News:

Wondering if this will always be free?  See why free is better.

Main Menu

SMF curl login issue php

Started by John Wodden, April 12, 2013, 06:53:08 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

John Wodden

April 12, 2013, 06:53:08 AM
Does any one have have some PHP login curl code for SMF version 1.1.11 I tried and it logs then when I check the curl output, but when the broswer loads, they are no longer logged in

My code
Code Select

function login($data)
{
    if(function_exists('curl_init' )) {

        $_SESSION['old_url'] = $_SERVER['HTTP_HOST'] .'test';
        // smf needs this sigh
        // create a new cURL resource
        $data = array( 'noverify'=>1 , 'user'=> $data['username'] ,  'passwrd' => $data['password'] ,'hash_passwrd'=>$data['password'], 'cookielength'=>'60');
        $ch = curl_init();
        // set URL and other appropriate options
        curl_setopt($ch, CURLOPT_URL, $_SERVER['HTTP_HOST'] . "/forum/index.php?action=login2");
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
        curl_setopt($ch, CURLOPT_HEADER, 0);

        $agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)";
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($ch, CURLOPT_USERAGENT, $agent);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
        curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__).'/cookie.txt');
        curl_setopt($ch, CURLOPT_COOKIEJAR,  dirname(__FILE__).'/cookie.txt');
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);


        // grab URL and pass it to the browser
        $a = curl_exec($ch);

        //$ch_temp=curl_copy_handle($ch);

        //print_r($ch_temp);
        // close cURL resource, and free up system resources
        curl_close ($ch);

    }
}

Arantor

#1
April 12, 2013, 08:31:05 AM
Quote, but when the broswer loads, they are no longer logged in

Firstly, I'm really not sure you should be sending both passwrd and hash_passwrd especially when hash_passwrd is NOT the raw password (it is encrypted, using the current session id, since even guests have a session id)

Secondly, so this script connects, and logs in. I presume it's saving the cookie to the location given (check what it contains), but is it supplying it on future requests? The browser isn't being given that cookie so there's zero chance of the browser remaining logged in - the cookie has to be sent with every page request (since that's how *any* log-in system works)
Holder of controversial views, all of which my own.

Sir Osis of Liver

#2
April 12, 2013, 10:50:31 PM

Isn't curl disabled in most php configs for security reasons?

Even if the whole world has forgotten,
The song remembers when.
                              - H. Prestwood

Arantor

#3
April 12, 2013, 10:52:01 PM
It's actually more likely these days to be accepted than fsockopen from what I've seen.
Holder of controversial views, all of which my own.

Print
Go Up Pages1
User actions
Advertisement: