SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Enthusiast
    Join Date
    Jul 2006
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    logging in to another site with PHP+curl

    I am trying to implement a new feature: the user of a PHP based site clicks on a link and is logged in into Perl based site. The logging in process itself works flawlessly. However, once I am in the Perl based site, once I click on any link, it asks me to log in again.

    Upon further investigation. The code doesn't set cookies.

    Code:
        $username="john_smith";
        $password="tOpsecret";
        $url="https://somesite.com/login.html";
        $cookiefile='/tmp/MasonX-Request-WithApacheSession-cookie';
    
        $postdata = "mysite_username=".$username."&mysite_password=".$password;
    
        $ch = curl_init();
        curl_setopt ($ch, CURLOPT_URL, $url);
        curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
        curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
        curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURL_COOKIEFILE, '');//dl
        curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookiefile);
        curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookiefile);
        curl_setopt ($ch, CURLOPT_REFERER, "https://whatsdown.nyi.net/news/");
        curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
        curl_setopt ($ch, CURLOPT_POST, 1);
        $result = curl_exec ($ch);
        $result = preg_replace("/<head>/i", "<head><base href='https://somesite.com/' />", $result, 1);
        echo $result;
    Interestingly, the cookie does appear in the /tmp directory, but my browser says no cookies were set by the site. What is wrong, could someone help?

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Is it possible that the Perl site is doing a redirect without you being conscious of it?

    Try this tool, Firefox plug/addon called LiveHTTPHeaders.

    Login as normal using FF with this feature switched on and watch the ensuing headers very carefully, essentially, it is that which you have to emulate with your cURL call (well, all the key information anyhow).

    I could well be wrong but it could be a case of setting CURLOPT_MAXREDIRS if you detect redirects are happening.

  3. #3
    SitePoint Member
    Join Date
    Jul 2012
    Location
    Minnesota
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here's my guess on what's happening. From the code you supplied it seems like:

    * You make a Curl request to a remote server passing along the username and password.
    * The credentials are accepted by the remote webserver. A cookie is set on by the remote server in your cookie jar on your webserver.
    * You then echo out the remote site's html to the user after doing some fiddling with the base href.
    * You then attempt to click a link in the html that was spit out from the remote site by your curl request.

    If that's true, I would guess that it's asking you to log in again because the login cookie for your remote session was set on your webserver, not your browser.

  4. #4
    SitePoint Enthusiast
    Join Date
    Jul 2006
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by codeatar View Post
    Here's my guess on what's happening. From the code you supplied it seems like:

    * You make a Curl request to a remote server passing along the username and password.
    * The credentials are accepted by the remote webserver. A cookie is set on by the remote server in your cookie jar on your webserver.
    * You then echo out the remote site's html to the user after doing some fiddling with the base href.
    * You then attempt to click a link in the html that was spit out from the remote site by your curl request.

    If that's true, I would guess that it's asking you to log in again because the login cookie for your remote session was set on your webserver, not your browser.
    Yeah, you are right. I see the cookie on the server in the /tmp directory, but not in the browser (tried both Chrome and Firefox). Why is that?

  5. #5
    SitePoint Enthusiast
    Join Date
    Jul 2006
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cups: right when I am logged into the Perl site with curl, I don't see the session cookie set. Isn't it a problem with cookies? However, I can't figure out why curl is not passing the cookie to the browser.

  6. #6
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    65 Post(s)
    Tagged
    0 Thread(s)
    Because thats not what CURL does.

    Curl makes a connection from the webserver to the other webserver. Thats it.

    If you want to pass cookies to the browser, you'll need to setcookie them.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •