Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Dispach Admin With Curl - Access To Controller Rate Topic   - - - - -

 

Posted 04 January 2016 - 09:02 PM #1

I'm trying to access my complement handler with Curl from a cron in ubuntu 14.04.
 
I read the forums:
 
but the response I get is, an access denied by cross-site attack        T.T
 
Code:
 
$parameters= array('return_url' => 'admin.php', 'user_login' => 'user@test.com', 'password' => '123', 'dispatch[auth.login]' => 'Sign in');
 
$cookie='/cookie.txt';
$useragent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"; 
 
$username = 'admin@test.com';
$password = '123';
 
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
//curl_setopt($ch, CURLOPT_REFERER, $referrer);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$parameters);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_HEADER,0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR,$cookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
/* curl_setopt($ch, CURLOPT_HTTPHEADER, array(
 'method' => 'POST',
 "Authorization: Basic ".base64_encode("$username:$password"),
)); */
    curl_exec($ch);
    curl_setopt($ch, CURLOPT_URL,$referrer);
curl_exec($ch);
    curl_close($ch);

 

 

Thank you for your attention and help.



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 12156 posts

Posted 05 January 2016 - 07:03 AM #2

Generally, your cron script would do something like:
 
define('AREA', 'A');
define('AREA_NAME', 'admin');
define('BOOTSTRAP', true);
define('CONSOLE', true);
 
require_once("./init.php");
use Tygy\Registry;
 
$cron_password = Registry::get('settings.Security.cron_password');

if( $cron_password && (!isset($_REQUEST['pw']) || $cron_password != $_REQUEST['pw']) ) {
        die('Access_denied');
}
// continue with the rest of your script, you've been authenticated.
// You won't have any SESSION data or cookies since you're not using a web server.
// You would call this from cron (assuming this is called cron_script.php) as:
// cd /home/[cpanel user account]/public_html; php -q app/addons/my_addon/cron_script.php --pw=password;
Hope this helps you get started. Lot easier than screen-scraping a login.
Notice that you're trying to use methods from 5+ years ago.

EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.