I would like to use curl to login and then download the Visits Overview/Summary page from Piwik:
piwik/index.php?module=CoreHome&action=index&idSite=1&period=day&date=today#module=VisitsSummary&action=index&idSite=1&period=day&date=today
So I first call the login page and submit the login, and password in MD5. But each time the cookie file contains this:
#HttpOnly_domain.com FALSE / FALSE 0 PIWIK_SESSID XXXXXXXXXXXXXXXXX
So I suppose the login is unsuccessful?
I have no idea why though?
Maybe an easier solution would be to use the LoginHttpAuth plugin.
That way no need to go through the login page and play with cookies, you would just use classic HTTP Auth in the headers.
Update: Also have a look at Embedding Piwik reports, maybe it will do what you are trying to do.
Related
I am using laravel and AngularJS for development.
I have different portals and login page but login function is same to login all users at back end.
I want to check source URL before hitting to login function if URL is hitting from right portal to right user then it should proceed to application further other wise not.
If you wanna check the url then you can use $location provided by angular to see the url before sending the request.
I have an angular based app and I want to open another URL on a new tab from my app and automate a login. For example my app is www.myapp.com, and it will open www.anotherurl.com/login. Let's say I have both the username and password for www.anotherurl.com/login.
How can I automate the login by populating the form and do the login?
Is this something we can achieve from the client side? or this needs a server side implementation?
Or is this is even possible?
Update:
I have no control over www.anotherurl.com/login by the way. This is just another way of saying I want to open gmail.com with credentials and automate a login instead of me typing the username and password, and pushing the login button myself.
Thanks in advance for your thoughts.
you can send them along as query parameters, but if you are not using https then they will be sent in the clear. for example:
https://www.anotherurl.com/login?user=bob&pass=secret
then in your controller, if these query params are present then call a login method
also worth mentioning that even if its over https the password will be in the user's browser history and thats probably not a good thing either.
My app uses JS Facebook API to use Facebook as a login/pass. Here what happens when you try to login.
User click on the Facebook Login Button
Facebook Authenticates
If Success. I grab the Facebook ID and Name of the user
Calls on my REST API on my APP to check and see if the that FBID is registered in my system.
If Registered, I write the session to verify that the user is authenticated.
This is great since I don't have to store usernames and password. But I am worried that someone will just use a REST API debugger like POSTMAN in chrome and just send a Facebook ID and the name of the user and they will be authenticated.
My question is what is the best way to secure my end that will prevent apps like POSTMAN to just input the fields needed to authenticate? Am I missing something? Can anyone recommend a strategy for this?
Or is using CSRF token the only way to combat this? I am using FuelPHP as a backend and doing a single page app using AngularJS with NgRoutes. But every time I enabled the CSRF on fuel, the token passed does not match what it was in the back-end.
I am under the impression that this is due to that the javascript token function is in the main page, where the ng-view. I know this might have something to do with the ngRoutes.
http://fuelphp.com/docs/classes/security.html
Use Fuel's Auth package. It has Opauth integration which does all the above, and for an entire list of social media platforms, not only facebook.
Always try not to reinvent the wheel, assume someone else has had the same challenge, solved at, and shared the solution with the community.
I am having problems with CakePHP2.0 login sessions and cookies.
When i login from the website with "http://myweb.com" at the start, the user is only loged it if he keeps on the same URL.
If he changes to "http://www.myweb.com", then it seems that the user is not loged in anymore and the system requieres from username and password again when he tries to add a post or something similar.
I am using CakePHP function, the one that createds by default with the "cake bake".
Why is this happening?
Does it have any solution?
THanks.
if you add this to your bootstrap.php it should make the sign-in work with the www or not
ini_set('session.cookie_domain', '.myweb.com');
That being said - it is always a good idea to pick a canonical url with or without the www and redirect your users to that.
You decide whether or not you want your domain to include a www and re-direct your users to that one instead of letting them decide.
#see my answer to your double post at http://ask.cakephp.org/questions/view/problem_with_sessions_with_http_and_www
I'm wondering what the best course of action would be for the following problem.
I have an app and users can enter some information in an html form. I want to set something up where users can enter information in the form even before they have created an account. If they enter information they will be redirected to a login page and then redirected back to the app at the appropriate place (i.e. a page that sends an HTTP POST request, thus saving their info).
OK, I'm doing all of this on Google App Engine and using Google Accounts login. I need a way to pass the parameters from the HTML form to the Google login page and then on to the page that it gets redirected to. I also need to call POST as opposed to GET on the page that users are redirected to. It seems like the default is to make a GET request.
Does anyone have any ideas on this?
You can't have a redirect do a POST; web browsers don't work that way.
The solution would be to have the form POST initially, store the posted data as session data before redirecting to the login page, and fetch the session data after they log in.