Advanced search  

News:

cpg1.5.46 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Login via POST  (Read 3424 times)

0 Members and 1 Guest are viewing this topic.

blueshack

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Login via POST
« on: October 14, 2015, 10:45:21 am »

Hi

When I strip down the loginpage to
Code: [Select]
<form action="login.php?" method="post">
<!-- Start standard table -->
<table>
                 <tr>
                     <td><input type="text" name="username"  /></td>
                  </tr>
                  <tr>
                       <td><input type="password" name="password"  /></td>
                  </tr>
                  <tr>
                      <td >
                       <button type="submit" name="submitted" value="OK" >OK</button>
                      </td>
                  </tr>
</table>
</form>
put this as a new html file on the server, call this file,
fill in my username, pwd, send ->
everything works fine.
I can go to the login.php and see, I'm logged in!


But when I try the same with cURL
Code: [Select]
$url = 'http://my_domain/_coppermine/login.php?referer=index.php';

$ch = curl_init($url);

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, array('username' => 'user', 'password' => 'somePWD','submitted' => 'OK'));

$response = curl_exec($ch);
curl_close($ch);

It dosn't work.


If I catch the $_POST response in the login.php file both request bring the same $_POST-array

So the login should work, but it does not.

What did I miss?

Thank you
Logged

gmc

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 720
    • GMC Design Photo Gallery
Re: Login via POST
« Reply #1 on: October 14, 2015, 02:34:18 pm »

Not really a Coppermine issue - but I have played with CURL a bit for other uses...

Quote
It dosn't work.
A little more information is needed to be able to help though...

Where are you expecting the output to go?
By default the response is output...
If you want the response assigned to the variable $response - you need to set CURLOPT_RETURNTRANSFER to TRUE

If that isn't the issue, what messages/status codes are returned? 
Inserting this after your curl_exec will get the status code... 200 is normal.
Code: [Select]
$status   = curl_getinfo($request, CURLINFO_HTTP_CODE);One or more of these curl options may help debug:
Code: [Select]
CURLOPT_FAILONERROR
CURLOPT_VERBOSE  (you can route the output with CURLOPT_STDERR


Logged
Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

blueshack

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Re: Login via POST
« Reply #2 on: October 14, 2015, 08:08:12 pm »

Thank you GMC
I will insert your code an post the debug messages.

The whole idea behind that is, to login (only login) from a foreign software to use the gallery with the same user.
So I just started to test how I could 'remote' login.
The usersync is a seperate thing ( in fact it is allready working)

what I have found ist something like tunelling
I will also look at this possibility. ( http://forum.coppermine-gallery.net/index.php/topic,76302.0.html )

thank you,
andi
Logged

gmc

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 720
    • GMC Design Photo Gallery
Re: Login via POST
« Reply #3 on: October 15, 2015, 01:21:05 am »

Don't know which software you're using...
In addition ti the 'tunnel' plugin, CPG supports 'bridging' - where it uses the user (and optionally group) information from the other software package...
Forums like and mybb are supported... And you can always write your own bridge script following the examples of the existing scripts.

If that helps...
Logged
Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

blueshack

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Re: Login via POST
« Reply #4 on: October 15, 2015, 06:30:14 am »

Thank you, thats a big help!

could you please give a short link for the eample?

I've looked arround a lot, but there so many examples, mostly no working ;) arround there.
Some of them seem to be old...

What I'm realy looking for is to bridge joomla, but I found no simple solution, which works with joomla3.
So I thought, it should be possible just to login remote ;) - and that could be used for every foreign software. So......

lets see, if we will get it backed.

thank you, andi
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4453
    • Windsurf.me
Re: Login via POST
« Reply #5 on: October 15, 2015, 12:44:36 pm »

There was a bridge for J2.5 with visual integration but it never got updated to J3.x. It might be easier to modify that rather than creating your own - http://forum.coppermine-gallery.net/index.php/topic,74483.0.html

As you already know, there is also the Joomla tunnel plugin.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

blueshack

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Re: Login via POST
« Reply #6 on: October 15, 2015, 02:35:45 pm »

Thank you all

For me is the most important thing the user and login-sync.
No visual implementation.

So the tunnel is all I need and, I've allready tried it, works perfekt!

But the starting question is not answered.
I want to understand why it is not the same to use my stripped down loginform or some POST-send methods from php.

Maybe the question and the solution is academic, because the tunnel is working, but - I think - interesing.

so, thank you for that and maybe someone has the answer for my starting question.

solong, andi

Logged

gmc

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 720
    • GMC Design Photo Gallery
Re: Login via POST
« Reply #7 on: October 15, 2015, 02:46:20 pm »

For your initial question - would need to see the output, reason code, etc from CURL as I indicated below...
I have found some forms that CURL has had issues with (or perhaps my knowledge of it... :) - typically when the form is passing some session info or similar that I just can't easily recreate externally) but the CPG login form is pretty straightword - I would expect it to work...

As you said - you have a solution - so up to you if you want to continue to pursue...
Logged
Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15369
Re: Login via POST
« Reply #8 on: October 16, 2015, 03:13:35 pm »

I haven't tested it, but I think the main issue is, that Coppermine creates a session cookie in the browser. As far as I understood your code correctly you send the login data to the login form - but this won't create the session cookie in the user's browser, as any information is returned to your server and stored in $response. I think you'd need to get the cookie information out of $response and then use setcookie to actually set the cookie in the browser. But I assume that this also won't work, as PHP currently sends the "wrong" user agent to the login form. You'd need to send the same user agent as the user's browser, as it's used to generate (and later detect) the session cookie. Then it may work. I assume a simple AJAX call will be much simpler ;)
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 21 queries.