cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Easy "POST" question but cannot figure it out!!

From: <jon_at_linertia.com>
Date: Wed, 14 Nov 2007 23:37:33 -0800 (PST)

Burke,

Thanks for the information, it was useful but I wasn't able to solve the
problem.

Basically, when I do a tcpdump of traffic (when I login manually), this is
EXACTLY what is being sent to the server:

POST /forum/login/ email=email%40email.com&password=pass&login=Log+in

this means that the "+" sign is not url-encoded and is taken for what it
is. When I use that as the data input for curl, I believe that there is
something fishy going out because everything else leads me to believe that
what I am typing is correct as shown below:

curl -c cookie -d "email=email%40email.com&password=pass&login=Log+in"
http://www.example.com/forum/login

where -c creates the cookie after giving the correct credentials and -d is
the data posted to the server.

> jon_at_linertia.com wrote:
>> I'm still looking at this problem and it may be that I have boiled it down
>> to the "+" sign that may be causing problems in the Log+in
>> > POST /forum/login/
email=email%40email.com&password=pass&login=Log+in
>> I searched the archives for this and some bug showed up about Zones but I
>> don't think that has anything to do with it. Anybody ever use this "+"
sign as part of the data in curl?
>
> Yes all the time, the + sign is a 'urlencoded' space.
>
> http://www.albionresearch.com/misc/urlencode.php
>
>
>>> Thanks Daniel,
>>> I got the output from LiveHTTPHeaders and it was this:
>>> GET /forum/login/
>>> POST /forum/login/ email=email%40email.com&password=pass&login=Log+in
that's exactly what I'm sending it as the data in my curl command
line.
>>> curl -c cookie -d "email=email%40email.com&password=pass&login=Log+in"
http://www.example.com/forum/login
>>> What I put above does not work. HOWEVER, I took the cookie
information
>>> from my manual login (which i did through firefox) and copied that
information into "cookie" and when I logged in, it worked. What's the
deal here? Obviously I'm not giving it the credentials it wants via
curl.
>
> Does the user you are running the command as have write access to the
cookie file? Doesn't sound like it if you had to manually add to the
cookie file. Also "-b" is used to pass cookie information "-c" is only
to capture it AFAIK.
>
>>> Is it possible that a server prevents curl requests?
>
> Theoretically yes, however curl allows you to spoof any user agent, see
the "-A" option.
>
>
> Burke
>
>>> Thanks again!
>>>> On Wed, 14 Nov 2007, jon_at_linertia.com wrote:
>>>>> I have read that already, twice over. It is obvious that I read it
based on
>>>>> the methods I have used to fix the problem. Any suggestions?
>>>> Yes, Use LiveHTTPHeaders, clear your cookies then run your operation
manually
>>>> once and log everything with LiveHTTPHeaders.
>>>> Then inspect the log and repeat those requests with curl. Pay attention
>>>> to
>>>> cookies and the exact data sent in the POST.
>>>> --
>>>> Commercial curl and libcurl Technical Support:
>>>> http://haxx.se/curl.html
>
>
Received on 2007-11-15