Forum Posting through Curl

[Vramin]

I have a site (City of Heroes Registry [nofollow]) that lets people track their character's leveling process and, when they level up, it posts updates to a couple of forums. Right now I update my own phpBB forum. I would like to convert that to an SMF forum, but I have to get this posting thing ironed out.

This sort of thing works to post to a phpBB forum:

Code Select Expand


  // Start up and get logged in
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_HEADER, true);
  curl_setopt($ch, CURLOPT_VERBOSE, 1);
  curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
  curl_setopt($ch, CURLOPT_TIMEOUT, 10);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
  curl_setopt($ch, CURLOPT_URL, "$url/login.php");
  curl_setopt($ch, CURLOPT_POSTFIELDS, "username=$user&password=$password&login=Log%20In");
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  $result = curl_exec($ch);

  // Post something
  curl_setopt($ch, CURLOPT_URL, "$url/posting.php");
  curl_setopt($ch, CURLOPT_POSTFIELDS, "&subject=$subject&t=$message_id&mode=reply&message=".urlencode($message)."&post=Submit");
  $result = curl_exec($ch);

  // Clean up and exit
  curl_close($ch);

I've tried a similar thing in SMF. The login succeeds, but somehow my session is always expired before I can post, even though I'm using a cookie jar:

Code Select Expand


  // Start up and get logged in
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_HEADER, true);
  curl_setopt($ch, CURLOPT_VERBOSE, 1);
  curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
  curl_setopt($ch, CURLOPT_TIMEOUT, 10);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  curl_setopt($ch, CURLOPT_COOKIEJAR, $_SERVER['DOCUMENT_ROOT']."/cookie.txt");
  curl_setopt($ch, CURLOPT_URL, "$url/index.php");
  curl_setopt($ch, CURLOPT_POSTFIELDS, "&action=login2&user=$user&passwrd=$password&cookielength=-1&submit=Login");
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  $result = curl_exec($ch);

  // Post something

  curl_setopt($ch, CURLOPT_POSTFIELDS, "message=".urlencode($message)."&subject=$subject&post=Post&notify=0topic=$message_id&action=post2&board=1");

  $result = curl_exec($ch);

  // Clean up and exit
  curl_close($ch);
Has anyone else gotten this to work already? Is there something else I'm missing?

[Oldiesmann]

It's not that your session is timing out, it's that you're not passing the session ID to the post2 function. You need to add sesc={session_id} somewhere in there or it won't work.

[Vramin]

I thought that the session id would be in the cookie jar. Okay, thanks for the clue.

[Vramin]

I have grepped  sesc out of the login results and handed it in with the post fields and got the same result. Passing in the PHPSESSID with it doesn't help. Not sure what I'm missing.

[Vramin]

Well, it did want the session id (apparently sc instead of sesc) but now it tells me:

The last posting from your IP was less than 15 seconds ago. Please try again later.

Still not sure what I'm missing.

[xenovanis]

You might want to try this:

Having problems with mod_security?

[Vramin]

You might want to try this:

Having problems with mod_security?

Thanks for the pointer... I checked out my phpinfo() and don't see mod_security listed. I use curl to post to vBulletin and phpBB from my app without any problems. I really want to move off of phpBB and into SMF, but until I can get this posting issue solved I'm stuck.

I have an application call the City of Villains Registry [nofollow] that posts leveling notices to a couple of forums when a character levels. I have not been able to make it work with SMF.

[Vramin]

Okay, one last shot... hopefully someone can give me a clue.

I finally got this to work a couple of ways. One was to set the post timeout to a negative number so it would never, ever fail.

The other was to put a sleep(15) in my script so that it would wait 15 seconds after login before attempting to post.

My question now is why does it treat logging in as posting? Maybe I'll doctor the source to subtract 15 seconds from the time of login or something, but this seems to me like a bit of a bug, and it won't help me if I want to let a user give an SMF URL to post leveling updates into.

I'm really working too hard at this. phpBB and vBulletin took an evening to get right. This one has been dragging out for weeks.