[development] Curl-based content generation

Dmitri Gaskin dmitrig01 at gmail.com
Fri Feb 6 02:46:33 UTC 2009


You can look at the name attributes of the input elements in the  
source page.

The thing you won't get is the form token: the form token is a  
mechanism designed to prevent exactly what you're trying to do.

Form token is an input field that is generated with the rest of the  
form and stored server side. If you send a valid token back to the  
server, it process your request. otherwise it doesn't because it  
thinks you're a spammer.

Dmitri

On Feb 5, 2009, at 4:46 AM, Martin Stadler wrote:

> Hi!
>
> I'm working on a small curl-based script to add content to a  
> drupal-6 site. Logging-in (getting cookie etc) works fine but when I  
> try to add content I get a validation error. I guess it's about  
> security. Is it at all possible to do what I'm trying? Is there  
> documention how these form tokens actually work and what is  
> required? I couldn't find that in the formAPI docs.
>
> Here's  the code:
>
>
> # login
> curl http://localhost/USA08/user \
> 	-F 'name=Martin' \
> 	-F 'pass=pass' \
> 	-F 'form_id=user_login' \
> 	-F 'op=Log in' \
> 	--output /Users/martin/response.html \
> 	-s \
> 	-c /tmp/curl-cookies.txt \
> 	-b /tmp/curl-cookies.txt
>
> # -> works: response.html says I'm logged-in
>
> # add page
> curl http://localhost/USA08/node/add/page \
> 	-F 'title=xyz' \
> 	-F 'teaser_include=1' \
> 	-F 'body=abc' \
> 	-F 'format=1' \
> 	-F 'changed=' \
> 	-F 'form_id=page_node_form' \
> 	-F 'log=' \
> 	-F 'comment=0' \
> 	-F 'name=Martin' \
> 	-F 'date=' \
> 	-F 'status=1' \
> 	-F 'op=Save' \
> 	--output /Users/martin/response2.html \
> 	-s \
> 	-c /tmp/curl-cookies.txt \
> 	-b /tmp/curl-cookies.txt
>
> # -> does not work: response2.html says 'Validation error, please  
> try again. If this error persists, please contact the site  
> administrator.'
>
> Regards,
> Martin
>



More information about the development mailing list