IHVzPC9hPjwvbGk+DQogICAgICAgICAgICAgICAgPC91bD4NCiAgICAgICAgICAgIDwvZGl2Pg0KICAgICAgICA8L2Rpdj4NCiA8ZGl2IGlkPSJtYWluIj4NCiAgPHA+DQogIGQCAQ9kFgICAQ8PFgIeB0xCRURhdGEy1jgAAQAAAP////8BAAAAAAAAAAwCAAAAQUJFQnVzaW5lc3MsIFZlcnNpb249MC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1udWxsDAMAAABDQnVzaW5lc3MsIFZlcnNpb249NC42LjAuMzI4NTIsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49bnVsbAUBAAAALFN5bnhpcy5BcHBsaWNhdGlvbi5CRS5CRUJ1c2luZXNzLkxCRS5MQkVEYXRhhAAAAA5faXNJbml0aWFsaXplZA1faG90ZWxDaGFuZ2VkFF9jdXN0b21lckluZm9DaGFuZ2VkDF9sb2dpbkZhaWxlZAtfbG9naW5FbWFpbA5faG90ZWxBdHRyRGF0YQhfaG90ZWxJRAhfY2hhaW5JRAlfaEFsaWFzSUQJX2NBbGlhc0lECV9hbHRTaGVsbAxfb3JpZ0hvdGVsSUQOX29yaWdIb3RlbE5hbWUOX2hvdGVsSXNBY3RpdmUJX2Rlc3RDb2RlCV9yZXpMZXZlbA9fcGF0aFRha2VuTGV2ZWwKX3N0ZXBGaWxlcxBfYnJlYWRDcnVtYnNGaWxlD19jb25maWdGaWxlUGF0aAdfbGFuZ0lEB19sb2NhbGUKX2hvdGVsR3VpZApfY2hhaW5HdWlkCV9kZXN0R3VpZAhfcmV6R3VpZApfaG90ZWxOYW1lCl9ob3RlbENvZGUKX2NoYWluTmFtZQlfZGVzdE5hbWUMX3JlelN0YXR1c0lECl9jb25maXJtTm8JX2NhbmNlbE5vEl9jYWxlbmRhclN0YXJ0RGF0ZQxfYXJyaXZhbERhdGUOX2RlcGFydHVyZURhdGUJX25pZ2h0UXR5CV9hZHVsdFF0eQlfY2hpbGRRdHkKX2p1bmlvclF0eQpfaW5mYW50UXR5Cl9zZW5pb3JRdHkIX3Jvb21RdHkRX3BhY2thZ2VEYXRhQXJyYXkSX3BhY2thZ2VUb3RhbFByaWNlCl9wcm9tb0NvZGULX2lhdGFOdW1iZXIQX3ZhbGlkSWF0YU51bWJlcghfYWdlbnRJRA9fdmFsaWRBZ2VudEd1aWQKX2dyb3VwQ29kZQ5fc3ViU291cmNlQ29kZQ1fYWxsb3dlZFJhdGVzDV9hbGxvd2VkUm9vbXMNX2F2ZXJhZ2VQcmljZRBfZmlyc3ROaWdodFByaWNlC190b3RhbFByaWNlEl90b3RhbFByaWNlV2l0aFRheA1fZGF0ZVJhdGVMaXN0DV9kYWlseVRheExpc3QOX2RhaWx5TWVhbExpc3QJX3JhdGVDb2RlCV9yYXRlR3VpZAlfcmF0ZU5hbWURX2lzU3VwcHJlc3NlZFJhdGUJX3Jvb21Db2RlCV9yb29tR3VpZAlfcm9vbU5hbWUOX3Jvb21Hcm91cENvZGUOX3Jvb21Hcm91cEd1aWQKX2ZpbHRlckJBUhVfaGFzQXZhaWxhYmxlUGFja2FnZXMSX2Jvb2tpbmdQb2xpY3lHdWlkEV9jYW5jZWxQb2xpY3lHdWlkD19jdXJyZW5jeVJhdGVJRA9fY3VycmVuY3lQcmVmaXgUX2hvdGVsQ3VycmVuY3lQcmVmaXgNX2N1cnJlbmN5Q29kZQlfY3VzdEd1aWQNX2N1c3RMb2NhdGlvbgpfZXh0Q3VzdENEBl90aXRsZQlfZnVsbE5hbWUKX2ZpcnN0TmFtZQ5fbWlkZGxlSW5pdGlhbAlfbGFzdE5hbWUNX2J1c2luZXNzTmFtZQ1fYnVzaW5lc3NVbml0CV9hZGRyZXNzMQlfYWRkcmVzczIJX2FkZHJlc3MzBV9jaXR5CF96aXBDb2RlB19waG9uZTEEX2ZheAhfc3RhdGVJRAZfc3RhdGUKX2NvdW50cnlJRAhfY291bnRyeQZfZW1haWwJX3Bhc3N3b3JkDF9jb250YWN0TmFtZRFfbWVtYmVyc2hpcE51bWJlcg5fdXNlQ2FyZE9uRmlsZQtfaXNDQ0NoYW5nZRBfcGF5bWVudFR5cGVHdWlkC19jYXJkVHlwZUlEDV9jYXJkVHlwZURlc2MRX21hc2tlZENhcmROdW1iZXIPX2Z1bGxDYXJkTnVtYmVyDV9zZWN1cml0eUNvZGUJX2V4cE1vbnRoCF9leHBZZWFyD19jYXJkRXhwaXJhdGlvbg9fY2FyZEhvbGRlck5hbWUQX3JlelJvb21TZXJ2aWNlcxxfcmV6Um9vbVNlcnZpY2VzRGVzY3JpcHRpb25zDF9yZXpDb21tZW50cwZfb3B0SW4OX3VwZGF0ZVByb2ZpbGUKX3RheEFtb3VudApfZmVlQW1vdW50Dl9zdGF5VGF4QW1vdW50Dl9tYXJrZXRTZWdtZW50C19hcnJpdmVUaW1lEV9hcnJpdmVUeXBlTnVtYmVyDl9hcnJpdmVBaXJsaW5lGF9hcnJpdmVMb2NhbFRlcm1pbmFsQ29kZRZfYXJyaXZlSG90ZWxUcmFuc3BDb2RlC19kZXBhcnRUaW1lEV9kZXBhcnRUeXBlTnVtYmVyDl9kZXBhcnRBaXJsaW5lAAAAAAEEAAAAAAEAAQABBAQDAQEAAQMDAwMBAQEBAAEBAAAAAAAAAAAAAAQBAQEAAQABAQYGAQEBAQEBAQEDAQABAwEBAwAAAwMAAQEBAwEBAQEBAQEBAQEBAQEBAQEAAQABAQEBAQAAAwABAQEBAQEBAQEBAQAAAQEBBAEBAQEBAQEBAQEBAS1TeW54aXMuQXBwbGljYXRpb24uQkUuQkVCdXNpbmVzcy5MQkUuQXR0ckRhdGECAAAACAgICAgBNlN5bnhpcy5BcHBsaWNhdGlvbi5CRS5CRUJ1c2luZXNzLkVudW1lcmF0aW9ucy5SZXpMZXZlbAIAAAA2U3lueGlzLkFwcGxpY2F0aW9uLkJFLkJFQnVzaW5lc3MuRW51bWVyYXRpb25zLlJlekxldmVsAgAAABxTeXN0ZW0uQ29sbGVjdGlvbnMuSGFzaHRhYmxlCAtTeXN0ZW0uR3VpZAtTeXN0ZW0uR3VpZAtTeXN0ZW0uR3VpZAtTeXN0ZW0uR3VpZAgNDQ0ICAgICAgIMlN5bnhpcy5BcHBsaWNhdGlvbi5CRS5CRUJ1c2luZXNzLkxCRS5QYWNrYWdlRGF0YVtdAgAAAAEBC1N5c3RlbS5HdWlkAQtTeXN0ZW0uR3VpZAtTeXN0ZW0uR3VpZAEBC1N5c3RlbS5HdWlkC1N5c3RlbS5HdWlkCAtTeXN0ZW0uR3VpZAgIAQELU3lzdGVtLkd1aWQIAQE2U3lueGlzLkVudGVycHJpc2UuQnVzaW5lc3MuUmF0ZXMuTWFya2V0U2VnbWVudENvZGVUeXBlAwAAAAIAAAABAQAACgX8////LVN5bnhpcy5BcHBsaWNhdGlvbi5CRS5CRUJ1c2luZXNzLkxCRS5BdHRyRGF0YR4AAAAXX0Rpc3BsYXlQcmljZVJvdW5kaW5nSUQUX0Rpc3BsYXlBdmVyYWdlUHJpY2UXX0lzRGlzcGxheUNvZGVzRXhwYW5kZWQVX0lzSWF0YVRleHRCb3hWaXNpYmxlFl9Jc0dyb3VwVGV4dEJveFZpc2libGUWX0lzUHJvbW9UZXh0Qm94VmlzaWJsZRJfTW9udGhzT2ZJbnZlbnRvcnkOX0lzUG9saWN5UG9wdXAaX0lzTXVsdGlSb29tQm9va2luZ0FsbG93ZWQRX0lzQXZhaWxDYWxIaWRkZW4PX1V0Y0RlbHRhT2Zmc2V0Fl9NYXhpbXVtTnVtYmVyT2ZOaWdodHMWX01heGltdW1OdW1iZXJPZkFkdWx0cxhfTWF4aW11bU51bWJlck9mQ2hpbGRyZW4VX01heGltdW1OdW1iZXJPZlJvb21zFl9EaXNhYmxlQ2hpbGRTZWxlY3Rpb24UX0F2YWlsUmVzdWx0U29ydFR5cGUWX0Rlc3RSZXN1bHREaXNwbGF5VHlwZRBfRGlzcGxheUFsdEF2YWlsFF9EaXNwbGF5VG90YWxXaXRoVGF4E19BbHdheXNTaG93QWxsUmF0ZXMWX1Nob3dQYWNrYWdlU2VsZWN0U3RlcBFfQ0NPcHRpb25hbExhbmdJRBdfSXNTZWN1cml0eUNvZGVSZXF1aXJlZA9fUHJlc2VsZWN0T3B0SW4XX1ByZXNlbGVjdFVwZGF0ZVByb2ZpbGUVX0Rpc3BsYXlUcmFuc3BvcnRJbmZvFF9Jc1BvbGljeUFja1JlcXVpcmVkFl9EaXNwbGF5TnVtYmVyT2ZOaWdodHMVX0lzVGF4RGlzcGxheUV4cGFuZGVkAAAAAAAAAAAAAAAAAAAAAAQEAAAAAAAAAAAAAAAACAEBAQEBCAEBAQYICAgIATZTeW54aXMuRW50ZXJwcmlzZS5CdXNpbmVzcy5Qcm9kdWN0cy5Qcm9kdWN0U29ydGluZ1R5cGUDAAAARFN5bnhpcy5FbnRlcnByaXNlLkJ1c2luZXNzLkhvdGVsR3JvdXBzLkRlc3RpbmF0aW9uUmVzdWx0c0Rpc3BsYXlUeXBlAwAAAAEBAQEIAQEBAQEBAQIAAAD/////AAAAAAEAAAAAAQAAAAAAAAAAAABZAAAABgAAABIAAAAFAAAAAAX7////NlN5bnhpcy5FbnRlcnByaXNlLkJ1c2luZXNzLlByb2R1Y3RzLlByb2R1Y3RTb3J0aW5nVHlwZQEAAAAHdmFsdWVfXwAIAwAAAAAAAAAF+v///0RTeW54aXMuRW50ZXJwcmlzZS5CdXNpbmVzcy5Ib3RlbEdyb3Vwcy5EZXN0aW5hdGlvblJlc3VsdHNEaXNwbGF5VHlwZQEAAAAHdmFsdWVfXwAIAwAAAAEAAAAAAQEBAAAAAAEAAAABAQEzSAAAyxwAAAAAAAAAAAAACjNIAAAGBwAAACFEb2xwaGluIEhvdXNlIFNlcnZpY2VkIEFwYXJ0bWVudHMBCgX4////NlN5bnhpcy5BcHBsaWNhdGlvbi5CRS5CRUJ1c2luZXNzLkVudW1lcmF0aW9ucy5SZXpMZXZlbAEAAAAHdmFsdWVfXwAIAgAAAAEAAAAB9/////j///8BAAAACQoAAAAGCwAAADMvTEJFL1JlelByb2Nlc3MvQnJlYWRDcnVtYnMvRGVmYXVsdEJyZWFkQ3J1bWJzLmFzY3gGDAAAAD5cXDEwLjIwLjgyLjExXHN5bnhpc19XZWJpbWFnZXNcaG90ZWxcMTg0ODNcbGF5b3V0XEJFQ29uZmlnLnhtbAEAAAAGDQAAAAVlbi1HQgTy////C1N5c3RlbS5HdWlkCwAAAAJfYQJfYgJfYwJfZAJfZQJfZgJfZwJfaAJfaQJfagJfawAAAAAAAAAAAAAACAcHAgICAgICAgIWnplS9yzMS5CitRuzODwhAfH////y////6dmcbrvKa0+WUu1LNWXTOgHw////8v///wAAAAAAAAAAAAAAAAAAAAAB7/////L///8AAAAAAAAAAAAAAAAAAAAACQcAAAAGEwAAAAZMSFJET0wGFAAAAA5Eb2xwaGluIEhvdXNlIAoAAAAABhUAAAAACRUAAAAAwLeRkZHKCAAA3wrJpsqIAMBINZKnyogBAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABAAAACgoKCgAKAAoKCgoKCgoKCgoKCgHq////8v///wAAAAAAAAAAAAAAAAAAAAAKAAoB6f////L///8AAAAAAAAAAAAAAAAAAAAACgoB6P////L///8AAAAAAAAAAAAAAAAAAAAAAAAB5/////L///8AAAAAAAAAAAAAAAAAAAAAAeb////y////AAAAAAAAAAAAAAAAAAAAAAsAAAAGGwAAAANHQlAJGwAAAAYcAAAAA0dCUAHj////8v///wAAAAAAAAAAAAAAAAAAAAAKCgoKCgoKCgoKCgoKCgoKAAAAAAoAAAAACgoKCgoAAAHi////8v///wAAAAAAAAAAAAAAAAAAAAAAAAAACgoKCRUAAAAKCgoKCgoKAAEKCgoF4P///zZTeW54aXMuRW50ZXJwcmlzZS5CdXNpbmVzcy5SYXRlcy5NYXJrZXRTZWdtZW50Q29kZVR5cGUBAAAAB3ZhbHVlX18ACAMAAAACAAAACgoKCgoKCgoECgAAABxTeXN0ZW0uQ29sbGVjdGlvbnMuSGFzaHRhYmxlBwAAAApMb2FkRmFjdG9yB1ZlcnNpb24IQ29tcGFyZXIQSGFzaENvZGVQcm92aWRlcghIYXNoU2l6ZQRLZXlzBlZhbHVlcwAAAwMABQULCBxTeXN0ZW0uQ29sbGVjdGlvbnMuSUNvbXBhcmVyJFN5c3RlbS5Db2xsZWN0aW9ucy5JSGFzaENvZGVQcm92aWRlcgjsUTg/FQAAAAoKLwAAAAkhAAAACSIAAAAQIQAAABMAAAAJIwAAAAkkAAAACSUAAAAJJgAAAAknAAAACSgAAAAJKQAAAAkqAAAACSsAAAAJLAAAAAktAAAABi4AAAAHY2hhaW5JRAkvAAAACTAAAAAJMQAAAAkyAAAABjMAAAAHaG90ZWxJRAk0AAAACTUAAAAQIgAAABMAAAAJNgAAAAk3AAAACTgAAAAJOQAAAAk6AAAACTsAAAAJPAAAAAk9AAAACT4AAAAJPwAAAAlAAAAACAjLHAAACUEAAAAJQgAAAAlDAAAACUQAAAAICDNIAAAJRQAAAAlGAAAABSMAAAA8U3lueGlzLkFwcGxpY2F0aW9uLkJFLkJFQnVzaW5lc3MuRW51bWVyYXRpb25zLlJlelByb2Nlc3NTdGVwAQAAAAd2YWx1ZV9fAAgCAAAAjhoGAAEkAAAAIwAAAI0aBgABJQAAACMAAACMGgYAASYAAAAjAAAAixoGAAEnAAAAIwAAAIoaBgABKAAAACMAAACJGgYAASkAAAAjAAAAiBoGAAEqAAAAIwAAAIcaBgABKwAAACMAAACGGgYAASwAAAAjAAAAhRoGAAEtAAAAIwAAAIQaBgABLwAAACMAAACCGgYAATAAAAAjAAAAgRoGAAExAAAAIwAAAOQaBgABMgAAACMAAACDGgYAATQAAAAjAAAAlBoGAAE1AAAAIwAAAAAAAAAENgAAABxTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0AwAAAAZfaXRlbXMFX3NpemUIX3ZlcnNpb24FAAAICAlHAAAAAQAAAAEAAAABNwAAADYAAAAJSAAAAAEAAAABAAAAATgAAAA2AAAACUkAAAABAAAAAQAAAAE5AAAANgAAAAlKAAAAAQAAAAEAAAABOgAAADYAAAAJSwAAAAEAAAABAAAAATsAAAA2AAAACUwAAAABAAAAAQAAAAE8AAAANgAAAAlNAAAAAQAAAAEAAAABPQAAADYAAAAJTgAAAAEAAAABAAAAAT4AAAA2AAAACU8AAAABAAAAAQAAAAE/AAAANgAAAAlQAAAAAQAAAAEAAAABQAAAADYAAAAJUQAAAAEAAAABAAAAAUEAAAA2AAAACVIAAAABAAAAAQAAAAFCAAAANgAAAAlTAAAAAQAAAAEAAAABQwAAADYAAAAJVAAAAAEAAAABAAAAAUQAAAA2AAAACVUAAAABAAAAAQAAAAFFAAAANgAAAAlWAAAAAQAAAAEAAAABRgAAADYAAAAJVwAAAAEAAAABAAAAEEcAAAAEAAAACVgAAAANAxBIAAAABAAAAAlZAAAADQMQSQAAAAQAAAAJWgAAAA0DEEoAAAAEAAAACVsAAAANAxBLAAAABAAAAAlcAAAADQMQTAAAAAQAAAAJXQAAAA0DEE0AAAAEAAAACV4AAAANAxBOAAAABAAAAAlfAAAADQMQTwAAAAQAAAAJYAAAAA0DEFAAAAAEAAAACWEAAAANAxBRAAAABAAAAAliAAAADQMQUgAAAAQAAAAJYwAAAA0DEFMAAAAEAAAACWQAAAANAxBUAAAABAAAAAllAAAADQMQVQAAAAQAAAAJZgAAAA0DEFYAAAAEAAAACWcAAAANAxBXAAAABAAAAAloAAAADQMFWAAAADBTeW54aXMuQXBwbGljYXRpb24uQkUuQkVCdXNpbmVzcy5MQkUuTEJFU3RlcERhdGEFAAAACV9zdGVwRmlsZQVfc3RlcAlfc3RlcEhUTUwMX3N0ZXBTdWJGaWxlFF9pc0N1c3RvbVN0ZXBTdWJGaWxlAQQBAQA8U3lueGlzLkFwcGxpY2F0aW9uLkJFLkJFQnVzaW5lc3MuRW51bWVyYXRpb25zLlJlelByb2Nlc3NTdGVwAgAAAAECAAAABmkAAAA8fi9SZXpQcm9jZXNzL0NoZWNrQXZhaWxhYmlsaXR5L0RlZmF1bHRDaGVja0F2YWlsYWJpbGl0eS5hc2N4AZb///8jAAAAjhoGAAoKAAFZAAAAWAAAAAZrAAAAMn4vUmV6UHJvY2Vzcy9Db25maXJtYXRpb24vRGVmYXVsdENvbmZpcm1hdGlvbi5hc2N4AZT///8jAAAAjRoGAAoKAAFaAAAAWAAAAAZtAAAALX4vUmV6UHJvY2Vzcy9FcnJvclBhZ2VzL0RlZmF1bHRFcnJvclBhZ2UuYXNjeAGS////IwAAAIwaBgAKCgABWwAAAFgAAAAJaQAAAAGQ////IwAAAIsaBgAKCgABXAAAAFgAAAAGcQAAAEB+L1JlelByb2Nlc3MvQXZhaWxhYmlsaXR5UmVzdWx0cy9EZWZhdWx0QXZhaWxhYmlsaXR5UmVzdWx0cy5hc2N4AY7///8jAAAAihoGAAoKAAFdAAAAWAAAAAlpAAAAAYz///8jAAAAiRoGAAoKAAFeAAAAWAAAAAZ1AAAAMn4vUmV6UHJvY2Vzcy9SZXpTZWFyY2gvRGVmYXVsdFJlelNlYXJjaERldGFpbC5hc2N4AYr///8jAAAAiBoGAAoKAAFfAAAAWAAAAAZ3AAAAKn4vUmV6UHJvY2Vzcy9SZXpTZWFyY2gvRGVmYXVsdFJlekxpc3QuYXNjeAGI////IwAAAIcaBgAKCgABYAAAAFgAAAAGeQAAACx+L1JlelByb2Nlc3MvUmV6U2VhcmNoL0RlZmF1bHRSZXpTZWFyY2guYXNjeAGG////IwAAAIYaBgAKCgABYQAAAFgAAAAJaQAAAAGE////IwAAAIUaBgAKCgABYgAAAFgAAAAGfQAAACZ+L1JlelByb2Nlc3MvUmV2aWV3L0RlZmF1bHRSZXZpZXcuYXNjeAGC////IwAAAIQaBgAKCgABYwAAAFgAAAAJcQAAAAGA////IwAAAIIaBgAKCgABZAAAAFgAAAAJaQAAAAF+////IwAAAIEaBgAKCgABZQAAAFgAAAAJaQAAAAF9////IwAAAOQaBgAKCgABZgAAAFgAAAAGhAAAADJ+L1JlelByb2Nlc3MvQ3VzdG9tZXJJbmZvL0RlZmF1bHRDdXN0b21lckluZm8uYXNjeAF7////IwAAAIMaBgAKCgABZwAAAFgAAAAGhgAAADR+L1JlelByb2Nlc3MvUGFja2FnZVNlbGVjdC9EZWZhdWx0UGFja2FnZVNlbGVjdC5hc2N4AXn///8jAAAAlBoGAAoKAAFoAAAAWAAAAAlpAAAAAXf///8jAAAAAAAAAAoKAAtkFgJmD2QWAgIBD2QWBgIDD2QWAgIDDxBkZBYAZAIPD2QWAgIBD2QWAgIBDxBkZBYBZmQCFw9kFgYCAQ8PFgIfAAUEUHJldmRkAgMPEGRkFgFmZAIFDw8WAh8ABQROZXh0ZGQCAg8WAh8ABasDDQogICA8c2NyaXB0IHNyYz1odHRwczovL3NlYWwudmVyaXNpZ24uY29tL2dldHNlYWw/aG9zdF9uYW1lPXJlc2VydmF0aW9ucy5zeW54aXMuY29tJnNpemU9TSZ1c2VfZmxhc2g9WUVTJnVzZV90cmFuc3BhcmVudD1ZRVMmbGFuZz1lbj48L3NjcmlwdD4NCiAgPC9wPg0KIDwvZGl2Pg0KDQo8cCBpZD0iZm9vdGVyIj48YSBocmVmPSJodHRwOi8vd3d3LmRvbHBoaW5zcXVhcmUuY28udWsvaG91c2UvdGVybXMucGhwIiB0aXRsZT0iUmVhZCBvdXIgdGVybXMgYW5kIGNvbmRpdGlvbnMiPlRlcm1zIGFuZCBjb25kaXRpb25zPC9hPiB8IDxhIGhyZWY9Imh0dHA6Ly93d3cuZG9scGhpbnNxdWFyZS5jby51ay9ob3VzZS9zaXRlbWFwLnBocCIgdGl0bGU9IlZpZXcgdGhlIHNpdGVtYXAiPlNpdGVtYXA8L2E+PC9wPgo8L2Rpdj4NCjwvdGQ+PC90cj48L3RhYmxlPmRk3olXT9sK3/WmfcohYIY5fZQuFMQ=");  





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

I didn't get any brave response on this, but given the other thread on
'encription' I was wondering could anyone decrypt the __VIEWSTATE string
at the end of this message.  It is part of the input page whose results
page I am trying to retrieve back onto my server for further php work.  
I replicated the source from that input page onto a page on my server,
and when I click the submit button it correctly goes to the target
results page, on the other site though, however it did not work without
the whole of the string below.  The experiment proved though that
without the __VIEWSTATE the results page will not return.  So I am just
wondering, as I have not been able to repeat this using curl, what the
**** is included in that string. There's a challenge for anyone with
whatever resources it takes.

John


ioannes wrote:


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

ioannes wrote:
echo base64_decode($view_state_string);

viewstate in asp.net is like sessions in php (I believe, I could be
completely wrong :P).

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Chris wrote:
or maybe

print_r(base64_decode($view_state_string));

I don't know if it will return a string or an array or something else.

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

On Tue, Jul 1, 2008 at 5:23 PM, ioannes <ioannes@...> wrote:
That is ASP.NET's way of preserving the view state of a web form from
one request to another. I'm not positive, but I think it's just a
base64 encoded string. It isn't the equivalent of sessions in PHP, as
ASP.NET has its own session handler. I think it would be more
equivalent to storing a Zend_Form object in PHP sessions so that it
can handle events from page to page.

Andrew

Thanks Chris and Andrew,

An interesting article here on VIEWSTATE in asp:
http://www.dotnetjohn.com/articles.aspx?articleid=71 refers to MAC
encoding using SHA1 or MD5, alternatively Triple DES symmetric
algorithm.  However, in either event, VIEWSTATE seems to be just what is
sent by the server which the server expects to receive back unmodified.  
I tried the same input form as on the target server on a test page on my
site with the action on the form to the target server and that works OK
to get the results page on the target server.  I have also tested on my
server that the CURL POST variables are giving sensible inputs like the
ones that the page would produce on GET.  In the process, I also learned
that colons in the POST variable names don't need to be changed for HTML
encoding, spaces in the variable values do need to be, anyway the POST
variables seem to work OK as I said.  Whatever is or is not being sent
by the script as opposed to the input form on a test page of my site is
the difference that I am looking for.  I will try another site see can I
learn anything in the process.

Oh, and decoding the string as suggested
(print_r(base64_decode($view_state_string));) gives one value in the
array and a mixture of English and other characters plus most of the
page: eg 
d
....2Ö8
ÿÿÿÿ
Version=0.0.0.0, and other
characters that do not copy to this email etc.  As above, I don't see
that this is interfering with CURLing the results page if it is simply
sent back in the post.

John

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

> -----Original Message-----
> From: Chris [mailto:dmagick@...]
> Sent: Tuesday, July 01, 2008 9:42 PM
> To: ioannes@...
> Cc: php-general@...
> Subject: Re: [PHP] CURL de-bugging: So why am I not getting the
results
Ehrm... you're not *completely* wrong. ;) I do most of my programming at
work in ASP.NET/VB.NET, and I've come to understand that the VIEWSTATE
in an ASP.NET page is more or less for retaining form values and
client-side settings. IIS/ASP.NET still uses sessions--and in much the
same way as PHP.


Todd Boyd
Web Programmer




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

My code is as below.  It comes back with 'Bad session variable name -
CompanySerialNo' from the site.but the COOKIEJAR does not show this
variable name and it is not sent, it just shows:

www.targetsite.com    FALSE    /    FALSE    0    
ASPSESSIONIDQCSQDTAB    LKAONANAFJPNMFFECLFNCLBP

There is a serialno but that is sent in the (URL below).  Question is:
What to test now?  I am trying to get a results page from an input page.

What code below is trying to do is access the page, get any cookies set
then try the page again with the relevant inputs.

<?
   
$url="https://www.targetsite.com/subdir/page.asp?serialno=GM201&OtherCode=&NextCode=";

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

    curl_setopt ($ch, CURLOPT_COOKIEJAR, "cookies.txt");
    curl_setopt ($ch, CURLOPT_COOKIEFILE, "cookies.txt");

    curl_setopt($ch, CURLOPT_HEADER, 0);
   
    curl_setopt($ch, CURLOPT_AUTOREFERER, true);

    curl_setopt($ch, CURLOPT_URL, $url);
   
/*
//GET list from submitting POST form as GET
https://www.shortstay-london.com/checkavail.asp?
1 - clock=+09%3A54
2 - &StartDay=6
3 - &StartMonth=September+%3A+2008
4 - &EndDay=13
5 - &EndMonth=September+%3A+2008
....13 - &CheckThis=Check+This

use this list to create POST data
*/

    curl_setopt($ch, CURLOPT_POST, 1);
   
    $curlPost=array();

    $curlPost["clock"]=" 09:54";
    $curlPost["StartDay"]="6";
    $curlPost["StartMonth"]="September : 2008";
    $curlPost["EndDay"]="13";
    $curlPost["EndMonth"]="September : 2008";
    //etc
    $curlPost["CheckThis"]="Check This";

    curl_setopt($ch, CURLOPT_POSTFIELDS,$curlPost);
 
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION  ,1);
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

    $store = curl_exec ($ch);
   
    curl_close ($ch);
   
    print($store);
   
?>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

My current theory on this is that the initial input page creates a
per-session cookie.  Is CURL able to send this when the page is
submitted and if so how do I find out the name and value of the cookie
as per my reading it is not stored on the computer, though I reckon it
must be there somewhere.

The initial page is in this format:
https://www.targetsite.com/subdir/page.asp?serialno=GM201&OtherCode=&NextCode=

So I have various GET parameters.

The initial input page also has POST parameters which I can see the in
page source, and so send via CURL.

I cannot find any javascript doing a set_cookie, including in any
included files of which there are none anyway.  But there is some
session going on as the serialno parameter is not in a hidden field or
explicitly set cookie, so it must be a per-session cookie maybe with a
different name, I reason.  How do I find out about these?

John

ioannes wrote:
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

The way this page works is you access index.asp?SerialNo=abc123 from a
link, that is re-directed to a frameset containing the main page,
main.asp, just that.   main.asp does not have any <input> fields showing
the SerialNo, there is a comment with it but that is all.  Fom this
page, you input some dates and submit, and the form action is on a page
like /checkthis.asp.  What I can't see is how /checkthis.asp knows the
SerialNo, which it needs.  Is there some other way that asp pages
transfer information between pages?  I looked at the cache for IE after
each page load and it does not have SerialNo as cookies or any cookies
from this site other than google conversion tracking.

On main.asp the button that submits the form does not refer to the
SerialNo either.  Nevertheless the results page creates the relevant
data from the database.  But it does produce error messages like, The
Object has been  Moved here, with my site plus
?lngSessionId=234984987&SerialNo=abd123&WinMode=&AgentCode=&CustCode=.  
If I add these parameters to the target URL in the CURL script it looks
for displaymode (the message with my url in the display line at end of
browser window: www.mysite.com/displaymode=).

John

ioannes wrote:
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

I would like someone to help me on this outside the group discussion.  
Is there anyone out there that would look at a curl problem with me?

Thanks,

John

ioannes wrote: