pycurl 登录 joomla 网站

Question

I try create small script for login joomla web site whit python pycurl, im write this code :

import sys, re
import pycurl
import cStringIO
import time
import urllib

def LoginJoomla(url):
    buf = cStringIO.StringIO()
    c = pycurl.Curl()
    c.setopt(c.URL, url)
    post_params = [('usrname','admin'),('passwd','1234567789'),('submit','Login')]
    resp_data = urllib.urlencode(post_params)
    c.setopt(c.POSTFIELDS, resp_data)
    c.setopt(pycurl.POST, 1)
    c.setopt(c.WRITEFUNCTION, buf.write)
    c.perform()
    html = buf.getvalue()
    buf.close()
    print html

LoginJoomla("http://www.domain.com/administrator/index.php?option=com_user&view=login")

Bat not working, give me the normal login webpage, please any body can say me where i wrong.

Answer 1

Read the BUT first!

You need to get the URL parameters right (I think your URL is bad):

POST to http://www.example.com/administrator/

with the following parameters:

• option=com_login
• task=login
• username=YOURUSER (not usrname! as you have)
• passwd

BUT from my knowledge about Joomla! autentication, you can't do it this way, because Joomla! from the web browser will send a token, to make sure the form was posted from a browser.

If it's not posted from a browser, an error like 'The most recent request was denied because it contained an invalid security token. Please refresh the page and try again.'

I know it's possible to remotely login to Joomla!, just keep searching. You may need a custom authentication plugin.

Answer 2

I required the same thing and I have managed to do it. We need to do the following:

1. Open login page, and accept all cookies that are returned.
2. Parse the html page and get the randomized token - hidden input field.

3. Send an HTTP POST to the login processing script with all fields and cookies.

    import bs4 import requests import urllib, urllib2, cookielib jar = cookielib.FileCookieJar("cookies") opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar)) r = opener.open("[INSERT LOGIN PAGE URL]").read() soup=bs4.BeautifulSoup(r, "html.parser") hidden_tags = soup.find_all("input", type="hidden") # Get the randomized token - which is the 5th hidden field in the form token_name = hidden_tags[4]['name'] token_val= hidden_tags[4]['value'] login_data = {'username':'[INSERT USERNAME]', 'password':'[INSERT PASSWORD]', 'remember':'yes', token_name: token_val} # Attempt login opener.open("[LOGIN PAGE FORM ACTION]", urllib.urlencode(login_data)) # Now open logged-in page you wish logged_response = opener.open("[LOGIN PROTECTED PAGE]") logged_result = logged_response.read() print logged_result

Answer 3

For anyone looking for solution in Python 3, I'm posting my solution:

It uses requests package and looks if correct set-cookie header was returned after login action.

import re
import requests

session = requests.Session()

response = session.get("[INSERT LOGIN PAGE URL]")

hidden_tags = re.findall(r'<input.+type="hidden".+>', response.text)

# Get the randomized token - which is the 6th hidden field in the form
token_name = re.findall(r'name="(\S+)"', hidden_tags[5])[0]
token_val = re.findall(r'value="(\S+)"', hidden_tags[5])[0]

login_data = {
    "username": '[INSERT USERNAME]',
    "password": '[INSERT PASSWORD]',
    "remember": "yes",
    "return": "",
    token_name: token_val,
}

login_response = session.post("[LOGIN PAGE FORM ACTION]", data=login_data, allow_redirects=False)

login_cookie = login_response.headers.get('set-cookie', "")

print("joomla_user_state=logged_in" in login_cookie)