This ASP website is the electricity fee inquiry system of my school, which needs the Intranet of the school to inquire, so this article describes the ideas and some pits I have encountered. I make this website basically is to go to the lavatory check electricity charge just, actually also go to the lavatory not much. And this ASP site is not very easy to climb, because there are two variable parameters, according to the page to change. Okay, let’s take a look at the page

The site requires you to log in to your dorm room first, and has a really bad captcha, but when I implemented the captCHA and wrote it, I found that the captcha could be filled in at will, which felt a bit rubbish.

This landing page has a lot of bugs

1.

The one on the right above is the two dynamic parameters. Is based on the previous page, each page will have these two parameters, so we need to match the two values every time we visit the dynamic change, if not with the change, will not get the data, but also the following error.

'236 | error 500 | | postback or callback parameter is invalid. Event validation is enabled using < Pages enableEventValidation="true"/> in the configuration or <% @page enableEventValidation="true" %> in the Page. For security purposes, this feature verifies that the parameters for the postback or callback events are from the server control that originally rendered them. If the data is valid and is expected to use ClientScriptManager, RegisterForEventValidation method to register the postback or callback data to validate. | '

This indicates that you have not changed the two parameters mentioned above

Note: the first time you visit this website, there will be no data such as dormitory floor number, you need to match the above two variable parameters and then post the data.

2.

The form data will change after you select your dormitory floor number

It can be seen that the order of the parameters in the form is different from the one above, so after selecting the dormitory floor, we need to change the order order and then post the parameters out, otherwise there will be the pit above, that is, the callback parameter is invalid

The parameters of the first arrow also need to change, but the second parameter is the txtname2, each floor of the default dormitory, is the fixed is okay, will not make a mistake, the time still need according to their own access time for change, or will appear mistake, still the same error, namely the following error, It can be imagined that the ASP website has very picky requirements for these parameters.

500 | | 236 error | postback or callback parameter is invalid. Event validation is enabled using < Pages enableEventValidation="true"/> in the configuration or <% @page enableEventValidation="true" %> in the Page. For security purposes, this feature verifies that the parameters for the postback or callback events are from the server control that originally rendered them. If the data is valid and is expected to use ClientScriptManager, RegisterForEventValidation method to register the postback or callback data to validate. |

3.

The electricity query button, not ajax, there will be a new request, and it is different to the same url request, the request for the first time the get request, for the two dynamic parameters of the asp web page, the second is the dynamic parameter line post sent out, so you will have the data, if this is your first post, will be without the data, The page will still report an error, the same error. Here is the form data

self.data = {

           '__EVENTTARGET''RegionPanel2$Region1$Toolbar1$ContentPanel1$btnSelect'.

           '__EVENTARGUMENT'' '.

           '__VIEWSTATE'self.data['__VIEWSTATE'].

           '__EVENTVALIDATION'self.data['__EVENTVALIDATION'].

           'hidJZ''jz'+name,

           'RegionPanel2$Region1$Toolbar1$ContentPanel1$TextBox1': (datetime.now()-timedelta(days=30)).strftime('%Y-%m-%d'),

           'RegionPanel2$Region1$Toolbar1$ContentPanel1$TextBox2': datetime.now().strftime('%Y-%m-%d'),

           'RegionPanel2$Region1$Toolbar1$ContentPanel1$txtDBBH'' '.

           'RegionPanel2$Region1$Toolbar1$ContentPanel1$ddlCZFS''- all -.

           'RegionPanel2$Region1$toolbarButtom$pagesize''1'.

           '__box_page_state_changed''false'.

           '__2_collapsed''false'.

           '__6_selectedRows'' '.

           '__box_disabled_control_before_postbac''__10'.

           '__box_ajax_mark''true'

       }Copy the code


That said, let’s talk about the role of part of the code

def __get_value(self, html):  Get the form's two arguments __VIEWSTATE and __EVENTVALIDATION

       try:

           soup = BeautifulSoup(html, 'lxml')

           value = soup.select('input[type="hidden"]')

           values = [v for v in value if '/w' in str(v)]

           state = values[0] ['value']

           action = values[1] ['value']

           self.data['__VIEWSTATE'] = state

           self.data['__EVENTVALIDATION'] = action

       except IndexError as e:  Another rule is required to prove that this is not the home page

           match = re.search('__VIEWSTATE\|(.*?) \ |. *? __EVENTVALIDATION\|(.*?) \ | ', html)

           self.data['__VIEWSTATE'] = match.group(1)

           self.data['__EVENTVALIDATION'] = match.group(2)

       except Exception as e:

           print('get_value', e)Copy the code

This is how you get two dynamic parameters, each time based on an HTML element

def __get_name(self, jz, html=None):  Enter your dormitory number

       if html:

           The form order needs to be changed

           self.data = {

               'ScriptManager1''UpdatePanel1|txtjz2'.

               'hidtime': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),

               'Radio1''1'.

               'txtjz2': jz,

               'txtname2''001001001001001'.# This initialization value can be arbitrary, but cannot be null

               'txtpwd2'' '.

               'txtyzm2'' '.

               '__EVENTTARGET''txtjz2'.

               '__EVENTARGUMENT'' '.

               '__LASTFOCUS'' '.

               '__VIEWSTATE'' '.

               '__EVENTVALIDATION'' '.

               '__ASYNCPOST''true'

           }

           self.__get_value(html)  Replace the argument

           html = self.__get_html()

           if html:

               soup = BeautifulSoup(html, 'lxml')

               dormitory_num = soup.select('select[name="txtname2"] option')

               dormitory_num = [(p.text, p['value']) for p in dormitory_num]

               for index, p in enumerate(dormitory_num):

                   print(index, 'Dormitory No. :', p[0])

               self.__get_value(html)

       while True:

           num = input('Please enter your dormitory, just enter the number on the left.')

           num = re.match('\d+', num)

           if num and int(num.group()) < len(dormitory_num):

               num = int(num.group())

               break

           print('Please enter the correct dormitory number')

       return dormitory_num[num][1]Copy the code

This is to get the dormitory number, and the order of the form needs to be changed

def __get_chapter(self):

Get the verification code

       url = 'http://172.18.2.42:8000/ValidateCode.aspx'

       response = requests.get(url, headers=self.headers)

       with open('code.jpg'.'wb'as f:

           f.write(response.content)

       image = Image.open('code.jpg')

       image.show()

       code = input('Please enter the verification code')

       return codeCopy the code

This is the method to obtain the verification code, obtain the verification code is very simple, is to find the request URL to request it. As for recognition, I input it manually here, you can also choose to access the coding platform or use the deep learning model to identify.

I won’t say much else.

Need to source can be find on my lot: https://github.com/SergioJune/gongzhonghao_code/blob/master/python_play/query.py

Write in the last

If this article is useful to you, I hope you give it a thumbs up! Like and forward is the biggest support for me, so as to have the motivation to output high-quality original articles.

“Liking is an attitude!”

Recommended articles:

I crawled 37,000 fan comments to get The most out of The game. Python advanced book and PDF


Daily learning python

Code is not just buggy, it’s beautiful and fun