开发者

Login outside Joomla using Curl

开发者 https://www.devze.com 2023-03-04 13:12 出处:网络
I tryed to do this on my website and I have this code that works in one of my Joomla instalations but it doesn\'t work on another joomla instalation. On the instalation that doesn\'t work, the script

I tryed to do this on my website and I have this code that works in one of my Joomla instalations but it doesn't work on another joomla instalation. On the instalation that doesn't work, the script does search the database and finds the user credentials but when it goes to mywebsite.com it doesn't log in the user. The users password is not encrypted, it's another field that I use only for this purpose. Can someone help me find out what's wrong?

<?php
mysql_connect("localhost", "sqluser", "sqlpass") or die(mysql_error());
mysql_select_db("sqldb") or die(mysql_error());
$uname = $_POST['username'];
$upswd = $_POST['password'];
$result_user = mysql_query("SELECT username FROM jos_users where username = '$uname'") or die(mysql_error());
$rows_user = mysql_num_rows($result_user);
$result_pass = mysql_query("SELECT vm_pass_lojat FROM jos_vm_user_info where vm_pass_lojat = '$upswd'") or die(mysql_error());
$rows_pass = mysql_num_rows($result_pass);
if($rows_user > 0){ 
    if($rows_pass > 0){ 
        $url = "http://www.mywebsite开发者_如何学JAVA.com/online/index.php";
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
        curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
        curl_setopt($ch, CURLOPT_COOKIEJAR, realpath('./cookie.txt'));
        curl_setopt($ch, CURLOPT_COOKIEFILE, realpath('./cookie.txt'));
        curl_setopt($ch, CURLOPT_HEADER, TRUE);
        $ret = curl_exec($ch);
        if (!preg_match('/name="([a-zA-z0-9]{32})"/', $ret, $spoof)){
             preg_match("/name='([a-zA-z0-9]{32})'/", $ret, $spoof);
            }
        // POST fields
        $postfields = array();
        $postfields['username'] = urlencode($uname);
        $postfields['passwd'] = urlencode($upswd);
        $postfields['option'] = 'com_user';
        $postfields['task'] = 'login';
        $postfields[$spoof[1]] = '1';
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
        $ret = curl_exec($ch);
        // Get logged in cookie and pass it to the browser
        preg_match('/^Set-Cookie: (.*?);/m', $ret, $m);
        $cookie = explode('=', $m[1]);
        setcookie($cookie[0], $cookie[1]);
        header("location:  http://www.mywebsite.com/online/index.php");
        }
    else
        {
        echo "WRONG PASSWORD";
    }
    }
else
    {
    echo "NO USER FOUND";
}
?>


The authentication plugin in the backend might not be active.

0

精彩评论

暂无评论...
验证码 换一张
取 消