cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Posting with an automatic hidden post

From: Demetrius Michael <dem_z_at_mac.com>
Date: Tue, 16 Mar 2010 15:27:52 -0400

Sorry for top posting, it's just the entire thread's been top posted. I also would like to know the answer for this.

Because I'm very, very stuck.

I have a phpbb forum, and every day I post the same material (the actual content changes, but the routine to get the content is the same).
I've computerized the routine; now I'm trying computerize the login > start thread > post > log out bit.

To login is easy, the session id is jammed into the cookie. Anything w/ posting has a lot of hidden variables though.

So what I've done is this:

1. $ curl - b cookies.txt - c cookies.txt URLTOPOST > savedfile1
2. parse the save file for hidden forms (in this case the fields turned out to be: "topic_cur_post_id=24718", "lastclick=1268762819", "creation_time=1268762819", "form_token=11d7810297885073332758c13ca11de86af52cc1")
3. Reformat for next curl command.
4. $ curl -b cookies.txt -c cookies.txt -F 'post=Submit' -F 'message= this is my test message ' -F 'disable_bbcode=0' -F 'disable_smilies=0' -F 'attach_sig=1' -F 'topictype=0'-F 'topic_cur_post_id=24718'-F 'lastclick=1268762819'-F 'creation_time=1268762819'-F 'form_token=11d7810297885073332758c13ca11de86af52cc1' URLTOPOST > savedfile2

Ran #4, and the forum barked The submitted form was invalid. Try submitting again.

When looking at the source code, the hidden variables changed! ("topic_cur_post_id=24718", "lastclick=1268762820", "creation_time=1268762821", "form_token=2d4945d0c0e392d41240935848d6e9780726108d")

Is there any way for curl to get the content, without killing the session, then POST after I've parsed for the hidden variables? Because in this case, it seems I get the content twice (giving me two different hidden fields).... Or let me rephrase, is it possible to parse for those known hidden fields w/i the first command line?

I appreciate any help!

Demetrius.

> From: Colleen R. Dick <platypus_at_proaxis.com>
> Date: Tue, 03 Feb 2009 23:23:54 -0800
> think about when a human does this. He goes to the URL and the key is
> generated for him and he never knows about it. He just fills in the
> visible part of the form and press submit. Presumably the data is
> posted back to the same URL that made the form? The script processing
> for that URL has to be able to detect whether data are being posted or
> not. If data are being posted it is going to process them (presumably
> what you want) and maybe return a new form or maybe not but you dont
> care because you already got it to process your data. If you are doing
> an automatic script you don't need to output anything, just figure out
> what you want to post back and post it along with the scraped key. If
> you are creating something for a human you need to make a proxy form
> with the data fields you want him to type but no key. Then he submits
> that to your script and in your processing you forward it all with the
> scraped key back to the third party site. You may or may not be
> successful depends on how the key is checked on their end. I know this
> works because I wrote hacks for linkpoint gateway by scraping javascript
> keys out of an outer frame and using them.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-03-16