External login not working in PHPBB

Question

I'm using the following form on the index page of my site to attempt to login on the forum:

<form method = "post" action = "/forum/ucp.php?mode=login">
   <div id = "field_container">
      <div class = "field"><input name = "username" type = "text" placeholder = "Username" /></div>
      <div class = "field"><input name = "password" type = "password" placeholder = "Password" /></div>
   </div>
   <div class = "submit"><input type = "submit" value = "Login" /></div>
</form>

However, submitting this form simply takes the user to the forum's login page. It doesn't give an error, and it doesn't log the user in. What's the missing link to make this work?

EDIT: Here is the form from the forum itself:

<form action="./ucp.php?mode=login" method="post" id="login">
<div class="panel">
    <div class="inner"><span class="corners-top"><span></span></span>

    <div class="content">
        <h2>Login</h2>

        <fieldset class="fields1">

        <dl>
            <dt><label for="username">Username:</label></dt>
            <dd><input type="text" tabindex="1" name="username" id="username" size="25" value="" class="inputbox autowidth"></dd>
        </dl>
        <dl>
            <dt><label for="password">Password:</label></dt>
            <dd><input type="password" tabindex="2" id="password" name="password" size="25" class="inputbox autowidth"></dd>
            <dd><a href="./ucp.php?mode=sendpassword">I forgot my password</a></dd>
        </dl>

        <dl>
            <dd><label for="autologin"><input type="checkbox" name="autologin" id="autologin" tabindex="4"> Log me on automatically each visit</label></dd>
            <dd><label for="viewonline"><input type="checkbox" name="viewonline" id="viewonline" tabindex="5"> Hide my online status this session</label></dd>
        </dl>


        <input type="hidden" name="redirect" value="./ucp.php?mode=login">

        <dl>
            <dt>&nbsp;</dt>
            <dd><input type="hidden" name="sid" value="7703a705e2d9971b1eae77b1f3ff61d6">
<input type="hidden" name="redirect" value="index.php">
<input type="submit" name="login" tabindex="6" value="Login" class="button1"></dd>
        </dl>
        </fieldset>
    </div>
    <span class="corners-bottom"><span></span></span></div>
</div>



    <div class="panel">
        <div class="inner"><span class="corners-top"><span></span></span>

        <div class="content">
            <h3>Register</h3>
            <p>In order to login you must be registered. Registering takes only a few moments but gives you increased capabilities. The board administrator may also grant additional permissions to registered users. Before you register please ensure you are familiar with our terms of use and related policies. Please ensure you read any forum rules as you navigate around the board.</p>
            <p><strong><a href="./ucp.php?mode=terms">Terms of use</a> | <a href="./ucp.php?mode=privacy">Privacy policy</a></strong></p>
            <hr class="dashed">
            <p><a href="./ucp.php?mode=register" class="button2">Register</a></p>
        </div>

        <span class="corners-bottom"><span></span></span></div>
    </div>


</form>

EDIT: In addition to the SID, you also have to make sure the name of your submit button is "login".

Answer 1

I think the problem you are facing is, that the original form contains two additional hidden fields:

<input type="hidden" name="sid" value="7703a705e2d9971b1eae77b1f3ff61d6">
<input type="hidden" name="redirect" value="index.php">

The redirect field shouldn't be the problem.

For the sid field i myself assume two functionalities. It could be a hash to prevent XSS or it is just the sid that the login will be assigned to. But i think the second one will be more reasonable because of the chosen name :)

So what you have to do before you get your form working is to fetch the login formular with curl, extract the sid and add it to your own form as a hidden field.

Let me know if that helps you.