We use cookies to improve your experience. No personal information is gathered and we don't serve ads. Cookies Policy.

ExpressionEngine Logo ExpressionEngine
Features Pricing Support Find A Developer
Partners Upgrades
Blog Add-Ons Learn
Docs Forums University
Log In or Sign Up
Log In Sign Up
ExpressionEngine Logo
Features Pro new Support Find A Developer
Partners Upgrades
Blog Add-Ons Learn
Docs Forums University Blog
  • Home
  • Forums

Using cURL to log into ExpressionEngine

Development and Programming

Addison's avatar
Addison
59 posts
15 years ago
Addison's avatar Addison

Two questions… I’ve (finally) successfully logged in using a small cURL script I found online:

<?php
$url ="http://myeesite.com/index.php/login-template/";
// need to replace username and password with variables...
$curlPost = 'ACT=11&RET=path/template&username;='.urlencode('xxx').'&password;='.urlencode('xxx').'&submit=Submit';
// set a handle and starts cURL session
$ch = curl_init();
// set the url
curl_setopt($ch, CURLOPT_URL, $url);
// return server header response
curl_setopt($ch, CURLOPT_HEADER, 1);
// don't send the response straight to the browser...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// send the form response via POST
curl_setopt($ch, CURLOPT_POST, 1);
// try any authentication
//curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'widget_cookie.txt');
curl_setopt ($ch, CURLOPT_POSTFIELDS, $curlPost);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;
?>

However, I was forced to disable secure forms so that XID was not required.

Question 1: Has anyone ever done this without disabling secure forms?

I’m trying to help a team of software developers figure out how to have their application log in and access an XML feed of graphics and add-ons from ExpressionEngine. Each license holder will have a member profile within ExpressionEngine so, in theory, it should be possible. I’ve set $url in the code above to point to a template with a special login form that returns to my XML file. It works within a web browser, but I have no idea how the software team will integrate that into their application.

Question 2: Does anyone have a better idea of how to achieve this?

I’m certainly not looking to get any full-blown solutions, but I’d certainly appreciate some honest advice or plain ol’ wisdom.

Thanks, addison

       
ender's avatar
ender
1,644 posts
15 years ago
ender's avatar ender

you could ping a page with a login form on it to scrape a valid XID hash and send that in your login attempt perhaps.

       
Addison's avatar
Addison
59 posts
15 years ago
Addison's avatar Addison

Thanks, Ty – I’ll check that out. I’ve heard of people scraping blogs and such, but I never imagined it for a use like this.

       
Rob Sanchez's avatar
Rob Sanchez
335 posts
15 years ago
Rob Sanchez's avatar Rob Sanchez

I usually achieve this by using templates with “Enable HTTP Authentication” turned on. Then you can just have them ping the url with the username and password, like: http://username:[email protected]/template/

       
Addison's avatar
Addison
59 posts
15 years ago
Addison's avatar Addison

Rob, that’s the route the software engineers were hoping to take, but I had no idea it was there – thank you!

However, it appears that user data like screen_name and email are not available with this method. Is there any way around that?

       
Rob Sanchez's avatar
Rob Sanchez
335 posts
15 years ago
Rob Sanchez's avatar Rob Sanchez
However, it appears that user data like screen_name and email are not available with this method. Is there any way around that?

I had no idea about that. Is {member_id} or {logged_in_member_id} available? If so, then you can probably use the custom profile data tag with the member_id param.

       
Addison's avatar
Addison
59 posts
15 years ago
Addison's avatar Addison

Nope. Neither is available. I can get the username with:

$_SERVER['PHP_AUTH_USER'];

but I need the ID to get the other member info.

I’ll keep tinkering and see if I need to go back to cURL. Thanks.

       
Addison's avatar
Addison
59 posts
15 years ago
Addison's avatar Addison

Well, I think we’re settling on HTTP authentication since it’s more straightforward and feels less “hacky” than using the cURL stuff. We’ll use the PHP variable for getting the username for tracking and be happy with that. Thanks for your help, guys.

-Addison

       

Reply

Sign In To Reply

ExpressionEngine Home Features Pro Contact Version Support
Learn Docs University Forums
Resources Support Add-Ons Partners Blog
Privacy Terms Trademark Use License

Packet Tide owns and develops ExpressionEngine. © Packet Tide, All Rights Reserved.