Joomla - Logging in a Guest User by Script

UPDATE: I found an IIS bug that might be causing the problem. See this post IIS and nph.

_________________Original Question_______________________________________________________________________________

I have a Guest Joomla user that has access to a less private, but still private, part of my website. I want some users, accessing by a special link containing a hash, to be able to login automatically under the limited access Guest account.

To accomplish this, I'm following a post by Brent Friar Logging in using cURL.

Parts of the process are working.

• I am able to make the cURL request, scrape the token value.
• Once the script runs, I can look at the Joomla session table and see an entry for my guest user.
• When I print the value of the cookie just before I set it - it matches the cookie in the session table.

However, when I try to proceed to the area of the site the Guest user should have access to, I get redirected to the login screen. When I inspect the cookies in my browser, it's not the same cookie that printed in the script. Then if I check the session table again, I see that the new cookie is tied to a newer, anonymous session.

Why is the cookie set in setCookie() not persisting?

Here is my code:

$uname = "DocGuest";
        $upswd = "pass";

        //This is the URL of the normal login form on the website
        $url = "http://localhost/index.php?option=com_content&view=article&id=115&Itemid=283";

        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url );
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE );
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE );
        curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE );
        curl_setopt($ch, CURLOPT_COOKIEJAR, realpath('./cookie.txt'));
        curl_setopt($ch, CURLOPT_COOKIEFILE, realpath('./cookie.txt'));
        curl_setopt($ch, CURLOPT_HEADER, TRUE );
        $ret = curl_exec($ch);
        if (!preg_match('/name="([a开发者_运维问答-zA-z0-9]{32})"/', $ret, $spoof)) {
            preg_match("/name='([a-zA-z0-9]{32})'/", $ret, $spoof);
        }

        $postfields = array();
        $postfields['username'] = $uname;
        $postfields['passwd'] = $upswd;
        $postfields['lang'] = 'en';

        $postfields['option'] = 'com_user';
        $postfields['task'] = 'login';
        $postfields[$spoof[1]] = '1';
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
        $ret = curl_exec($ch);


        // Get logged in cookie and pass it to the browser
        preg_match('/^Set-Cookie: (.*?);/m', $ret, $m);
        $cookie=explode('=',$m[1]);
        print_r($cookie);  //Cookie matches session table here?


        //header("location:  http://localhost/index.php?option=com_k2&view=itemlist&layout=category&task=category&id=1&Itemid=158");
        setcookie($cookie[0], $cookie[1], 3600*24, '/');

---

Wow, interesting issue, I will assume that you are using XAMPP due to the domain. First thing I see that could cause a problem is the redirect being before you transfer the cookie.

//header("location:  http://localhost/index.php?option=com_k2&view=itemlist&layout=category&task=category&id=1&Itemid=158");
setcookie($cookie[0], $cookie[1], 3600*24, '/');

Should be:

setcookie($cookie[0], $cookie[1], 3600*24, '/');
header("location:  http://localhost/index.php?option=com_k2&view=itemlist&layout=category&task=category&id=1&Itemid=158");

The other thing I would do is not set the path to the cookie. I know in the past I have had issues with XAMPP paths not working like I thought they would. Try using:

setcookie($cookie[0], $cookie[1], 3600*24);