Hello!
I have several problems with authentication and addition of new nodes to Drupal through external script.
First of all, Drupal - for some reason sends 2 cookies in the redirect after login. Only the second cookie ever gets it's session in a database, but the UID is 0, which is not the UID I authenticated for. So I have to Hijack my own cookie prom a browser in order to actualy get to a page where I can post.
Second. I gather there is no way I can send a html form without it's token. Ok, so I make a GET, regexp the darn token out and POST it with the cookie and the relevant fields.
Gues what. I get back exatly the same page with the form. As if I never sent anything in the body of the POST...
The page does not even complain about the token even if I post without it...
This is very frustrating. Anyone know what to do?
Thanks for help.
Comments
Response from server
I seem to be getting response 200 from server instead of redirect to the newly created node.
Why would Drupal not accept my form? Silently even?
Ok. I am getting response
Ok. I am getting response 200 because the form fails to validate even if I snap the token from GET and infuse it into POST data.
All this - mind you - with HIJACKED cookie. There is no way I can get a legit session after authentication. The script authenticates, but the cookie I recieve has a coresponding session with user ID=0, even though I authenticated as a valid user.
I have been doing this for 4 days and there is not a SOUL on this planet that knows anything about this - and I spent hours on IRC, web, reading all sorts of RTFMs and tutorials.
I wrote scripts in PHP and Ruby and none of them worked.
The script that worked for 4.7.6 is broken now.
This is going to make me revert back to 4.7.6, until I debug the damn thing.
I am sorry to be really pissed off, but it took 4 days of valuable time to discover nothing.
I am not angry at people with butterfingers or at broken code I never payed for, but I am mad at myself for not having hired a coupe of students and have them key in the stupid data.
I am such an idiot.
might eventualy debug the authentication in Drupal and commit to cvs.
Eventualy.
Flying in the face of ignorance
Ok.
As Ian Malcom said: Now I am sitting alone in the car, talking to myself. The essence of chaos.
As I am here all by myself, answering questions noone cares about - I have finally found what to do to successfully post to Drupal.
The idea is to @emulate@ browser to the last detail, including "getting" the page before posting to it. Only THEN the Drupal will register the actual USER that authenticated. In other instances the session is created, but user is anonymous... Hence the 403 responses after auth.
Also ruby's simplehttp has some serious issues regarding being redirected after POST, and because Drupal does that a lot... Well... don't use it until someone fixes it at lesast.
Took me 5 days, 2 programming languages and 1 litre of wine.
That sucks.