.asp postback address in browser - html

EDITED: Java httpPost into .asp form
I am trying to understand .asp a little
I have this code for the webpage with the login form and a postback action.
Lets assume that the webpage is www.xxx.com/index.asp
<form method="post" id="form1" name="form1" action="">
<div id="login" class="box">
<div class="header">Log in</div>
<div class="content">
<label for="txtUser">User:</label>
<input id="txtUser" name="txtUser" type="text" size="13" value="" />
<label for="txtPassword">Password:</label>
<input id="txtPassword" name="txtPassword" type="password" size="13" value="" />
<input id="BLogin" name="BLogin" type="submit" value="Log in" />
</div>
<div class="footer">
<input type="checkbox" id="chkSave" name="chkSave" /> <label for="chkSave">Save account</label>
</div>
</div>
</form>
So as i understand, if I want to fill the fields in the browser window, i must call:
www.xxx.com/index.asp?txtUser=boris&txtPassword=boris&BLogin=Log in
But nothing simmilar is ever executed in the browser. What is wrong with me thinking in that way? :)
EDIT: Seems that not all the input fields must be filled in before doing POST. Probably this depends on the server, when logging in, if service requires for example 'rememmber me' field every time, then it probably must be filled in.

The form method is "POST", which means that the form data is sent in a special data block within the HTTP request, not as part of the URL. If you change the method to "GET" the data will be encoded in the query string.
More information: http://www.cs.tut.fi/~jkorpela/forms/methods.html

Related

How do you send the contents of a fieldset to an email address?

I have a fieldset:
<div class="form-container container">
<form id="contact-form" action="mailto:xyz#email.com" method="post">
<fieldset form="#contact-form">
<legend>Contact Form</legend>
<label class="input-field-name">Name:<br />
<input class="input-field" type="text" name="Name"/>
</label><br />
<label class="input-field-name">Email:<br />
<input class="input-field" type="text" name="Email"/>
</label><br />
<label class="input-field-name">Message Title:<br />
<input class="input-field" type="text" name="Message Title"/>
</label><br />
<label class="input-field-name">Message:<br />
<textarea class="message-field" type="text" name="Message"></textarea>
</label><br />
<button id="submit-button" type="submit">Submit</button>
</fieldset>
</form>
</div>
I want to set it up so that the person who wants to contact me can enter their details and then when the 'Submit' button is clicked I receive an email with the Message Title as the header and the persons Name, Email and Message in the body of the email.
At the moment the mailto:xyz#email.com section will open up an email client successfully but I want it to just send automatically. I have some understanding of js and php but this is the first time I've tried something like this so was looking to be pointed in the right direction. I'm not asking for all the code, just what I need to do then I can work it out for myself.
At the moment the mailto:xyz#email.com section will open up an email client successfully but I want it to just send automatically.
You can't, at least not client-side. The mailto: protocol handler is intended to simply launch the registered e-mail client for the user. Nothing more.
I have some understanding of js and php but this is the first time I've tried something like this so was hoping someone could point me in the right direction
You can send the e-mail server-side with PHP. Don't bother with mail(), which is just a utility function for basic debugging and such. Consider a robust e-mail class like PHPMailer. That way, you can use secured SMTP servers, and also send HTML e-mails with proper multipart MIME encoding.

In-page form does not send data to remotely hosted aspx form

I have an html form with the action linking to a remotely hosted aspx form. The html form mimics all the input names, ids, values, etc. of the aspx form.
After submitting the html login form with correct login data, instead of processing the data and redirecting to the target link, the page links to the raw login form with only the username data entered. Upon filling in the correct information again, the user is able to log in.
By checking the function of the other instances of the same login form on the site and encountering the same problem, I surmised that the issue is inherent in the remote aspx file, not the html form.
The form was working until about a week ago, when it promptly started behaving like this without any changes made to the code.
The live site is at http://blinqphoto.com
Thank you for any responses, this has me stumped.
Please find the html form and corresponding aspx form below.
HTML:
<form style="" name="LoginForm" method="post" action="https://acct.blinqphoto.com/loginframe.aspxredirect=http%3a%2f%2fwww.blinqphoto.com%2fmy-albums%2f" id="LoginForm">
<div>
<input name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJMjU0ODEwOTIzZGR61068oyJyEBB4UM9Gc8Fxx4225NLn2XmKWX95/vl6Zg==" type="hidden">
</div>
<div>
<input name="__EVENTVALIDATION" id="__EVENTVALIDATION"value="/wEWBAL1/8vwCgKTqJrlAQKN8oRJAv6M0J8PQkj11RCPtUGzghOj3yic+Mr17E559GJ73UVSHbxO9VE=" type="hidden">
</div>
<span> Email <input name="UserNameTxt" id="UserNameTxt" placeholder="example#gmail.com" type="text"></span>
<br>
<span>Password<input name="PasswordTxt" id="PasswordTxt" placeholder="password" class="password" type="password"></span>
<br>
<input name="LoginButton" value="Sign in" class="LoginButton" type="submit"><br>
</form>
aspx:
<form style="" name="LoginForm" method="post" action="https://acct.blinqphoto.com/loginframe.aspx?redirect=http%3a%2f%2fwww.blinqphoto.com%2fmy-albums%2f" id="LoginForm">
<div>
<input name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJMjU0ODEwOTIzZGR61068oyJyEBB4UM9Gc8Fxx4225NLn2XmKWX95/vl6Zg==" type="hidden">
</div>
<div>
<input name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWBAL1/8vwCgKTqJrlAQKN8oRJAv6M0J8PQkj11RCPtUGzghOj3yic+Mr17E559GJ73UVSHbxO9VE=" type="hidden">
</div>
<span> Email <input name="UserNameTxt" id="UserNameTxt" placeholder="example#gmail.com" type="text"></span>
<br>
<span>Password<input name="PasswordTxt" id="PasswordTxt" placeholder="password" class="password" type="password"></span>
<br>
<input name="LoginButton" value="Sign in" class="LoginButton" type="submit"><br>
</form>
I believe this is due to the .NET event validation. If you look closely, the value of the __EVENTVALIDATION form field is not always exactly the same. This is used to validate the postback - to check that it is not coming from another URL for example, which is exactly what you are doing.
You need to disable the event validation for the login.aspx page.
Page.EnableEventValidation = false;
Is there a way to disable Event Validation for an entire page?
Note that disable event validation can possibly make your page more vulnerable.

Understanding HTML form code

i am bit confused about the code..This is login.php file..and action of the form is also in the same file.Can this happen? if,then same login form should open if user submit the form...i am making my website,where i want to use login/register form.
<form action="login.php" method="post" class="f-wrap-1">
<div class="req">
Not Registered?<br />
Forgot your Password?
</div>
<fieldset>
<h3>Member Login</h3>
<label for="firstname"><b>Username:</b>
<input id="username" name="username" type="text" class="f-name" autocomplete="on" tabindex="1" /><br />
</label>
<label for="password"><b>Password:</b>
<input id="password" name="password" type="password" class="f-name" autocomplete="off" tabindex="2" /><br />
</label>
<label for="code"><b>Security Code:</b>
<input id="code" name="code" type="text" class="f-name" autocomplete="off" tabindex="3" /><br />
</label>
<label for="code2"><b> </b>
<img src="image.php?" /><br />
</label>
<div class="f-submit-wrap">
<input type="submit" value="Submit" class="f-submit" tabindex="4" /><br />
</div>
</fieldset>
</form>
This is login.php file..and action of the form is also in the same file.Can this happen?
Yes
if,then same login form should open if user submit the form
Not necessarily. In a system like this, the form data will be processed by server side code. The logic will probably be something like:
If it is a GET request, send the browser the form.
Otherwise, if it is a POST request, then check the form data:
If it is valid login data, then: set a cookie to track the user and
tell the browser to get some other URL.
Otherwise, the login data is wrong: populate the form with an error message
and possibly default the values of the fields to the wrong data the user
entered, then send the form to the browser.
Populating the form with the invalid data doesn't make much sense in a login form like this one, but it more useful in (for example) a registration form.
Who wants to retype all their personal data again just because the username they wanted is not available or they missed a field?
It's possible to send form to same file but it's not in good style. You would have to check if post data is available and display proper view based on that.
Better way to do it is just change the action of the form to point to another file and in that file handle login logic.
<form action="file.php" method="post" class="f-wrap-1">

Username and password appearing in the URL

In my rails app, I have a login page like this:
<body>
<form action="/my_app/homepage" method="get" class="navbar-form pull-left">
<input name="username" type="text" class="span2">
<input name="password" type="password" class="span2">
<button type="submit" class="btn">Submit</button>
</form>
</body>
When I click on the Submit button it takes me to the /my_app/homepage but at the same time it also displays the username and password in the addressbar.
Am I doing it the wrong way? How can I avoid displaying the username & password?
That is because the Http Request method of FORM is GET. Which would always show the form data in the URL. To hide the data of the form, you need to use POST request.
Change the code to the following:
<form action="/my_app/homepage" method="post" class="navbar-form pull-left">
<input name="username" type="text" class="span2">
<input name="password" type="password" class="span2">
<button type="submit" class="btn">Submit</button>
</form>
Check the method="post" and you'll get the URL only without any sort of Query String.
The GET method will append the form variables to the URL, using the POST method. From W3Schools:
"POST is a little safer than GET because the parameters are not stored in browser history or in web server logs." Also "Data is not displayed in the URL".
http://www.w3schools.com/tags/ref_httpmethods.asp

Form field data history not retained

I have a form on a page that is shown via https:// as follows:
<form id="memberslogin_form" name="memberslogin_form">
<fieldset>
<legend>Login</legend>
<div>
<label for="membershipId">Membership number</label>
<input type="text" class="field" name="membershipId" id="membershipId""/>
</div>
<div>
<label for="memberPassword">Password</label>
<input size="18" type="password" class="field" maxlength="50" name="memberPassword" id="memberPassword" />
</div>
<div id="button_login">
<input type="button" value="Login" class="button" id="signin" name="signin"/>
</div>
</fieldset>
</form>
The form is uniquely named, as are the inputs.
However, successful logins do not cause the "membershipId" entries to be listed in the input recent entries \ history. This occurs in both FF3.6 and IE6+.
I believe the ability to store field history is browser-based via it's settings, but I cannot retain the input history over https:// forms?
Is this a typo in here only, or in actual page:
<input type="text" class="field" name="membershipId" id="membershipId""/>
See the extra ".
I don't know much about the mechanism of saving form value in FF, but all this time, my form input is saved even if it in https site.
Maybe you can try lastpass that can save a form input for later usage as well as the password securely.