Author Topic: Submitting login info via CURL (Read 7514 times)

bocode · « **on:** February 04, 2010, 10:49:19 PM »

Hello All,

I'm trying to post the login info to RC (viz., _user, _pass, _action et al) via a curl script with no changes done to any of the RC code (like rc/index.php). But am unable to get the RC mail dashboard (folders or left, mail pane in the center etc). Also the the address bar remains same with the url of the script which has the curl in it.

This is my CURL code:
--------------------------------
$url = "/rc/index.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url); // set url to post to
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER,0); // return into a variable
curl_setopt($ch, CURLOPT_TIMEOUT, 0); // times out after Ns
curl_setopt($ch, CURLOPT_POST, 1); // set POST method
curl_setopt($ch, CURLOPT_POSTFIELDS, "_user=".$_POST['uname']."&_pass=".$_POST['passwd']."&ajax=1&_action=login"); // add POST fields
curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_exec($ch); // run the whole process
curl_close($ch);
----------------------------------------------

Can somebody tell me what am doing wrong?

Note: I'm interested in finding a solution to the problem of sending login info via a script to RC backend..curl is just a candidate..please let me know if any other (non-html) ways exist.

Thanks in advance

rosali · « **Reply #1 on:** February 05, 2010, 12:36:26 AM »

Check my plugin 'logout_redirect' (bundled with MyRoundcube plugins - see signature).

There is a Javascript AJAX login sample included.

CURL does not work because it establish a session by the webserver where the script is running and not for the client.

coolatt · « **Reply #2 on:** April 05, 2010, 02:47:55 AM »

Quote from: rosali;25243

Check my plugin 'logout_redirect' (bundled with MyRoundcube plugins - see signature).

There is a Javascript AJAX login sample included.

CURL does not work because it establish a session by the webserver where the script is running and not for the client.

hi rosali,

according to my understanding curl emulates a browser.

what if php is configured to store the session id in url instead of a cookie on the user's browser ?
is it possible to ask CURL to log on behalf of the user ?
assume curl login on behalf of user then it gets the session for that user.

in a real browser, we access the desired url with the session id (get from curl) appended.
will this do the job of automatically login a user ??

rosali · « **Reply #3 on:** April 06, 2010, 12:18:34 AM »

Well, just try it. I'm not too experienced in these things. But I think it won't work. On the first request PHP transmits a Session ID to the browser, which the browser has to use on each following request to be identified as the same user. The first request comes from cURL and not from the client browser.