Authentication

 
 
Picture of harshal mundiwale
using curl to bypass login page
 
I am trying to post user name and password to the login page as below:

***************************

$ch = curl_init();

$data = array('username' => 'harshal3', 'password' => 'harshal3', 'submit' => 'Login');

curl_setopt($ch, CURLOPT_URL, 'http://192.168.101.69/moodle199/login/index.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,1);
curl_exec($ch);
curl_close($ch);

*********************************

This is not working. Debugging revealed that it successfully redirects to http://192.168.101.69/moodle199 after authentication but on http://192.168.101.69/moodle199/index.php, the $USER object is getting lost and hence login fails at "require_login()".

Thoughts why the $USER object is getting lost??

Thanks..
 
Average of ratings: -
Awesome
Re: using curl to bypass login page
 

I'm having almost the same problem... did you find some answer of WHY is this happening? T.T

 
Average of ratings: -
Portrait taken at work
Re: using curl to bypass login page
 

Did you try giving it form headers? This is just a guess for you to test.


$httpheader=array('Content-type: multipart/form-data', ...);
curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheader);
 
 
Average of ratings: -
Awesome
Re: using curl to bypass login page
 
Actually, the curl part is working fine, the data is received by Moodle and it creates a valid session (i'm returning the whole SESSION object for debugging, and its complete), though, when I redirect to the moodle index page I'm not logged in anymore. The $USER object isn't there anymore. I'm guessing the moodle session depends on the curl session, so I need a way to keep it alive while I redirect to moodle.
 
Average of ratings: -
Picture of xitrum xi
Re: using curl to bypass login page
 

You can write a shell script or do the commands manually:

Login:

curl -b cookies.txt -c cookies.txt -d "username=user&password=pass" -i www.yourmoodletest.com/login.php

That would do a POST to www.yourmoodletest.com/login.php passing username=user&password=password as parameters. And cookies will be saved to cookies.txt

Then you can request a page over and over with the returned HTML:

curl -b cookies.txt -c cookies.txt -i www.yourmoodletest.com/index.php

Hope this help you.

 
Average of ratings:Useful (2)
Walking on the snow towards Lago Nero...
Re: using curl to bypass login page
Group DevelopersGroup Particularly helpful Moodlers

Hi,

the same could apply to the original PHP code, adding the cookie handling as per your CLI example:

...
// -b/--cookie <name=data|file name>
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
// -c/--cookie-jar <file name>
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
...

Never tried but it should work: the temp cookie file, cookies.txt, should be removed before a new login will be required.

HTH,

Matteo

 
Average of ratings: -
Awesome
Re: using curl to bypass login page
 

I tried the CookieJar option but it didn't work either.

I finally settled for a simple POST using simetric encription for both sides (and some other validations)

 
Average of ratings: -
Picture of Eugene Voevodin
Re: using curl to bypass login page
 

Hello,

 

Would you be so kind to share the solution?

 

Thanks

 
Average of ratings: -
Picture of Leo Moraes
Re: using curl to bypass login page
 
$cc = new cURL(); $URL = "http://............../login/index.php"; $login= $cc->post($URL,"username=xxxxxxx&password=yyyyyyyy"); $URL = "http://............/mod/lesson/view.php?id=41"; $content= $cc->get($URL); echo $content; class cURL { var $headers; var $user_agent; var $compression; var $cookie_file; var $proxy; function cURL($cookies=TRUE,$cookie='cookies.txt',$compression='gzip',$proxy='') { $this->headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg'; $this->headers[] = 'Connection: Keep-Alive'; $this->headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8'; $this->user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)'; $this->compression=$compression; $this->proxy=$proxy; $this->cookies=$cookies; if ($this->cookies == TRUE) $this->cookie($cookie); } function cookie($cookie_file) { if (file_exists($cookie_file)) { $this->cookie_file=$cookie_file; } else { fopen($cookie_file,'w') or $this->error('The cookie file could not be opened. Make sure this directory has the correct permissions'); $this->cookie_file=$cookie_file; //echo "escrevendo o cookie"; @fclose($this->cookie_file); } } function get($url) { $process = curl_init($url); curl_setopt($process, CURLOPT_HTTPHEADER, $this->headers); curl_setopt($process, CURLOPT_HEADER, 0); curl_setopt($process, CURLOPT_USERAGENT, $this->user_agent); if ($this->cookies == TRUE) curl_setopt($process, CURLOPT_COOKIEFILE, $this->cookie_file); if ($this->cookies == TRUE) curl_setopt($process, CURLOPT_COOKIEJAR, $this->cookie_file); curl_setopt($process,CURLOPT_ENCODING , $this->compression); curl_setopt($process, CURLOPT_TIMEOUT, 30); if ($this->proxy) curl_setopt($process, CURLOPT_PROXY, $this->proxy); curl_setopt($process, CURLOPT_RETURNTRANSFER, 1); curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1); $return = curl_exec($process); curl_close($process); return $return; } function post($url,$data) { $process = curl_init($url); curl_setopt($process, CURLOPT_HTTPHEADER, $this->headers); curl_setopt($process, CURLOPT_HEADER, 1); curl_setopt($process, CURLOPT_USERAGENT, $this->user_agent); if ($this->cookies == TRUE) curl_setopt($process, CURLOPT_COOKIEFILE, $this->cookie_file); if ($this->cookies == TRUE) curl_setopt($process, CURLOPT_COOKIEJAR, $this->cookie_file); curl_setopt($process, CURLOPT_ENCODING , $this->compression); curl_setopt($process, CURLOPT_TIMEOUT, 30); if ($this->proxy) curl_setopt($process, CURLOPT_PROXY, $this->proxy); curl_setopt($process, CURLOPT_POSTFIELDS, $data); curl_setopt($process, CURLOPT_RETURNTRANSFER, 1); curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($process, CURLOPT_POST, 1); $return = curl_exec($process); curl_close($process); return $return; } function error($error) { echo "
cURL Error
$error
"; die; } } //class
 
Average of ratings: -
Picture of Kamal Das Gupta
Re: using curl to bypass login page
 

I was getting same problem related to curl. I was trying to invoke REST APIs from one linux box to another through curl. But whenever i executed the curl command, I was getting redirected to the login url, instead of the API url. Following the steps mentioned by you solved this problem. Thanks smile

 
Average of ratings: -
Picture of Luca Sabbatini
Re: using curl to bypass login page
 

@Kamal, please post the solution, rather than just saying that it worked for you. Thank you.

 
Average of ratings: -