Jump to content

automated login with curl


vaskovasilev

Recommended Posts

Hello,

I am trying to make a curl function, which first authenticate to some website and then redirects to another link on the same website.

first login is fine, it make cookies in a file, but after that it is not redirecting.

If i make header location.. then it will not have the cookies.

This is the code.

<?php
$url = "http://website/forum/login.php";
$file='cookies.txt';

$ch = curl_init();
$array = array(
  CURLOPT_HEADER => false,
  CURLOPT_RETURNTRANSFER => 1,
  CURLOPT_URL =>$url,
  CURLOPT_REFERER=>$url,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_SSL_VERIFYPEER => false,
  CURLOPT_POST =>1,
  CURLOPT_CONNECTTIMEOUT => 3,
  CURLOPT_TIMEOUT=>3,
  CURLOPT_COOKIEFILE=>$file,
  CURLOPT_COOKIEJAR=>$file,
  CURLOPT_POSTFIELDS=>"login=true&username=".$user."&password=".$pass.$webfields,
  CURLOPT_USERAGENT => 'demo user agent..'
);

curl_setopt_array($ch, $array);
$result1= curl_exec ($ch);

$array[CURLOPT_URL] = "http://website/forum/viewtopic.php";
curl_setopt_array($ch, $array);
$result2= curl_exec ($ch);

curl_close ($ch);

// echo $result1;
echo $result2;

can you help me to understand if this can be done and how

thanks

Link to comment
Share on other sites

Given that we have zero information about the target site and aren't sitting in front of your screen, I have no idea how we're supposed to debug this. We'll need a lot more specific information.

 

If the log-in script doesn't redirect you, then what does it do? What's the response? What's the status code?

 

Also, how did you determine that the “login is fine”? Have you actually verified that the session cookie points to a valid user session, e. g. by trying it out in your browser? Web applications often hand out session cookies even when the log-in fails.

 

 

 

If i make header location.. then it will not have the cookies.

 

I don't know what that sentence means. If you're saying that the second request doesn't include the cookies you've received from the server, then again, how did you determine that?

Link to comment
Share on other sites

  • 2 weeks later...

Hi,

if you read carefully the first sentence, you will give the answers :)

the website is X, i am not trying to make a function for A website but for websites.

If you need really the target - you can use this forum.

Login is working - how i understand, when you start the php script you will see that you are logged in, but curl is taking the info and visualizing it, i want to redirect to the website. idea is not only to login but to browse it..

when handling the second request, it does not show anything it is not redirecting. this is my goal to redirect with session.. not to use curl like a frame.

this example is ok for API based access, but not for redirecting to the original website, that is why i am asking if somebody worked already on such kind of login.

Link to comment
Share on other sites

You clearly don't understand how HTTP works, so I'll make this very, very simple for you.

 

When the server successfully authenticates to another website, then the server gets a session cookie. The server. Not the client which triggered the server-side script. The server.

 

Redirecting the client doesn't get you anywhere, because the client has no cookies. They're on the server. The server cannot “transmit” the session cookie either, because a website isn't allowed to set cookies for another website – for obvious reasons.

 

Even if you had the webserver echo the page content (which, according to your confused reply, you don't want), the client still wouldn't be able to “browse” the site, because as soon as they click on a link, they either a) make a request to the original site where they have no cookies or b) make a request to your server which doesn't have the requested file.

 

Long story short: What you want is conceptually wrong.

 

Of course there is software which can act as a middleman between a client and another website (namely a proxy), but this has nothing to do with PHP web applications.

Link to comment
Share on other sites

ok,

thanks. so with two words you are telling that php framework and whole documentation written for curl is wrong.

then i am very happy that i found a bug :)

i am not sure what is the connection for proxy here, when i want just to make for random site a way to fill the input fields user/pass automatically not to write them down - similar to Mozilla.

So no one in the world can/(know how to) do this with PHP ? i don't believe.

Link to comment
Share on other sites

so with two words you are telling that php framework and whole documentation written for curl is wrong.

No. The only thing wrong here is your understanding of cookies. The only bug here is that you aren't understanding that your understanding of cookies is wrong.

 

Your code is running on the server, right? That means the server is the one that's managed to log in. Not you. And the cookie which lets the server be logged in cannot be given to you because your browser will not allow the server to set a cookie for a different site.

 

You cannot do this with PHP. And you can't do it with any other programming language that runs on the server, either.

Link to comment
Share on other sites

I am just using the provided functions for curl and i am asking if this can be done.

Of course the server is the one that is login, php is server language it is not like js that can work as a client.

Maybe this is the problem that in this case if there is a need to browse the website you need cookies on the client and php cannot do this. for api based access it is different..

The thing is that - when somebody ask an exact question, he/she is expecting for exact answer, not for lectures how the Internet works..

Link to comment
Share on other sites

I am just using the provided functions for curl and i am asking if this can be done.

We didn't even know what you wanted to do until today.

 

Maybe this is the problem that in this case if there is a need to browse the website you need cookies on the client and php cannot do this. for api based access it is different..

That is exactly it.

 

The thing is that - when somebody ask an exact question, he/she is expecting for exact answer, not for lectures how the Internet works..

If you didn't need the lecture then you would already have known that this cannot be done.
Link to comment
Share on other sites

no, it can be done but not with curl.

I thought that i will receive a clear answer, not blaming from beginning.

I thought also that i am not the only one person in the world that don't like to write every time credentials when entering some website.

But ok, this is even better. If i make it i can sell it.. if i don't make it, at least i will try.

Every day everybody is learning something new :)

 

by the way.. If i read the post and i have no idea about it, i will never give a reply..

Link to comment
Share on other sites

ok, i have done it with curl getting the content of the remote login page, loadHTML DOM to take the hidden input fields and form on my site with post action to the remote login page.

dom is adding additional hidden fields to the post form that remote site is expecting.

if somebody know better way, please tell.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.