Joomla - Logging in a Guest User by Script
UPDATE: I found an IIS bug that might be causing the problem. See this post IIS and nph.
_________________Original Question_______________________________________________________________________________
I have a Guest Joomla user that has access to a less private, but still private, part of my website. I want some users, accessing by a special link containing a hash, to be able to login automatically under the limited access Guest account.
To accomplish this, I'm following a post by Brent Friar Logging in using cURL.
Parts of the process are working.
- I am able to make the cURL request, scrape the token value.
- Once the script runs, I can look at the Joomla session table and see an entry for my guest user.
- When I print the value of the cookie just before I set it - it matches the cookie in the session table.
However, when I try to proceed to the area of the site the Guest user should have access to, I get redirected to the login screen. When I inspect the cookies in my browser, it's not the same cookie that printed in the script. Then if I check the session table again, I see that the new cookie is tied to a newer, anonymous session.
Why is the cookie set in setCookie() not persisting?
Here is my code:
$uname = "DocGuest";
$upswd = "pass";
//This is the URL of the normal login form on the website
$url = "http://localhost/index.php?option=com_content&view=article&id=115&Itemid=283";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url );
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE );
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE );
curl_setopt($ch, CURLOPT_COOKIEJAR, realpath('./cookie.txt'));
curl_setopt($ch, CURLOPT_COOKIEFILE, realpath('./cookie.txt'));
curl_setopt($ch, CURLOPT_HEADER, TRUE );
$ret = curl_exec($ch);
if (!preg_match('/name="([a开发者_运维问答-zA-z0-9]{32})"/', $ret, $spoof)) {
preg_match("/name='([a-zA-z0-9]{32})'/", $ret, $spoof);
}
$postfields = array();
$postfields['username'] = $uname;
$postfields['passwd'] = $upswd;
$postfields['lang'] = 'en';
$postfields['option'] = 'com_user';
$postfields['task'] = 'login';
$postfields[$spoof[1]] = '1';
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$ret = curl_exec($ch);
// Get logged in cookie and pass it to the browser
preg_match('/^Set-Cookie: (.*?);/m', $ret, $m);
$cookie=explode('=',$m[1]);
print_r($cookie); //Cookie matches session table here?
//header("location: http://localhost/index.php?option=com_k2&view=itemlist&layout=category&task=category&id=1&Itemid=158");
setcookie($cookie[0], $cookie[1], 3600*24, '/');
Wow, interesting issue, I will assume that you are using XAMPP due to the domain. First thing I see that could cause a problem is the redirect being before you transfer the cookie.
//header("location: http://localhost/index.php?option=com_k2&view=itemlist&layout=category&task=category&id=1&Itemid=158");
setcookie($cookie[0], $cookie[1], 3600*24, '/');
Should be:
setcookie($cookie[0], $cookie[1], 3600*24, '/');
header("location: http://localhost/index.php?option=com_k2&view=itemlist&layout=category&task=category&id=1&Itemid=158");
The other thing I would do is not set the path to the cookie. I know in the past I have had issues with XAMPP paths not working like I thought they would. Try using:
setcookie($cookie[0], $cookie[1], 3600*24);
精彩评论