joomla admin login via php post script wrong token

Question

I am trying to make a script which logs me automatically in as administrator in the Joomla panel. I am using snoopy for the post query and its working fine except that the response of Joomla is that the security token is wrong. I use JSession::getFormToken() to get the token, which when I echo it outputs a token (but maybe not the right one?).

Why I need that? I just want to make a script that grants me admin rights to my site (the script will be password protected) and automatically creates articles but the problem is the security token in Joomla (currently using version 3.0) which is needed for the admin login and also for posting articles. Is there maybe a easier way to realize my idea?

Here is the script I use (BTW the script is in an article and I am using directPHP to bind PHP in the articles):

<?php include "Snoopy.class.php";
$snoopy = new Snoopy;
$x=JSession::getFormToken();
$submit_url = "http://domain.com/administrator/index.php";
$submit_vars["username"] = "admin";
$submit_vars["passwd"] = "mypassword";
$submit_vars["option"] = "com_login";
$submit_vars["task"] = "login";
$submit_vars["return"] = "aW3kDXgucMhw";
$submit_vars[$x] = "1";
if($snoopy->submit($submit_url,$submit_vars))
{
    while(list($key,$val) = each($snoopy->headers))
        echo $key.": ".$val."<br>\n";
    echo "<p>\n";

    echo "<PRE>".htmlspecialchars($snoopy->results)."</PRE>\n";
}
else
    echo "error fetching document: ".$snoopy->error."\n"; ?>

The output is as follows:

    0: HTTP/1.1 200 OK
1: Date: Sat, 21 Dec 2013 15:02:53 GMT
2: Server: Apache
3: X-Powered-By: PHP/5.3.28
4: Connection: close
5: Content-Type: text/html

Die Anfrage wurde zurückgewiesen, da der Sicherheitstoken ungültig ist. Aktualisieren Sie die Seite und versuchen Sie es erneut. (means the query's been rejected because of a wrong security token)

So how can I get the "right" security token or is there a easier way to realize my idea. Thanks in advance.

Answer 1

I was having a similar issue.

I was utilizing jQuery to log a user in from the front end (after they were already authenticated, of course) and was receiving the same response. I was using $document->addScriptDeclaration() to get the session token into a JavaScript variable.

I think the issue arises when you call JSession::getFormToken() on the front-end.

I tested this by writing a small plugin and onAfterInitialize did something like this:

function onAfterInitialise()
{
   $request = JFactory::getApplication()->input->get->get('ajaxGet', '', 'string');
   $admin = JFactory::getApplication()->isAdmin();


    if(  $request == "token" and $admin){
        echo json_encode(array("token" => JSession::getFormToken()));
        exit();
    }
}

Please note I don't recommend this for ANY sort of production. This was simply for testing.

So with my jQuery script, I first called a GET request to /adminstrator.php and received the above JSON. Then I used that token to make my login request and then the login was successful.

It seems that Joomla does a good job of differentiating tokens generated on the front and backend.

Hope this helps!