non-obtrusive javascript, intercept form submission

I

inetquestion

I have an HTML form with two input tags (username, password) which
POSTs to login.jsp The problem is that when an error occurs I have no
way to track this back to a specific user in the access logs.
Basically all we have in our logs are entries like this:

0.0.0.0 - - [20/Apr/2009:00:54:53 -0400] "POST /login.jsp HTTP/1.1"
302 -
0.0.0.0 - - [20/Apr/2009:00:55:12 -0400] "POST /login.jsp HTTP/1.1"
500 -
0.0.0.0 - - [20/Apr/2009:01:35:40 -0400] "POST /login.jsp HTTP/1.1"
302 -

Would it be possible to place some non-obtrusive JavaScript in the
page to intercept the form submission and perform the actions below?
Append the user’s login name as a query string parameter along with a
random number when performing the POST to login.jsp. It is understood
the user would have access to mangle the query string if they
desired… The values in the logs would be used for troubleshooting
purposes, nothing more…

• Extract the value of username (testuser)
• Generate a random 8 digit number (12345678)
• Create string: id=testuser-12345678
• Submit form with the string above appended to the POST url as: /
login.jsp?id=testuser-12345678

0.0.0.0 - - [20/Apr/2009:00:54:53 -0400] "POST /login.jsp?
id=testuser-91312978 HTTP/1.1" 302 -
0.0.0.0 - - [20/Apr/2009:00:55:12 -0400] "POST /login.jsp?
id=testuser-07124987 HTTP/1.1" 302 -
0.0.0.0 - - [20/Apr/2009:01:35:40 -0400] "POST /login.jsp?
id=testuser-84565693 HTTP/1.1" 302 -
 
I

inetquestion

<html>
<head>
<script language="JavaScript">

function checkform(f)
{
var f = document.getElementById("login");
var random = String((1000000000 + Math.random() * 1000000000) |
0);
var newUrl = f.action+ '?id=' + f.username.value + "-" + random;

// Change form action
f.action = newUrl;

// Display new url with added query string in alert box
alert(newUrl);


return true;
}

</script>

</head>

<body>

<form id="login" METHOD="POST" action="login.jsp" onsubmit="return
checkform(this)">
<p><label for="login">Login:</label>
<input type="text" name="username" id="username" /></p>
<p><label for="pw">Password:</label>
<input type="password" name="pw" id="pw" /></p>
<p><input type="submit" value="send" /></p>
</form>
</body>
</html>




This seems to do the trick
 
S

SAM

Le 4/22/09 5:00 PM, inetquestion a écrit :
I have an HTML form with two input tags (username, password) which
POSTs to login.jsp The problem is that when an error occurs I have no
way to track this back to a specific user in the access logs.
Basically all we have in our logs are entries like this:

0.0.0.0 - - [20/Apr/2009:00:54:53 -0400] "POST /login.jsp HTTP/1.1"
302 -
0.0.0.0 - - [20/Apr/2009:00:55:12 -0400] "POST /login.jsp HTTP/1.1"
500 -
0.0.0.0 - - [20/Apr/2009:01:35:40 -0400] "POST /login.jsp HTTP/1.1"
302 -

Would it be possible to place some non-obtrusive JavaScript in the
page to intercept the form submission and perform the actions below?
Append the user’s login name as a query string parameter along with a
random number when performing the POST to login.jsp. It is understood
the user would have access to mangle the query string if they
desired… The values in the logs would be used for troubleshooting
purposes, nothing more…

• Extract the value of username (testuser)
• Generate a random 8 digit number (12345678)
Click to expand...

why not to create this random with jsp ?
• Create string: id=testuser-12345678
• Submit form with the string above appended to the POST url as: /
login.jsp?id=testuser-12345678
Click to expand...

<form action="login.jp" method="post"
onsubmit="this.id.value = this.username.value +
'-' + this.login.value;"
<p>User Name: <input name="username">
<p>Login:
<input name="login" value="<?= $randomLogin ?>" type="password">
<input type="hidden" name="id">
<p><input type="submit">
</form>


<form action="login.jp" method="post"
onsubmit="this.id.value = this.username.value +
'-<?= $randomLogin ?>';"
<p>User Name: <input name="username">
<p>Login: <input name="login" type="password">
<input type="hidden" name="id">
<p><input type="submit">
</form>
 
M

MC

Is it javascript or jsp error?

If its javascript, you can do an on error function and ajax the data back.
In fact, you can send the whole page state data back.

If its jsp why not trap it and report it?

<% try { %>
<body>
.....html code...
</body>
<% } catch(Exception e) { %>
// write an error to the server log, email admin, etc
<%} %>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AJAX vs form submission (character encoding) 2
Why is this WordPress comments form not submitting? 1
Aborting an ongoing Javascript form submission. 3
automatic form submission 1
What is going on? 3
POST form triggers bad GET submission 3
[JRuby 1.1.3 -- Glassfish 9.1_01] Time slowly out of sync? 4
Unexpected Error with .NET Framework 2.0 runtime 0

Members online

No members online now.
Total: 38 (members: 0, guests: 38)
Robots: 457

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top