Authentication

using curl to bypass login page

 
 
Picture of harshal mundiwale
using curl to bypass login page
 
I am trying to post user name and password to the login page as below:

***************************

$ch = curl_init();

$data = array('username' => 'harshal3', 'password' => 'harshal3', 'submit' => 'Login');

curl_setopt($ch, CURLOPT_URL, 'http://192.168.101.69/moodle199/login/index.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,1);
curl_exec($ch);
curl_close($ch);

*********************************

This is not working. Debugging revealed that it successfully redirects to http://192.168.101.69/moodle199 after authentication but on http://192.168.101.69/moodle199/index.php, the $USER object is getting lost and hence login fails at "require_login()".

Thoughts why the $USER object is getting lost??

Thanks..
 
Average of ratings: -
Awesome
Re: using curl to bypass login page
 

I'm having almost the same problem... did you find some answer of WHY is this happening? T.T

 
Average of ratings: -
Portrait taken at work
Re: using curl to bypass login page
 

Did you try giving it form headers? This is just a guess for you to test.


$httpheader=array('Content-type: multipart/form-data', ...);
curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheader);
 
Average of ratings: -
Awesome
Re: using curl to bypass login page
 
Actually, the curl part is working fine, the data is received by Moodle and it creates a valid session (i'm returning the whole SESSION object for debugging, and its complete), though, when I redirect to the moodle index page I'm not logged in anymore. The $USER object isn't there anymore. I'm guessing the moodle session depends on the curl session, so I need a way to keep it alive while I redirect to moodle.
 
Average of ratings: -
Picture of xitrum xi
Re: using curl to bypass login page
 

You can write a shell script or do the commands manually:

Login:

curl -b cookies.txt -c cookies.txt -d "username=user&password=pass" -i www.yourmoodletest.com/login.php

That would do a POST to www.yourmoodletest.com/login.php passing username=user&password=password as parameters. And cookies will be saved to cookies.txt

Then you can request a page over and over with the returned HTML:

curl -b cookies.txt -c cookies.txt -i www.yourmoodletest.com/index.php

Hope this help you.

 
Average of ratings:Useful (2)
Picture of Matteo Scaramuccia
Re: using curl to bypass login page
Group Core developersGroup Particularly helpful MoodlersGroup Plugin developers

Hi,

the same could apply to the original PHP code, adding the cookie handling as per your CLI example:

...
// -b/--cookie <name=data|file name>
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
// -c/--cookie-jar <file name>
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
...

Never tried but it should work: the temp cookie file, cookies.txt, should be removed before a new login will be required.

HTH,

Matteo

 
Average of ratings: -
Awesome
Re: using curl to bypass login page
 

I tried the CookieJar option but it didn't work either.

I finally settled for a simple POST using simetric encription for both sides (and some other validations)

 
Average of ratings: -
Picture of Eugene Voevodin
Re: using curl to bypass login page
 

Hello,

 

Would you be so kind to share the solution?

 

Thanks

 
Average of ratings: -
Picture of Leo Moraes
Re: using curl to bypass login page
 
$cc = new cURL(); $URL = "http://............../login/index.php"; $login= $cc->post($URL,"username=xxxxxxx&password=yyyyyyyy"); $URL = "http://............/mod/lesson/view.php?id=41"; $content= $cc->get($URL); echo $content; class cURL { var $headers; var $user_agent; var $compression; var $cookie_file; var $proxy; function cURL($cookies=TRUE,$cookie='cookies.txt',$compression='gzip',$proxy='') { $this->headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg'; $this->headers[] = 'Connection: Keep-Alive'; $this->headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8'; $this->user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)'; $this->compression=$compression; $this->proxy=$proxy; $this->cookies=$cookies; if ($this->cookies == TRUE) $this->cookie($cookie); } function cookie($cookie_file) { if (file_exists($cookie_file)) { $this->cookie_file=$cookie_file; } else { fopen($cookie_file,'w') or $this->error('The cookie file could not be opened. Make sure this directory has the correct permissions'); $this->cookie_file=$cookie_file; //echo "escrevendo o cookie"; @fclose($this->cookie_file); } } function get($url) { $process = curl_init($url); curl_setopt($process, CURLOPT_HTTPHEADER, $this->headers); curl_setopt($process, CURLOPT_HEADER, 0); curl_setopt($process, CURLOPT_USERAGENT, $this->user_agent); if ($this->cookies == TRUE) curl_setopt($process, CURLOPT_COOKIEFILE, $this->cookie_file); if ($this->cookies == TRUE) curl_setopt($process, CURLOPT_COOKIEJAR, $this->cookie_file); curl_setopt($process,CURLOPT_ENCODING , $this->compression); curl_setopt($process, CURLOPT_TIMEOUT, 30); if ($this->proxy) curl_setopt($process, CURLOPT_PROXY, $this->proxy); curl_setopt($process, CURLOPT_RETURNTRANSFER, 1); curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1); $return = curl_exec($process); curl_close($process); return $return; } function post($url,$data) { $process = curl_init($url); curl_setopt($process, CURLOPT_HTTPHEADER, $this->headers); curl_setopt($process, CURLOPT_HEADER, 1); curl_setopt($process, CURLOPT_USERAGENT, $this->user_agent); if ($this->cookies == TRUE) curl_setopt($process, CURLOPT_COOKIEFILE, $this->cookie_file); if ($this->cookies == TRUE) curl_setopt($process, CURLOPT_COOKIEJAR, $this->cookie_file); curl_setopt($process, CURLOPT_ENCODING , $this->compression); curl_setopt($process, CURLOPT_TIMEOUT, 30); if ($this->proxy) curl_setopt($process, CURLOPT_PROXY, $this->proxy); curl_setopt($process, CURLOPT_POSTFIELDS, $data); curl_setopt($process, CURLOPT_RETURNTRANSFER, 1); curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($process, CURLOPT_POST, 1); $return = curl_exec($process); curl_close($process); return $return; } function error($error) { echo "
cURL Error
$error
"; die; } } //class
 
Average of ratings: -
Picture of Kamal Das Gupta
Re: using curl to bypass login page
 

I was getting same problem related to curl. I was trying to invoke REST APIs from one linux box to another through curl. But whenever i executed the curl command, I was getting redirected to the login url, instead of the API url. Following the steps mentioned by you solved this problem. Thanks smile

 
Average of ratings: -
Picture of Luca Sabbatini
Re: using curl to bypass login page
 

@Kamal, please post the solution, rather than just saying that it worked for you. Thank you.

 
Average of ratings: -