Logging In To Joomla 1.5 Using External Form (not within joomla folder, but on same server)
Ok, in order for this to work here is what needs to be done -
- Create a new session and get the associated token
- Pass the username, password, and token to create a logged in session
- Get the new cookie values for logged in session
- Transfer cookie to the browser
Here is the code needed to accomplish all of this:
<?php
$uname = $_POST['username'];
$upswd = $_POST['password'];
$url = "http://joomla website.com";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url );
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE );
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE );
curl_setopt($ch, CURLOPT_COOKIEJAR, realpath('./cookie.txt'));
curl_setopt($ch, CURLOPT_COOKIEFILE, realpath('./cookie.txt'));
curl_setopt($ch, CURLOPT_HEADER, TRUE );
$ret = curl_exec($ch);
if (!preg_match('/name="([a-zA-z0-9]{32})"/', $ret, $spoof)) {
preg_match("/name='([a-zA-z0-9]{32})'/", $ret, $spoof);
}
// POST fields
$postfields = array();
$postfields['username'] = urlencode($uname);
$postfields['passwd'] = urlencode($upswd);
$postfields['option'] = 'com_user';
$postfields['task'] = 'login';
$postfields[$spoof[1]] = '1';
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$ret = curl_exec($ch);
// Get logged in cookie and pass it to the browser
preg_match('/^Set-Cookie: (.*?);/m', $ret, $m);
$cookie=explode('=',$m[1]);
setcookie($cookie[0], $cookie[1]);
?>
This should work on any Joomla website as long as the URL used in the script has a login form on the page. Once you run this script you should then be able to access the website and be logged in.
It's not working because Joomla requires a unique token with each login request. It generates a new token every time it creates a login form and that token is associated with the user session. In order for your login to work, you are going to have to create a new session and pull the associated token to submit with your form. There was a similar question a while back that has some good answers on how to establish the session and get the token.
CURL login by script to a Joomla website