Login via POST Login via POST
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Login via POST

Started by blueshack, October 14, 2015, 10:45:21 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

blueshack

Hi

When I strip down the loginpage to
<form action="login.php?" method="post">
<!-- Start standard table -->
<table>
                 <tr>
                     <td><input type="text" name="username"  /></td>
                  </tr>
                  <tr>
                       <td><input type="password" name="password"  /></td>
                  </tr>
                  <tr>
                      <td >
                       <button type="submit" name="submitted" value="OK" >OK</button>
                      </td>
                  </tr>
</table>
</form>

put this as a new html file on the server, call this file,
fill in my username, pwd, send ->
everything works fine.
I can go to the login.php and see, I'm logged in!


But when I try the same with cURL
$url = 'http://my_domain/_coppermine/login.php?referer=index.php';

$ch = curl_init($url);

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, array('username' => 'user', 'password' => 'somePWD','submitted' => 'OK'));

$response = curl_exec($ch);
curl_close($ch);


It dosn't work.


If I catch the $_POST response in the login.php file both request bring the same $_POST-array

So the login should work, but it does not.

What did I miss?

Thank you

gmc

Not really a Coppermine issue - but I have played with CURL a bit for other uses...

QuoteIt dosn't work.
A little more information is needed to be able to help though...

Where are you expecting the output to go?
By default the response is output...
If you want the response assigned to the variable $response - you need to set CURLOPT_RETURNTRANSFER to TRUE

If that isn't the issue, what messages/status codes are returned? 
Inserting this after your curl_exec will get the status code... 200 is normal.
$status   = curl_getinfo($request, CURLINFO_HTTP_CODE);
One or more of these curl options may help debug:

CURLOPT_FAILONERROR
CURLOPT_VERBOSE  (you can route the output with CURLOPT_STDERR



Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

blueshack

Thank you GMC
I will insert your code an post the debug messages.

The whole idea behind that is, to login (only login) from a foreign software to use the gallery with the same user.
So I just started to test how I could 'remote' login.
The usersync is a seperate thing ( in fact it is allready working)

what I have found ist something like tunelling
I will also look at this possibility. ( http://forum.coppermine-gallery.net/index.php/topic,76302.0.html )

thank you,
andi

gmc

Don't know which software you're using...
In addition ti the 'tunnel' plugin, CPG supports 'bridging' - where it uses the user (and optionally group) information from the other software package...
Forums like and mybb are supported... And you can always write your own bridge script following the examples of the existing scripts.

If that helps...
Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

blueshack

Thank you, thats a big help!

could you please give a short link for the eample?

I've looked arround a lot, but there so many examples, mostly no working ;) arround there.
Some of them seem to be old...

What I'm realy looking for is to bridge joomla, but I found no simple solution, which works with joomla3.
So I thought, it should be possible just to login remote ;) - and that could be used for every foreign software. So......

lets see, if we will get it backed.

thank you, andi

phill104

There was a bridge for J2.5 with visual integration but it never got updated to J3.x. It might be easier to modify that rather than creating your own - http://forum.coppermine-gallery.net/index.php/topic,74483.0.html

As you already know, there is also the Joomla tunnel plugin.
It is a mistake to think you can solve any major problems just with potatoes.

blueshack

Thank you all

For me is the most important thing the user and login-sync.
No visual implementation.

So the tunnel is all I need and, I've allready tried it, works perfekt!

But the starting question is not answered.
I want to understand why it is not the same to use my stripped down loginform or some POST-send methods from php.

Maybe the question and the solution is academic, because the tunnel is working, but - I think - interesing.

so, thank you for that and maybe someone has the answer for my starting question.

solong, andi


gmc

For your initial question - would need to see the output, reason code, etc from CURL as I indicated below...
I have found some forms that CURL has had issues with (or perhaps my knowledge of it... :) - typically when the form is passing some session info or similar that I just can't easily recreate externally) but the CPG login form is pretty straightword - I would expect it to work...

As you said - you have a solution - so up to you if you want to continue to pursue...
Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

ΑndrĂ©

I haven't tested it, but I think the main issue is, that Coppermine creates a session cookie in the browser. As far as I understood your code correctly you send the login data to the login form - but this won't create the session cookie in the user's browser, as any information is returned to your server and stored in $response. I think you'd need to get the cookie information out of $response and then use setcookie to actually set the cookie in the browser. But I assume that this also won't work, as PHP currently sends the "wrong" user agent to the login form. You'd need to send the same user agent as the user's browser, as it's used to generate (and later detect) the session cookie. Then it may work. I assume a simple AJAX call will be much simpler ;)