You can look at the name attributes of the input elements in the source page. The thing you won't get is the form token: the form token is a mechanism designed to prevent exactly what you're trying to do. Form token is an input field that is generated with the rest of the form and stored server side. If you send a valid token back to the server, it process your request. otherwise it doesn't because it thinks you're a spammer. Dmitri On Feb 5, 2009, at 4:46 AM, Martin Stadler wrote:
Hi!
I'm working on a small curl-based script to add content to a drupal-6 site. Logging-in (getting cookie etc) works fine but when I try to add content I get a validation error. I guess it's about security. Is it at all possible to do what I'm trying? Is there documention how these form tokens actually work and what is required? I couldn't find that in the formAPI docs.
Here's the code:
# login curl http://localhost/USA08/user \ -F 'name=Martin' \ -F 'pass=pass' \ -F 'form_id=user_login' \ -F 'op=Log in' \ --output /Users/martin/response.html \ -s \ -c /tmp/curl-cookies.txt \ -b /tmp/curl-cookies.txt
# -> works: response.html says I'm logged-in
# add page curl http://localhost/USA08/node/add/page \ -F 'title=xyz' \ -F 'teaser_include=1' \ -F 'body=abc' \ -F 'format=1' \ -F 'changed=' \ -F 'form_id=page_node_form' \ -F 'log=' \ -F 'comment=0' \ -F 'name=Martin' \ -F 'date=' \ -F 'status=1' \ -F 'op=Save' \ --output /Users/martin/response2.html \ -s \ -c /tmp/curl-cookies.txt \ -b /tmp/curl-cookies.txt
# -> does not work: response2.html says 'Validation error, please try again. If this error persists, please contact the site administrator.'
Regards, Martin