CODEWITHSUNDEEP
phpdrupalcurldrupal-7
user2950124
user2950124

Reputation: 33

Drupal log in with a curl

I'm trying to log in a drupal via curl. I got message: 'logged' with a command: echo "logged"; which is in a if statement that tells me how everything was fine.

After running a script I open my homepage and unfortunately I wasn't logged in.

I think that I have a problems with a cookies. 

 <?php
    ob_start(); // Initiate the output buffer
    function mymodule_get_csrf_header() {
      $curl_get = curl_init();
      curl_setopt_array($curl_get, array(
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_URL => 'http://will.sx/services/session/token',
      ));
      $csrf_token = curl_exec($curl_get);
      curl_close($curl_get);
      return 'X-CSRF-Token: ' . $csrf_token;
    }
    $username = 'test';
    $password = 'TEST';
    $request_url = 'http://will.sx/rests/user/login';
    $user_data = array(
      'username' => $username,
      'password' => $password,
    );
    $user_data = http_build_query($user_data);

    $curl = curl_init($request_url);
    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/json')); // Accept JSON response
    curl_setopt($curl, CURLOPT_POST, 1); // Do a regular HTTP POST
    curl_setopt($curl, CURLOPT_POSTFIELDS, $user_data); // Set POST data
    curl_setopt($curl, CURLOPT_HEADER, FALSE);  // Ask to not return Header
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($curl, CURLOPT_FAILONERROR, TRUE);
    curl_setopt($curl, CURLOPT_COOKIESESSION, true);
    curl_setopt($curl, CURLOPT_COOKIEFILE, "cookie.txt");
    curl_setopt($curl, CURLOPT_COOKIEJAR, "cookie.txt");

    $response = curl_exec($curl);
    $http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
    if ($http_code == 200) {
      $logged_user = json_decode($response);
      echo 'logged';
    }
    else {
      $http_message = curl_error($curl);
      die('Unable to connect to Basic CMS Engine! 
                                            Username or password incorrect! 
                                            Please enter valid username and password!');  
    }
    //setcookie(name,value,expire,path,domain,secure)
    setcookie($logged_user->session_name,$logged_user->sessid,time() + 10000,'/');
    ob_end_flush(); // Flush the output from the buffer
    ?>

Every kind of help is welcome. Thanks in advance.

Upvotes: 2

Views: 2944

Answers (3)

kenorb
kenorb

Reputation: 166667

Here is the example using Bash shell which reads address IP from /admin/reports/status/php page retrieved from Drupal 7:

#!/usr/bin/env bash
url="https://www.example.com"
uri_php="/admin/reports/status/php"
user=admin
pass=admin
form_build_id=$(curl -s $url/user | grep -o 'form-[^" ]\{40,\}')
cookie=$(curl -sX POST -d "name=$user&pass=$pass&form_id=user_login&op=Log+in&form_build_id=$form_build_id" $url -D- | grep -o "SESS[^;]\{60,\}")
content=$(curl -s -H "Cookie: $cookie" ${url}${uri_php})
read key server_ip < <(grep -o "SERVER_ADDR[ <][^.]\+\.[^.]\+\.[^.]\+\.[^ <]\+" <<<$content | sed -e 's/<[^>]*>//g');
echo $server_ip

Upvotes: 0

Mike
Mike

Reputation: 872

Firstly, code 200 mustn't mean that you were really logged in. Response code 200 means that the webserver is telling you that your request succeeded but webserver has no idea whether you logged in to drupal or not.

Second thing is I open my homepage and unfortunately I wasn't logged in. You mean that you open your browser? Does your browser share cookies that you specified in cURL params?

Upvotes: 1

versha
versha

Reputation: 107

Make sure you choose correct Response formatters and Request Parsing for your resource. You will check it at http://example.com/admin/structure/services/list/Your_resource/server

 <?php
/**
 * Create a token for non-safe REST calls.
 **/
function mymodule_get_csrf_header() {
  $curl_get = curl_init();
  curl_setopt_array($curl_get, array(
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_URL => 'http://example.com/services/session/token',
  ));
  $csrf_token = curl_exec($curl_get);
  curl_close($curl_get);
  return 'X-CSRF-Token: ' . $csrf_token;
}


$service_url = 'http://example.com/rest/user/login'; 
$post_data = array(
    'username' => 'admin',
    'password' => 'pass',
);
// We format post data as application/x-www-form-urlencoded so make 
// sure that you tick it under the rest server parser options.
$post_data = http_build_query($post_data, '', '&'); 

// cURL
$curl = curl_init($service_url);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/json', mymodule_get_csrf_header()));
// We want curl to return a string
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);  
// Choose method POST
curl_setopt($curl, CURLOPT_POST, true);
// Feed the data to POST to curl
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data); 
// Make it verbose for debugging.
curl_setopt($curl, CURLOPT_VERBOSE, true);
// Go!
$response = curl_exec($curl);
$logged_user = json_decode($response);
 $http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
    if ($http_code == 200) {
      $logged_user = json_decode($response);
      echo 'logged';
    }
    else {
      $http_message = curl_error($curl);
      die('Unable to connect to Basic CMS Engine! 
                                            Username or password incorrect! 
                                            Please enter valid username and password!');  
    }
    setcookie($logged_user->session_name,$logged_user->sessid,time() + 10000,'/');
    ob_end_flush();
?>

Upvotes: 0

Related Questions