Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!


2 years 1 month ago #210970 by amanns
PHP CURL Login was created by amanns
Hello everyone,

Our Limesurvey version: Version 2.67.3+170728
I'm trying to login to our own limesurvey server via PHP Curl. But everytime I get "CSRF-Token could not be veryfied".

I'm trying the following 2 Steps:

//1. GET Request for Setting Cookie-Information PHPSESSID and YII_CSRF_TOKEN
                $sh = curl_share_init();
                curl_share_setopt($sh, CURLSHOPT_SHARE, CURL_LOCK_DATA_COOKIE);           
               // $cookie = 'C:/Temp/cookies.txt';   
                 //Initialize Handle
                $handle1 = curl_init();
                curl_setopt($handle1, CURLOPT_SHARE, $sh);                
               // curl_setopt($handle1, CURLOPT_COOKIEJAR,  $cookie );              
               // curl_setopt($handle1, CURLOPT_COOKIESESSION, TRUE);              
                curl_setopt($handle1, CURLOPT_URL, "https://limesurvey.xxxxx.xx/limesurvey/index.php?r=admin");               
                curl_setopt($handle1, CURLOPT_FOLLOWLOCATION, true );              
                curl_setopt($handle1, CURLOPT_RETURNTRANSFER, true );
                //Execute Request
                $output = curl_exec ( $handle1 );            
                   //Find YII-Token
                $regex_pattern_yii = "~YII_CSRF_TOKEN=(.+?)(?=~";  
                $search_yii = preg_match_all($regex_pattern_yii, $output, $matches_out);
                $yii_token = urldecode($matches_out[1][0]);             
//2. Send POST Request with Cookie-Information and YII-Token 
                $param = array(
                    'authMethod' => "Authdb",
                    'user' => "xxxxx",
                    'password' => "xxxxx",                 
                    "YII_CSRF_TOKEN" => $yii_token,
                    "loginlang" => "default",
                    "action" => "login",
                    "width" => "1920",
                    "login_submit" => "login"
                $handle2 = curl_init();
                curl_setopt($handle2, CURLOPT_SHARE, $sh);
                curl_setopt($handle2, CURLOPT_URL, "https://limesurvey.xxxxx.xx/limesurvey/index.php?r=admin");
                curl_setopt($handle2, CURLOPT_POST, TRUE);            
                curl_setopt($handle2, CURLOPT_POSTFIELDS, $param);     
                curl_setopt($handle2, CURLOPT_RETURNTRANSFER, TRUE);          
                curl_setopt($handle2, CURLOPT_FOLLOWLOCATION, TRUE);
                curl_setopt($handle2, CURLOPT_SSL_VERIFYPEER, FALSE);
                curl_setopt($handle2, CURLOPT_HEADER, TRUE);
                curl_setopt($handle2, CURLINFO_HEADER_OUT, TRUE);
                curl_setopt($handle2, CURLOPT_VERBOSE, TRUE);
               // curl_setopt($handle2, CURLOPT_COOKIEFILE,  $cookie );   
                $output = curl_exec ( $handle2 );                 
                curl_close ( $handle1 );
                curl_close ( $handle2 );

It would be nice, if someone could help me out.
Best Regards
The topic has been locked.
2 years 1 month ago #210976 by jelo
Replied by jelo on topic PHP CURL Login
You need to let cURL send a valid session cookie among the request. The cookie stuff seems to be commented out in your source.

If you don't want to send a valid session cookie among the request, you would need to modify Yii. Out of the box Yii allows no plain http authentication.

LimeSurvey is using Yii 1.X. So you will find more examples when you search for Yii Curl on the Framework website.

The meaning of the word "stable" for users
The topic has been locked.
2 years 1 month ago #210977 by amanns
Replied by amanns on topic PHP CURL Login
Thanks for your answer. I've commented out the cookie stuff because of
$sh = curl_share_init();
This automates the cookie flow.

In addition, I have tried it without
$sh = curl_share_init()
and used the more common way with CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE, but it was the same...
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose