user2982789 user2982789 - 9 months ago 101
Perl Question

Joomla auto login from foreign script

I am trying to make a script which will login on a Joomla! site and after a simple page refresh will return the value i need.

I thought of something simple like:

wget --useragent="" --load-cookies="" --save-cookies="" --keep-session-cookies --post-data="?option=com_user&username=testuser&passwd=testpassword&Submit=Login&option=com_user&task=login&return=token=1" --quiet -O file http://site/index.php

But it returns

"You should enable JavaScript to login or register"

So i was wondering if such thing is possible? I've tried to use Perl with Mechanize, but the problem is that there is a JavaScript authorization.


Why this won't work is because Joomla uses a hidden token input to check that a request originates from a page that was generated previously. The token changes every time and is coupled to the session. See here for info:

The com_user component will check the token, so if you want to do this using wget you have to first request a login form (e.g. /index.php?option=com_user&view=login ), and then scrape it to find the token and submit it with the actual login request.

Note that the token looks like <input type="hidden" name="<hex-coded-value>" value="1" />, i.e. the name of the input is the actual token value, just the other way around as you would expect.