Automatically log in authenticated Drupal user

Posted in

Blog
Drupal

In some cases it may be desirable to externally access authenticated user paths on our Drupal site. I use this approach to kick off various admin functions.

In order to access authenticated user paths it is necessary to establish a session as shown in the following script.

Usage is simple. Save the script as say remote-login.php in the Drupal root directory along side index.php.

To access our authenticated user path:

wget http://www.drupalsite.com/remote-login.php?user=admin&passwd=admin&path=some/auth/user/path

remote-login.php

<?php

  // authenticate
  $userName = $_REQUEST["user"];
  $password = $_REQUEST["passwd"];
  $path = $_REQUEST["path"];
  $site = 'http://'.$_SERVER['SERVER_NAME'];
  $fail = "REMOTE_LOGIN_FAIL";
  
  $cookiefile=tempnam("/tmp", "cookie");
  
  // get login form.
  // can perhaps reduce to one curl_exec
  // with mods to curl_setopt
  $crl = curl_init();
  $url = $site."/user/login";  
  curl_setopt($crl, CURLOPT_URL, $url);
  curl_setopt($crl, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($crl, CURLOPT_COOKIEJAR, $cookiefile);
  $result=curl_exec($crl);
  $info = curl_getinfo($crl);
  curl_close ($crl);
  if ($info['http_code'] != 200) {
    unlink($cookiefile);
    die("$fail : ".$info['http_code']);
  }
  
  // login
  $crl = curl_init();
  $url = $site."/user/login";
  curl_setopt($crl, CURLOPT_URL, $url);
  curl_setopt($crl, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($crl, CURLOPT_COOKIEFILE, $cookiefile);
  curl_setopt($crl, CURLOPT_COOKIEJAR, $cookiefile);
  curl_setopt($crl, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($crl, CURLOPT_POST, 1);
  
  $postdata=array(
    "name" => $userName, 
    "pass" => $password,
    "form_id" => "user_login", 
    "op" => "Log in",
  );
  curl_setopt ($crl, CURLOPT_POSTFIELDS, $postdata);
  $result=curl_exec($crl);
  $headers = curl_getinfo($crl);
  curl_close ($crl);
  
  // if at same url then login failed.
  // we should have been redirected to user's page
  if ($headers['url'] == $url) {
      unlink($cookiefile);
      die("$fail");
  }
  
  // call our target path and return output
  $url = $site."/$path";    
  $crl=curl_init();
  curl_setopt($crl, CURLOPT_URL, $url);
  curl_setopt($crl, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($crl, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($crl, CURLOPT_COOKIEFILE, $cookiefile);
  $result = curl_exec($crl);
  curl_close($crl);

  unlink($cookiefile);
  
  echo($result);
?>

Submitted by Jonathan Mitchell on Tue, 04/06/2010 - 20:57

Anonymous (not verified) Says:
Tue, 08/31/2010 - 13:39

Thank you so much for posting this! And also cross posting it on the Drupal documentation site. You save me hours of time.

Post new comment

Your name:

E-mail:

The content of this field is kept private and will not be shown publicly.

Homepage:

Subject:

Comment: *

Input format

Filtered HTML

Web page addresses and e-mail addresses turn into links automatically.
Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre>
Lines and paragraphs break automatically.
Syntax highlight code surrounded by the {syntaxhighlighter OPTIONS}...{/syntaxhighlighter} tags.

Full HTML

Web page addresses and e-mail addresses turn into links automatically.
Lines and paragraphs break automatically.
Syntax highlight code surrounded by the {syntaxhighlighter OPTIONS}...{/syntaxhighlighter} tags.

More information about formatting options

CAPTCHA

Let us know you are human.

Math question: * 9 + 5 =

Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.