MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Development > Login via CURL?
Full Version: Login via CURL?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Dannymh

2012-03-21, 12:42 AM
Hi,

I am trying to work on an integration with other software, the simplest method to do this would be to use synced user tables, and then use cURL on a login even from either software.

This login event would then take the submitted data and use cURL with the post variable pushed through via cURL.

I can use and external login form, pointing to member.php and this all works without issue, however when I try the same principle but pushing the $_POST data through to member.php it gives me an invalid username password.

Can anyone think of any reason this would fail, when essentially the curl option should be the same as submitting a form?

Is there some form of user agent checking or something similar?

Cheers
Dan

dragonexpert

2012-03-21, 01:11 AM
Are you md5ing both the password and salt?

Dannymh

2012-03-21, 01:38 AM
should it matter? This is usually handled by member.php and not by the form

So sending raw post data to member.php, then lets member.php do the encoding.

Put it this way, if you create a raw HTML form as follows

<form action='member.php' method='post'>
<input type='hidden' name='action' value='do_login' />
<input type='hidden' name='url' value='index.php' />
Username: <input type='text' name='username' maxlength='30' /><br />
Password: <input type='password' name='password' /><br />
<input type="submit" value="login" />

and then you submit that form member.php takes the $_POST variables and does all the login routine.

Using cURL to send that data to member.php should result in the exact same outcome, as it just pushes those same variables as is via POST.


Here is the exact code

<form action='dan_login.php' method='post'>
<input type='hidden' name='action' value='do_login' />
<input type='hidden' name='url' value='index.php' />
Username: <input type='text' name='username' maxlength='30' /><br />
Password: <input type='password' name='password' /><br />
<input type="submit" value="login" />

<?php

//extract data from the post
extract($_POST);

//set POST variables
$url = 'http://<mysite>/member.php';
$fields = array(
            'action'=>urlencode($action),
            'url'=>urlencode($url),
            'username'=>urlencode($username),
            'password'=>urlencode($password)
        );

//url-ify the data for the POST
$params = array();
foreach($fields as $key=>$value) { array_push($params, $key.'='.$value); }
$params = implode('&', $params);

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);

//execute post
$result = curl_exec($ch);

//close connection
curl_close($ch);

If I point the curl at another file say "testpost.php" and then simple do a var_dump on the $_POST variable then it prints out all of the data correct, this seems to indicate the post side is working correctly.

I think the issue here is that cURL is unable to set the cookies correctly.
Some further progress, almost there, now setting the cookies to cookie.txt, which is probably not ideal but will warrant some testing.

Now it's asking for image verification

DeAtHeR

2014-01-28, 03:29 PM
(2012-03-21, 01:38 AM)Dannymh Wrote: [ -> ]should it matter? This is usually handled by member.php and not by the form

So sending raw post data to member.php, then lets member.php do the encoding.

Put it this way, if you create a raw HTML form as follows

<form action='member.php' method='post'>
<input type='hidden' name='action' value='do_login' />
<input type='hidden' name='url' value='index.php' />
Username: <input type='text' name='username' maxlength='30' /><br />
Password: <input type='password' name='password' /><br />
<input type="submit" value="login" />

and then you submit that form member.php takes the $_POST variables and does all the login routine.

Using cURL to send that data to member.php should result in the exact same outcome, as it just pushes those same variables as is via POST.


Here is the exact code

<form action='dan_login.php' method='post'>
<input type='hidden' name='action' value='do_login' />
<input type='hidden' name='url' value='index.php' />
Username: <input type='text' name='username' maxlength='30' /><br />
Password: <input type='password' name='password' /><br />
<input type="submit" value="login" />

<?php

//extract data from the post
extract($_POST);

//set POST variables
$url = 'http://<mysite>/member.php';
$fields = array(
            'action'=>urlencode($action),
            'url'=>urlencode($url),
            'username'=>urlencode($username),
            'password'=>urlencode($password)
        );

//url-ify the data for the POST
$params = array();
foreach($fields as $key=>$value) { array_push($params, $key.'='.$value); }
$params = implode('&', $params);

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);

//execute post
$result = curl_exec($ch);

//close connection
curl_close($ch);

If I point the curl at another file say "testpost.php" and then simple do a var_dump on the $_POST variable then it prints out all of the data correct, this seems to indicate the post side is working correctly.

I think the issue here is that cURL is unable to set the cookies correctly.
Some further progress, almost there, now setting the cookies to cookie.txt, which is probably not ideal but will warrant some testing.

Now it's asking for image verification

This code not work. have you working code ? Pls ans..

Dannymh

2014-01-29, 12:04 AM
I abandoned this as I found another method to achieve what I was doing sorry

DeAtHeR

2014-02-11, 10:09 AM
I need curl login for mybb forum system.
Anybody help me ?

Dannymh

2014-02-18, 01:06 PM
cURL likely wont work well due to the cookies you are going to need, what is your use case?

What are your trying to achieve, you can likely get single sign-on another way

Rakes

2014-02-21, 10:05 AM
(2014-02-18, 01:06 PM)Dannymh Wrote: [ -> ]cURL likely wont work well due to the cookies you are going to need, what is your use case?

What are your trying to achieve, you can likely get single sign-on another way

CURLOPT_COOKIEJAR & CURLOPT_COOKIEFILE

PHP isn't really made for this kind of stuff so for example using Python would be easier as it's pretty much only like

import requests, sys

s = requests.session()

login = s.post('member.php', data = {'username': 'Cake', 'password': 'Rake'})

# Some more checks like status_code

if 'Invalid?' in login.content:
    sys.exit('Invalid Username/Password')

etc = s.get('random_page.php')

As request's session keeps the cookie data.
MyBB Community Forums > Extensions > Plugins > Plugin Development > Login via CURL?