Can't log in with wget

By fluke on 13 Feb 2007 at 20:37 UTC

I'm trying to set up a wget script to login to my Drupal site and check everything is ok. However i'm stuck at the login part. The watchdog log shows that i successfully logged in and the login field in the users table shows the correct time, but the entry in the sessions table has uid 0. I've tried getting a session cookie first and passing that along with the request but it doesn't help either.

$ wget -S -O 1.html --post-data='name=jon&pass=jon&op=Log%20in&form_id=user_login_block' http://drupal.localdomain/
--09:11:10--  http://drupal.localdomain/
           => `1.html'
Resolving drupal.localdomain... 127.0.0.1
Connecting to drupal.localdomain|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 
  HTTP/1.1 302 Found
  Date: Tue, 13 Feb 2007 20:11:10 GMT
  Server: Apache/2.0.55 (Ubuntu) PHP/5.1.2
  X-Powered-By: PHP/5.1.2
  Set-Cookie: PHPSESSID=2fd7070b361d0c1b3e77207718ee2283; expires=Thu, 08 Mar 2007 23:44:30 GMT; path=/; domain=.drupal.localdomain
  Expires: Sun, 19 Nov 1978 05:00:00 GMT
  Last-Modified: Tue, 13 Feb 2007 20:11:10 GMT
  Cache-Control: no-store, no-cache, must-revalidate
  Cache-Control: post-check=0, pre-check=0
  Set-Cookie: PHPSESSID=2decc3f388a2eed7658890742ce3b330; expires=Thu, 08 Mar 2007 23:44:30 GMT; path=/; domain=.drupal.localdomain
  Location: http://drupal.localdomain/user/1
  Connection: close
  Content-Type: text/html; charset=utf-8
Location: http://drupal.localdomain/user/1 [following]
--09:11:10--  http://drupal.localdomain/user/1
           => `1.html'
Connecting to drupal.localdomain|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 
  HTTP/1.1 403 Forbidden
  Date: Tue, 13 Feb 2007 20:11:10 GMT
  Server: Apache/2.0.55 (Ubuntu) PHP/5.1.2
  X-Powered-By: PHP/5.1.2
  Set-Cookie: PHPSESSID=2decc3f388a2eed7658890742ce3b330; expires=Thu, 08 Mar 2007 23:44:30 GMT; path=/; domain=.drupal.localdomain
  Expires: Sun, 19 Nov 1978 05:00:00 GMT
  Last-Modified: Tue, 13 Feb 2007 20:11:10 GMT
  Cache-Control: no-store, no-cache, must-revalidate
  Cache-Control: post-check=0, pre-check=0
  Content-Length: 4210
  Keep-Alive: timeout=15, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=utf-8
09:11:10 ERROR 403: Forbidden.

Comments

can now login with wget

fluke commented 27 March 2007 at 22:38

The first problem is that you can't log in unless you have a PHPSESSID cookie set and send it with the form submission. So you need to load the login page first and save the cookie sent. I'm not sure if the second problem is a bug in Drupal or wget or just wget obeying our explicitly set cookie header, but there are 3 cookies sent from the 302 page after we log in:

Set-Cookie: PHPSESSID=fcd80d48901b026996f952c980dcb805; expires=Fri, 20 Apr 2007 01:44:52 GMT; path=/; domain=.localdomain
Set-Cookie: PHPSESSID=deleted; expires=Mon, 27-Mar-2006 22:11:31 GMT; path=/
Set-Cookie: PHPSESSID=f4f802870390db7179ccb64e1e73350c; expires=Fri, 20 Apr 2007 01:44:52 GMT; path=/; domain=.localdomain

The first is the cookie i sent, the third is the one for our logged in session. But wget sends the first one again when it loads the main page (after the redirect), so we are still logged out and get that cookie back:

  Set-Cookie: PHPSESSID=fcd80d48901b026996f952c980dcb805; expires=Fri, 20 Apr 2007 01:44:52 GMT; path=/; domain=.localdomain

The solution then is to remember the third cookie and send that for future requests. Here's a shell script using wget and awk to log in and get the cookies. Watch out for line wrapping.

#!/bin/sh 

site=<url of site, ending with a slash>
name=<username>
pass=<password>

# get the initial session cookie
cookie=`wget -S -O /dev/null $site 2>&1 | awk '/Set-Cookie/{print $4}' FS='[ ;]'`

# do the login
cookie=`wget -S -O /dev/null --header="Cookie: $cookie" --post-data="name=$name&pass=$pass&op=Log%20in&form_id=user_login_block" "${site}?q=node&destination=node" 2>&1 | awk '/Set-Cookie/{print $4}' FS='[ ;]' | awk 'NR==3{print}'`

# load the main page
wget --header="Cookie: $cookie" $site

I can't seem to recurse wget the site using this method

kiboro commented 31 October 2007 at 10:52

I took the above script and can get the homepage logged in successfully (after changing NR==3 to NR==2). However if I add the -r to recurse my site I get the pages logged out.

Before anyone thinks I'm leeching, I'm trying to get an offline copy for a demo.

Can anyone possibly help?

Using wget's cookie options

asciikewl commented 19 December 2007 at 12:36

I've managed to get it working this way, using wget's own cookie handling:

I'm also referencing the /user page, not a login block (not enabled on my site)

#!/bin/sh

site=http://your site url with a slash on the end/
name=ScriptUser
pass=somethingsecure
cookies=/tmp/cron-cookies.txt

wget -O /dev/null --save-cookies /tmp/ba-cookies.txt --keep-session-cookies --load-cookies $cookies "${site}user"
wget --keep-session-cookies --save-cookies $cookies --load-cookies $cookies -O /dev/null \
        --post-data="name=$name&pass=$pass&op=Log%20in&form_id=user_login" \
        "${site}user?destination=login_redirect"
wget --keep-session-cookies --save-cookies $cookies --load-cookies $cookies "${site}login_redirect"

Maybe with the wget cookie handling you can recurse the site.

/tmp/ba-cookies.txt < is

naught101 commented 13 December 2008 at 01:28

/tmp/ba-cookies.txt < is this a typo?

could you explain how the script works? mostly, I don't understand the second and third wget lines...

if you want to avoid putting your password in a plaintext file, replace:

pass=somethingsecure
  with
read -a -p "password: " pass

and change the #!/bin/sh to #!/bin/bash

wget --keep-session-cookies --save-cookies $cookies --load-cookies $cookies -O /dev/null \
        --post-data="name=$name&pass=$pass&op=Log%20in&form_id=user_login_form" \
        "${site}user/login"

Cheers ;-)