I currently have a Joomla 1.5 installation, as well as another website. They both reside on the same web server. They are in different folders within the wwwroot directory, however. I would like to place a login form within the non-joomla website, which will log the user in to Joomla. I have already tried copying and pasting the Joomla login form code into a page on the non-joomla site, and everything works fine up until the secret form value is not correct. Any help is greatly appreciated.
EDIT: Here is the code-
Contact form:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>
<body>
<form id="login" name="login" method="post" action="login.php">
<label>
<input name="username" type="text" id="username" value="username" />
</label>
<label>
<input name="password" type="password" id="password" value="password" />
</label>
</p>
<p>
<label>
<input type="submit" name="submit" id="submit" value="Submit" />
</label>
</p>
</form>
</body>
</html>
Login Script:
<?php
$uname = $_POST['username'];
$upswd = $_POST['password'];
$url = "http://www.mywebsite.com/joomla_site/index.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url );
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE );
curl_setopt($ch, CURLOPT_COOKIEJAR, './cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, './cookie.txt');
curl_setopt($ch, CURLOPT_HEADER, FALSE );
$ret = curl_exec($ch);
if (!preg_match('/name="([a-zA-z0-9]{32})"/', $ret, $spoof)) {
preg_match("/name='([a-zA-z0-9]{32})'/", $ret, $spoof);
}
// POST fields
$postfields = array();
$postfields['username'] = urlencode($uname);
$postfields['passwd'] = urlencode($upswd);
$postfields['lang'] = '';
$postfields['option'] = 'com_login';
$postfields['task'] = 'login';
$postfields[$spoof[1]] = '1';
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$ret = curl_exec($ch);
?>
Ok, in order for this to work here is what needs to be done -
- Create a new session and get the associated token
- Pass the username, password, and token to create a logged in session
- Get the new cookie values for logged in session
- Transfer cookie to the browser
Here is the code needed to accomplish all of this:
<?php
$uname = $_POST['username'];
$upswd = $_POST['password'];
$url = "http://joomla website.com";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url );
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE );
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE );
curl_setopt($ch, CURLOPT_COOKIEJAR, realpath('./cookie.txt'));
curl_setopt($ch, CURLOPT_COOKIEFILE, realpath('./cookie.txt'));
curl_setopt($ch, CURLOPT_HEADER, TRUE );
$ret = curl_exec($ch);
if (!preg_match('/name="([a-zA-z0-9]{32})"/', $ret, $spoof)) {
preg_match("/name='([a-zA-z0-9]{32})'/", $ret, $spoof);
}
// POST fields
$postfields = array();
$postfields['username'] = urlencode($uname);
$postfields['passwd'] = urlencode($upswd);
$postfields['option'] = 'com_user';
$postfields['task'] = 'login';
$postfields[$spoof[1]] = '1';
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$ret = curl_exec($ch);
// Get logged in cookie and pass it to the browser
preg_match('/^Set-Cookie: (.*?);/m', $ret, $m);
$cookie=explode('=',$m[1]);
setcookie($cookie[0], $cookie[1]);
?>
This should work on any Joomla website as long as the URL used in the script has a login form on the page. Once you run this script you should then be able to access the website and be logged in.
It's not working because Joomla requires a unique token with each login request. It generates a new token every time it creates a login form and that token is associated with the user session. In order for your login to work, you are going to have to create a new session and pull the associated token to submit with your form. There was a similar question a while back that has some good answers on how to establish the session and get the token.
I got this working a different way (after a day of re-writing code and trying different things). First of all, be sure the php file is in your root Joomla directory. If token and sign in work but your browser isn't getting the cookie put the cookie code BEFORE the post code. Did that and it works fine. Thanks again Brent for the help.
<?php
$uname = $_GET['username'];
$upswd = $_GET['password'];
$url = "http://www.myJoomlaSite.com";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url );
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE );
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE );
curl_setopt($ch, CURLOPT_COOKIEJAR, realpath('./cookie.txt'));
curl_setopt($ch, CURLOPT_COOKIEFILE, realpath('./cookie.txt'));
curl_setopt($ch, CURLOPT_HEADER, TRUE );
$ret = curl_exec($ch);
if (!preg_match('/name="([a-zA-z0-9]{32})"/', $ret, $spoof)) {
preg_match("/name='([a-zA-z0-9]{32})'/", $ret, $spoof);
}
// Get logged in cookie and pass it to the browser
preg_match('/^Set-Cookie: (.*?);/m', $ret, $m);
$cookie=explode('=',$m[1]);
setcookie($cookie[0], $cookie[1]);
// POST fields
$postfields = array();
$postfields['username'] = urlencode($uname);
$postfields['passwd'] = urlencode($upswd);
$postfields['option'] = 'com_user';
$postfields['task'] = 'login';
$postfields[$spoof[1]] = '1';
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$ret = curl_exec($ch);
?>
来源:https://stackoverflow.com/questions/5176142/logging-in-to-joomla-1-5-using-external-form-not-within-joomla-folder-but-on-s