cURL / Mailing Lists / curl-users / Single Mail

curl-users

Reading a file contents into a form text field, a password

From: Nick <curl-users_at_i.lucanops.net>
Date: Wed, 14 Oct 2015 17:06:37 +0100

Hey everyone,

I'm trying to use curl to interact with a web-based file manager. The
web interface needs to be logged into with a password on an HTML form,
and once logged in I need to use the HTTP cookie and a nonce (in the UK
that word has quite a different meaning to the CS norm!) from the HTML
of the page after log in.

The good news is I don't need my hand holding, I have it all working.
Log in, get data, use data to submit another form to upload files.
Curl's a powerful program, respect to those who have got it that way.

My problem is that the password is read from a file in my bash script
and so ends up being visible in cron logs, process lists, and perhaps
others because I put the password into curl's command line options. I
haven't been able to get curl's own password reading to work, which the
man page talks about.

This is pretty much what I have which works:
CURLCMD='curl -k --connect-timeout 10 -m 24 --retry 1 --retry-delay 3'
NUKECODE=`cat keys/password`
$CURLCMD --form pwd=$NUKECODE --form press=submit \
       -L -c cookiejar
       'https://host.domain.tld/fm.php' >login

But variations (quotes and such) of the following do not log in, the
server comes back that the password is wrong.

$CURLCMD --form "pwd=<keys/password" --form press=submit ...
$CURLCMD --form "pwd=@keys/password" --form press=submit ...
(I know why this one didn't work, now)
cat keys/password|$CURLCMD --form "pwd=<-" --form
press=submit ...
$CURLCMD --form "pwd=<-" --form press=submit ... < keys/password

Hmmm, even my final thought of trimming the final new line out the
password file didn't help. The password itself is echo'd into the
password file from another script, it was
        echo SuperSekrit>/path/keys/password
changed that to
        echo -n SuperSekrit>/path/keys/password
and the server is still responding the password is wrong.

Any ideas?

Thanks
Nick
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-10-14