I'm trying to login to our own limesurvey server via PHP Curl. But everytime I get "CSRF-Token could not be veryfied".
Code:
//1. GET Request for Setting Cookie-Information PHPSESSID and YII_CSRF_TOKEN
$sh = curl_share_init();
curl_share_setopt($sh, CURLSHOPT_SHARE, CURL_LOCK_DATA_COOKIE);
// $cookie = 'C:/Temp/cookies.txt';
//Initialize Handle
$handle1 = curl_init();
curl_setopt($handle1, CURLOPT_SHARE, $sh);
// curl_setopt($handle1, CURLOPT_COOKIEJAR, $cookie );
// curl_setopt($handle1, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($handle1, CURLOPT_URL, "https://limesurvey.xxxxx.xx/limesurvey/index.php?r=admin");
curl_setopt($handle1, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($handle1, CURLOPT_RETURNTRANSFER, true );
//Execute Request
$output = curl_exec ( $handle1 );
//Find YII-Token
$regex_pattern_yii = "~YII_CSRF_TOKEN=(.+?)(?=~";
$search_yii = preg_match_all($regex_pattern_yii, $output, $matches_out);
$yii_token = urldecode($matches_out[1][0]);
unset($matches_out);
//2. Send POST Request with Cookie-Information and YII-Token
$param = array(
'authMethod' => "Authdb",
'user' => "xxxxx",
'password' => "xxxxx",
"YII_CSRF_TOKEN" => $yii_token,
"loginlang" => "default",
"action" => "login",
"width" => "1920",
"login_submit" => "login"
);
$handle2 = curl_init();
curl_setopt($handle2, CURLOPT_SHARE, $sh);
curl_setopt($handle2, CURLOPT_URL, "https://limesurvey.xxxxx.xx/limesurvey/index.php?r=admin");
curl_setopt($handle2, CURLOPT_POST, TRUE);
curl_setopt($handle2, CURLOPT_POSTFIELDS, $param);
curl_setopt($handle2, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($handle2, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($handle2, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($handle2, CURLOPT_HEADER, TRUE);
curl_setopt($handle2, CURLINFO_HEADER_OUT, TRUE);
curl_setopt($handle2, CURLOPT_VERBOSE, TRUE);
// curl_setopt($handle2, CURLOPT_COOKIEFILE, $cookie );
$output = curl_exec ( $handle2 );
curl_share_close($sh);
curl_close ( $handle1 );
curl_close ( $handle2 );
It would be nice, if someone could help me out.
