post multipart/form-data on PHPBB3 forum

[le_magn]

Hi all, i have a little problem, i want to add in my software possibility to do a forum post on PHPBB3 board, using code snipped searching in pb forum, i'm able to do login ok, open page for post new topic ok, but last step, sending form data not working, seem to not recognize the post data, sorri for my english, this are the code, please help me to do last step:

forum: labrepair.altervista.org
user: utente
password: pippone

File(upload.txt) contain Post data:

Code: Select all

-----------------------------%Boundary%
Content-Disposition: form-data; name="icon"

0
-----------------------------%Boundary%
Content-Disposition: form-data; name="subject"

%Soggetto%
-----------------------------%Boundary%
Content-Disposition: form-data; name="addbbcode20"

100
-----------------------------%Boundary%
Content-Disposition: form-data; name="message"

%Messaggio%
-----------------------------%Boundary%
Content-Disposition: form-data; name="lastclick"

%CreationTime%
-----------------------------%Boundary%
Content-Disposition: form-data; name="post"

Invia
-----------------------------%Boundary%
Content-Disposition: form-data; name="attach_sig"

on
-----------------------------%Boundary%
Content-Disposition: form-data; name="creation_time"

%CreationTime%
-----------------------------%Boundary%
Content-Disposition: form-data; name="form_token"

%Token%
-----------------------------%Boundary%
Content-Disposition: form-data; name="fileupload"; filename=""
Content-Type: application/octet-stream


-----------------------------%Boundary%
Content-Disposition: form-data; name="filecomment"


-----------------------------%Boundary%--

Code: Select all

#INTERNET_OPEN_TYPE_DIRECT = 1
#HTTP_ADDREQ_FLAG_ADD = $20000000
#HTTP_ADDREQ_FLAG_REPLACE = $80000000
#INTERNET_FLAG_SECURE = 0
#INTERNET_SERVICE_HTTP = 3
#INTERNET_DEFAULT_HTTP_PORT = 80
#HTTP_QUERY_COOKIE = 44

Global UserName.s,Password.s,SitoBase.s,Token.s,CreationTime.s,Sid.s,Host.s,PostData.s,boundary.s,get_url.s,BaseString.s

UserName="utente"
Password="pippone"

EOL.S=Chr(13)+Chr(10)


ProcedureDLL.s Mio_Between(stringa.s,stringasinistra.s,stringadestra.s); Restituisce la stringa in mezzo alla stringa sinistra e quella destra
  pos1=FindString(stringa,stringasinistra,1)+Len(stringasinistra)
  pos2=FindString(stringa,stringadestra,pos1)
  result$=Mid(stringa,pos1,pos2-pos1)
  ProcedureReturn result$
EndProcedure



Procedure.s login()
  ;username and password hare taken from global variable for now
  ; Do NOT include http:// or any other protocol indicator here
  host.s ="labrepair.altervista.org"
  get_url.s = "/ucp.php?mode=login"
  datilogin.s="username=utente&password=pippone&login=Login&redirect=.%2Findex.php%3F"
  
  result.s = ""
  open_handle = InternetOpen_("User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0",#INTERNET_OPEN_TYPE_DIRECT,"","",0)
  connect_handle = InternetConnect_(open_handle,host,#INTERNET_DEFAULT_HTTP_PORT,"","",#INTERNET_SERVICE_HTTP,0,0)
  request_handle = HttpOpenRequest_(connect_handle,"POST",get_url,"","",0,#INTERNET_FLAG_SECURE,0)
  headers.s = "Content-Type: application/x-www-form-urlencoded" +Chr(13)+Chr(10)
  HttpAddRequestHeaders_(request_handle,headers,Len(headers), #HTTP_ADDREQ_FLAG_REPLACE | #HTTP_ADDREQ_FLAG_ADD)
  post_data.s = datilogin
  post_data_len = Len(post_data)
  send_handle = HttpSendRequest_(request_handle,"",0,post_data,post_data_len)
  buffer.s = Space(1024)
  bytes_read.l
  total_read.l
  total_read = 0
  Repeat
    InternetReadFile_(request_handle,@buffer,1024,@bytes_read)
    result + Left(buffer,bytes_read)
    buffer = Space(1024)
  Until bytes_read=0
  
  If FindString(result,"I tuoi messaggi")
    Debug "login effettuato"
    Sid="&sid="+Mio_Between(result,"sid=",Chr(34))
  Else
    Debug "login fallito"
  EndIf
  
  ProcedureReturn result
  
EndProcedure

Procedure.s Nuovopost()
  host.s ="labrepair.altervista.org"
  get_url.s = "/posting.php?mode=post&f=2"+sid
  result.s = ""
  open_handle = InternetOpen_("User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0",#INTERNET_OPEN_TYPE_DIRECT,"","",0)
  connect_handle = InternetConnect_(open_handle,host,#INTERNET_DEFAULT_HTTP_PORT,"","",#INTERNET_SERVICE_HTTP,0,0)
  request_handle = HttpOpenRequest_(connect_handle,"POST",get_url,"","",0,#INTERNET_FLAG_SECURE,0)
  headers.s = "Content-Type: application/x-www-form-urlencoded" +Chr(13)+Chr(10)
  HttpAddRequestHeaders_(request_handle,headers,Len(headers), #HTTP_ADDREQ_FLAG_REPLACE | #HTTP_ADDREQ_FLAG_ADD)
  
  post_data.s =""
  post_data_len = Len(post_data)
  send_handle = HttpSendRequest_(request_handle,"",0,post_data,post_data_len)
  buffer.s = Space(1024)
  bytes_read.l
  total_read.l
  total_read = 0
  
  Repeat
    InternetReadFile_(request_handle,@buffer,1024,@bytes_read)
    result + Left(buffer,bytes_read)
    buffer = Space(1024)
  Until bytes_read=0
  
  If FindString(result,"nuovo argomento")
    Debug "2 fase effettuata OK"
    CreationTime=Mio_Between(result,"creation_time"+Chr(34)+" value="+Chr(34),Chr(34))
    Token=Mio_Between(result,"token"+Chr(34)+" value="+Chr(34),Chr(34))
    Sid="&sid="+Mio_Between(result,"sid=",Chr(34))
  Else
    Debug "2 fase fallita Failed"
  EndIf
  ProcedureReturn result
  
EndProcedure

Procedure.s Inviapost()
  host.s ="labrepair.altervista.org"
  get_url.s = "/posting.php?mode=post&f=2"
  
  RandomSeed(Date())
  GUID.l = Random(Date())
  result.s = ""
  
  ReadFile(0,"Upload.txt")
  Repeat
    PostData$+ReadString(0,#PB_File_IgnoreEOL)
  Until Eof(0)
  CloseFile(0)
  
  If ReadFile(0,"upload.txt")
    buffersize=Lof(0)
    *filebuffer=AllocateMemory(buffersize)
    If *filebuffer
      If ReadData(0,*filebuffer,buffersize)
      EndIf
    EndIf
    CloseFile(0)
  EndIf
  
  Soggetto.s="testthread"+Str(Random(10000))
  Messaggio.s="test message"
  
  Boundary.s=Str(GUID)+Str(Random(999999,100000))
  PostData$=PeekS(*filebuffer,buffersize)
  PostData$=ReplaceString(PostData$,"%Boundary%",Boundary)
  PostData$=ReplaceString(PostData$,"%Token%",Token)
  PostData$=ReplaceString(PostData$,"%CreationTime%",CreationTime)
  PostData$=ReplaceString(PostData$,"%Soggetto%",Soggetto+Str(Random(99999)))
  PostData$=ReplaceString(PostData$,"%Messaggio%",Messaggio)
  
  ContentType$="Content-Type: multipart/form-data; boundary=---------------------------"+boundary
 
  open_handle = InternetOpen_("User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0",#INTERNET_OPEN_TYPE_DIRECT,"","",0)
  connect_handle = InternetConnect_(open_handle,host,#INTERNET_DEFAULT_HTTP_PORT,"","",#INTERNET_SERVICE_HTTP,0,0)
  request_handle = HttpOpenRequest_(connect_handle,"POST",get_url,"","",0,#INTERNET_FLAG_SECURE,0)
  headers.s = "Content-Type: multipart/form-data; boundary=---------------------------"+boundary+#CRLF$
  ;    Headers.s+"Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"+Chr(13)+Chr(10)
  ;    Headers.s=headers+"Accept-Language it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3"+Chr(13)+Chr(10)
  ;    Headers.s=headers+"Accept-Encoding gzip, deflate"+Chr(13)+Chr(10)
  ;    Headers.s=headers+"Referer     http://labrepair.altervista.org/posting.php?mode=post&f=2"+sid+Chr(13)+Chr(10)
  ;    Headers.s=headers+"Connection keep-alive"+Chr(13)+Chr(10)
  ;    headers.s = headers+ContentType$+Chr(13)+Chr(10)
  ;    Headers.s=headers+"Content-Length "+Len(PostData$)+Chr(13)+Chr(10)+#CRLF$
  
  Debug headers.s
  Debug PostData$
  
  HttpAddRequestHeaders_(request_handle,headers,Len(headers), #HTTP_ADDREQ_FLAG_REPLACE | #HTTP_ADDREQ_FLAG_ADD)
  
  post_data.s =""
  post_data_len = Len(post_data)
  send_handle = HttpSendRequest_(request_handle,"",0,post_data,post_data_len)
  buffer.s = Space(1024)
  bytes_read.l
  total_read.l
  total_read = 0
  
  Repeat
    
    InternetReadFile_(request_handle,@buffer,1024,@bytes_read)
    
    result + Left(buffer,bytes_read)
    
    buffer = Space(1024)
    
  Until bytes_read=0
  
  If FindString(result,"Rispondi al messaggio")
    Debug "3 fase effettuata ok"
  Else
    Debug "3 fase fallita failed"
  EndIf
  OpenFile(0,"c:\test.html")
  WriteString(0,result)
  CloseFile(0)
  RunProgram("c:\test.html")
  ProcedureReturn result
  
EndProcedure

login()
Nuovopost()
Inviapost()

[le_magn]

Please anyone help me to complete last step or post working piece of code for automatic post new thread in phpbb3 forum? My work is completly freezed without this function and i'm not able to resolve this myself
Thank you...

[infratec]

Hi,

it is difficult, since you show no working or not working complete program.

What I see:

Content-Type multipart/form-data;
should look like
Content-Type: multipart/form-data;

To make it easier:
Don't use "------------" as front of your boundary.
Better use "+++++++", than you can easier see if the stuff is correct:

--+++++++XXXXXXX

--+++++++XXXXXXX--

And put the +++++ in your Boundary$ variable, so you avoid typing faults inside your upload.txt file.

Check if your upload.txt file ends with a CRLF or not.
Try to remove the last CRLF


I can not test it because:
Constant #INTERNET_OPEN_TYPE_DIRECT not found

Bernd

[infratec]

A lot of buggy stuff in your procedures.
Or did you declare some variables as Global ???

And even if I fix all stuff by hand, where is HttpPOST() ???

Bernd

[le_magn]

Thank you all, for reply, yes declare a lot of Global variables but only for test the functionality of code and after i find a solution i correct all ugly part of procedure for insert in my software(software for hardware technicians, after repair is done i want my program create new thread in my forum with all details of repair).

This code is not original write by me, i have ugly modified only last step, by testing and re testing with some changes and not work, tested with one #crlf with two, nothing, with fake token and creationtime and with original one taken from 2 step, but nothing work, i think error is in header or in posted string, i not find a solution, i'm not advanced programmers and this issue make me crazy
p.s. sorry for ugly code and for my bad english

p.s.Slight modified first post, added missing part.

[tj1010]

Use the right Content-Type,, URLEncoder() variables and separate with &,, Use my two procedures in tips&tricks to cut your code size down. The API you use doesn't execute Jscript or Flash, I know some forum software generates hash values with Jscript for anti-botting.

Wireshark and TamperData firefox plugin debug stuff like this easy.

[le_magn]

Use the right Content-Type,, URLEncoder() variables and separate with &,, Use my two procedures in tips&tricks to cut your code size down. The API you use doesn't execute Jscript or Flash, I know some forum software generates hash values with Jscript for anti-botting.

Wireshark and TamperData firefox plugin debug stuff like this easy.

Your code in teory is perfect for me, but i have a problem, if i login with your HTTPPost, it login perfect but the second time i call your procedure site have already disconnected the user and i'm not able to continue in step 2 and step 3.

2 hours ago i find new test-thread in my forum(testthread172673925 ), someone from Germany as succesful posted, but who?
I know probably i have the solution under my nose, but i don't know how to! Please who have succesful posted new thread in my forum write here the working code...

[tj1010]

Use the right Content-Type,, URLEncoder() variables and separate with &,, Use my two procedures in tips&tricks to cut your code size down. The API you use doesn't execute Jscript or Flash, I know some forum software generates hash values with Jscript for anti-botting.

Wireshark and TamperData firefox plugin debug stuff like this easy.

Your code in teory is perfect for me, but i have a problem, if i login with your HTTPPost, it login perfect but the second time i call your procedure site have already disconnected the user and i'm not able to continue in step 2 and step 3, 1 our ago i find new test-thread in my forum, someone as succesful posted, you?
I know probably i have the solution under my nose, but i don't know how to! Please who have succesful posted new thread in my forum write here the working code...

You use the cookie header returned in future requests. Look at wireshark sessions with the browser.

If they use some javascript and/or flash and/or cache method to prevent botting your only options are webgadget with COM API or webkit embedded frameworks. You can actually handle simple javascript and cache methods but it takes a lot of code.

I've written quite a few scraper tools using PB. I usually end up using webgadget with COM instead of reverse engineering a lot of flash and javascript. The only problem with COM is memory and disk footprint, and the code is all bloated structures and useless parameters...

[le_magn]

I have found the problem(wireshark helped alot):

First problem is antispam protection on site, it detect time passed from step2(open page for new thread) and step3(compile and send form data) if less 2 second mark it as spam.

Second problem in security option of PHPBB3, here is a option "check browser" validate the browser for each session.

First problem solved putting delay(2500) before step 2 and step 3, second problem not solved, only possibility is to deactivate "check browser" option in security setting of PHPBB3, if deactivated i succesful post new thread with no problem.

Any idea for bypass second check without deactivate security? In my forum i'm Admin and if i want to post with my software no problem, but if i'm only user in other forum and want to use my software for post new thread is a problem.

Edit
P.S. Solved second problem, problem is different headers in each procedure, remain only content-type header in all procedure and worked fine.
Thank you all.

[infratec]

Hi,

you always open a new connection.
I modified it that only login open the connection.
I set the flag 'keep-connection'
and in the other procedures I commented out the 2 calls.

Maybe this also saves a bit of trouble.

Bernd

[le_magn]

Thank you very much for your help Bernd.