[SOLVED] Authenticate to Password Protected Site

[jriggs]

Just like the subject says, I need to pass login credentials a site via code.  Here is the where I'm trying to connect to:

https://mit.securecheckout.billmelater.com/paycapture-ws/request

 

In .net I would use the code:

cc.Credentials = New System.Net.NetworkCredential("user", "pass")

and login

      Dim resp As New PayCaptureResponse

        resp = cc.requestServiceRequest(pc)

 

How is this done in php?  thanks-

 

[aebstract]

If I understand you correctly,

http://www.google.com/search?q=password+protect+page+with+javascript

?

[jriggs]

thanks bro, I've already figured out how to use google.  I don't want to use javascript, I want to use PHP.  Is there a class or function that allows to connect the default http authentication request?

[redarrow]

can you post the current code please, u might be able to set cookies to let the user in.

 

or sessions.

 

 

[premiso]

curl

 

I believe that is what you are looking for/need to do.

[jriggs]

Do you mean the code on the server?  I don't have that...it's not mine.  I need to have php send some xml to a webservice running on that box, but first I need to authenticate on it automatically with the same script.

[redarrow]

So you need curl then,

curl can post a username and password and send you to the correct page.

[redarrow]

 

here one that get used on the .net a lot m8.

<?php
// INIT CURL
$ch = curl_init();

// SET URL FOR THE POST FORM LOGIN
curl_setopt($ch, CURLOPT_URL, 'http://www.external-site.com/Members/Login.php');

// ENABLE HTTP POST
curl_setopt ($ch, CURLOPT_POST, 1);

// SET POST PARAMETERS : FORM VALUES FOR EACH FIELD
curl_setopt ($ch, CURLOPT_POSTFIELDS, 'fieldname1=fieldvalue1&fieldname2=fieldvalue2');

// IMITATE CLASSIC BROWSER'S BEHAVIOUR : HANDLE COOKIES
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt');

# Setting CURLOPT_RETURNTRANSFER variable to 1 will force cURL
# not to print out the results of its query.
# Instead, it will return the results as a string return value
# from curl_exec() instead of the usual true/false.
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

// EXECUTE 1st REQUEST (FORM LOGIN)
$store = curl_exec ($ch);

// SET FILE TO DOWNLOAD
curl_setopt($ch, CURLOPT_URL, 'http://www.external-site.com/Members/Downloads/AnnualReport.pdf');

// EXECUTE 2nd REQUEST (FILE DOWNLOAD)
$content = curl_exec ($ch);

// CLOSE CURL
curl_close ($ch);

?>

[redarrow]

This one works for me.

<?php
*********************************
**Set up your variables**
**********************************/
$cookiefile = tempnam("/tmp", "cookies"); 
/* Create a temporary file to store cookies.
This should work on most systems and is more
flexible than specifying path explicitly */

$login_url='https://www.clickbank.com/login.htm';
/* The page that displays the login form. */

$login_post_url='https://www.clickbank.com/account/login';
/* The "action" value of the login form. This is not always
equal to $login_url. */

$username = "username";
$password = "passw0rd";

$agent="Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)";

/*********************************
**Load the "login" page and get some cookies**
**********************************/

$ch = curl_init(); 
curl_setopt($ch, CURLOPT_URL,$login_url); 
/* The URL of the page to retrieve */

curl_setopt($ch, CURLOPT_USERAGENT, $agent);
/* Disguise self as a browser app. Some servers 
might need a different value here. Some servers 
might try to check if the page is visited by a 
real human being using this value. */

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
/* Don't output the results - 
return them as a string instead */

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
/* Follow redirects. 
This isn't actually necessary here  */

curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiefile);
/* Read cookies from this file */

curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile);
/* Save cookies to the same file too */

/* SSL stuff - remove if not needed */
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,  2);
/* Check the existence of a common name and also 
verify that it matches the hostname provided. Not 
strictly necessary in most cases. Use 0 to disable. */

/* SSL stuff - remove if not needed */
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
/* Turn off SSL peer certificate verification. This prevents  
the "SSL certificate problem, verify that the CA cert is OK." 
error. If you really need this set to "true", 
see this link for a solution - 
http://lu.php.net/manual/en/ref.curl.php#71326
*/

$result = curl_exec ($ch);
/* Perform the query, retrieve the page. */

curl_close ($ch);
?>

 

another way also.

<?php
/*************************************
Actually log in with the proper referer and cookies
**************************************/

/* The fields of the login form. These will probably be 
different for every particular page. */
$postfields = array(
'nick'	=> $username,
'pass' => $password,
//'rememberMe' => 'false',
'j_username' => $username,
'j_password' => $password,
);

$reffer = $login_url;
/* If the server checks the referer we need to spoof it */

$ch = curl_init(); 

curl_setopt($ch, CURLOPT_URL,$login_post_url);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_POST, 1); 
curl_setopt($ch, CURLOPT_POSTFIELDS,
http_build_query($postfields)); 
/* http_build_query() will properly escape the fields and 
build a query string. */

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
/* Follow redirects. This is probably necessary here. */
curl_setopt($ch, CURLOPT_REFERER, $reffer);
/* spoof the HTTP referer */

curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiefile);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile);
/* Note that this is the same file as before */

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,  2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

$result = curl_exec ($ch);
/* Now we've got the contents of the page you see after 
logging in saved in $result */

curl_close ($ch); 

/*****************************************
**If you need to get another page....**
This is similar to the above examples, just use the same 
cookie file and maybe spoof the referer if needed
******************************************/

$data_url='https://www.clickbank.com/account/showTransactions.htm';
$reffer = $login_post_url;

$ch = curl_init(); 

curl_setopt($ch, CURLOPT_URL,$data_url);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_REFERER, $reffer);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiefile);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,  2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

$result = curl_exec ($ch);
curl_close ($ch); 

echo $result;

/******************************************
**All done. Kill the cookie file once it's not needed anymore**
*******************************************/
unlink($cookiefile);
?>

 

 

[jriggs]

Thanks, redarrow, your code got me going down the right path.  Wish they had mod+ for your posts, but I will mark it as solved for any others who come along.