views:

908

answers:

4

Hello,

I need to login by a PHP script that uses CURL to a Joomla website, in order to access to a private page that needs to be processed, but nothwithstanding several attempts I have done, I have always a 403 error. I have done a similar thing with other websites and it worked.

Script I use:

$uname = "id";
$upswd = "pswd";
$url = "http://www.somewebpage.com";
$agent = "'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6'";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url );
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE );
curl_setopt($ch, CURLOPT_COOKIEJAR, './cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, './cookie.txt');
curl_setopt($ch, CURLOPT_USERAGENT, $agent );
curl_setopt($ch, CURLOPT_HEADER, TRUE );
curl_setopt($ch, CURLOPT_REFERER, $url1);

// POST fields
$postfields = array();
$postfields['username'] = urlencode($uname);
$postfields['passwd'] = urlencode($upswd);
$postfields['remember'] = 'yes';
$postfields['option'] = 'login';
$postfields['op2'] = 'login';
$postfields['return'] = urlencode($url);
$postfields['message'] = '0';
$postfields['force_session'] = '1';
$postfields['j3b00d36f4336137f4f03335c5eee6440'] = '1';
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);

$ret = curl_exec($ch);

The username and password, as well as the website URL I am using are perfectly working.

This is the result I get:

HTTP/1.1 100 Continue

HTTP/1.1 403 Forbidden
Date: Sat, 06 Feb 2010 08:29:36 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.10
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

Is there something wrong in my CURL request? Or is there a limit with Joomla remote login?

Thanks for suggestions!

A: 

The cURL request seems fine in on itself. It might be a problem on the server's side rather than within your request - there could be a messed up .htaccess file, or invalid permissions for files on there, which only manifest during such "automated" login attempts.

Pawel J. Wal
I was also thinking this. BTW, it fails also by command-line CURL...
Paryeshakaya
As I understand, you do not have access to the server's logs to see what error it produces?
Pawel J. Wal
Unfortunately not :-(
Paryeshakaya
+1  A: 

You have several probelms here..

firstly you are using the wrong fields. option="com_user" not "login" task="login" (am asuming you are talking about joomla 1.5, not joomla 1.0 , they are different)

but the biggest problem you have is that joomla puts a unique tag in every form, and that value can only be used once. so that means that a login form can only be submitted once, it cant be stolen and replayed like you are trying to do. (even if it is not for a nefarious process)

so you would have to request the joomla login page, scrape the form values, then resubmit the data.

alternatively you could create a plugin that does what you want.

Bingy
Hi, thanks for explanation. About the fields (like option=login), they are exactly those in the original login form. I will try as you suggest. I do not know which version of Joomla is used
Paryeshakaya
A: 

You know, I wrote something really similar this week to do some testing on our Joomla install. The trick is to make two requests to the site: one to fetch a unique login token, and create a user session, and another to actually log in.

You gotta share the cookie across both requests, and each new request user session will generate a new token, I believe.

Here's my script in bash, using wget:

function login {
    Server=$1
    User=$2
    Pass=$3
    Token=`wget \
        --quiet \
        --load-cookies ~/cookies.${User}.txt \
        --save-cookies ~/cookies.${User}.txt \
        --keep-session-cookies \
        --output-document=- \
        "http://${Server}/administrator" | \
    grep -Po '"[a-zA-z0-9]{32}"' | \
    grep -o "[^'\"]*"`

    wget \
        --quiet \
        --load-cookies ~/cookies.${User}.txt \
        --save-cookies ~/cookies.${User}.txt \
        --keep-session-cookies \
        --output-document=/dev/null \
        --post-data="username=${User}&passwd=${Pass}&option=com_login&task=login&${Token}=1" \
        "http://${Server}/administrator/index.php?option=com_login"
}

Usage:

$ login www.google.com "username" "password"

You could probably translate this to curl in PHP, or just use a straight exec() call if you're on a *nix system, and not too concerned about security. (Putting code that requires exec() into production, is a good way to get your SysAdmin or CM worked up).

Paul Sweeney
A: 

hi if you have done this please suggest me i also trying login using curl in joomla 1.0.0.15 version please HELP ME how to do it Belog is my code i am posting on this file if($_REQUEST[requestType]=="Login") {

            $mainframe = new mosMainFrame( $database, $option, '.' );
            $mainframe->initSession();
            $mainframe->login($_REQUEST[email],$_REQUEST[password]);
            echo "biz_partner_login2";    //Login Detail Not found 

    } 

curl code is function post_curl($url,$data)

{ $ch = curl_init (); $header[]="Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,/;q=0.1"; $header[]="Accept-Language: en-us,en;q=0.5"; $header[]="Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"; $header[]="Keep-Alive: 300"; $header[]="Connection: keep-alive";

curl_setopt ($ch, CURLOPT_HEADER, 0); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_USERAGENT,"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1"); curl_setopt ($ch, CURLOPT_HTTPHEADER, $header); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt ($ch, CURLOPT_URL,$url); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);

curl_setopt($ch, CURLOPT_POSTFIELDS, "$data"); $output=curl_exec($ch); curl_close($ch); return $output;

}

hirdesh