I use this code (originally found login into webpage with php with cURL) to first grab the csrf token, create cookie, and than use that csrf token and cookie in a subsequent post request. It doesn't work(deduced from how the final webpage looks) and I think it's because the FOLLOWLOCATION is set to true. It must be set to true, because there are some redirections going on, but redirections also bring the consequence of "misplacing" cookies. The question is..how to keep cookies while being redirected as a response from server.
$cookie = 'cookies2.txt';
# Initialize a cURL session.
$ch = curl_init('https://example.com/login');
# Set the cURL options.
$options = [
CURLOPT_COOKIEJAR => $cookie,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_USERAGENT => $useragent,
CURLOPT_COOKIESESSION => true,
CURLINFO_HEADER_OUT => true,
CURLOPT_HEADER=>1
];
# Set the options
curl_setopt_array($ch, $options);
# Execute
$html = curl_exec($ch);
$request = curl_getinfo($ch, CURLINFO_HEADER_OUT);
echo "1.Request sent: $request<br>";
$headerSizeFirst = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headersFirst = substr($html, 0, $headerSizeFirst);
echo "1.Request recieved: $headersFirst";
$dom = pQuery::parseStr($html);
$csrfToken = $dom->query('[name="csrf"]')->val();
$postData = [
'csrf' => $csrfToken,
'username' => $email,
'password' => $password
...........
];
# Convert the post data array to URL encoded string
$postDataStr = http_build_query($postData);
$options[CURLOPT_POST] = 1;
$options[CURLOPT_POSTFIELDS] = $postDataStr;
$options[CURLOPT_HEADER]=1;
$options[CURLOPT_COOKIEJAR]=$cookie;
$options[CURLOPT_FOLLOWLOCATION] = true;
$options[CURLOPT_RETURNTRANSFER] = true;
$options[CURLOPT_USERAGENT] = $useragent;
$options[CURLINFO_HEADER_OUT] => true,
curl_setopt_array($ch, $options);
# Execute
$response = curl_exec($ch);
$request = curl_getinfo($ch, CURLINFO_HEADER_OUT);
echo "2. Request sent: $request<br>";
$headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headers = substr($response, 0, $headerSize);
echo "2. Request recieved: $headers<br>";
echo $response;
/////// HEADER OUT AND IN DATA
1.Request sent: GET /login HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept: */*
1.Request recieved: HTTP/1.1 200 OK Accept-Ranges: bytes Age: 0 Cache-Control: no-cache Content-Type: text/html; charset=UTF-8 Date: Tue, 09 Feb 2016 13:34:02 GMT Server: nginx Set-Cookie: ____ri=4485; expires=Thu, 17-Mar-16 01:34:01 GMT; path=/; domain=.example.com Set-Cookie: PHPSESSID=dk7n4kcrigi54q081tr1evd5a2; path=/; domain=.example.com Set-Cookie: ts1=11e2bb0a86bfb9669c361cc407e1e3b3decefcce; expires=Fri, 06-Feb-2026 13:34:01 GMT; path=/; domain=.example.com Set-Cookie: session=eyJpdiI6Im9cL1wvcWVUUEhDVWY5cnF2QnZzVDRIaElPWitIQmc4RVI3N1M2SGxsY3hUTT0iLCJ2YWx1ZSI6InZjVFBnelNlMmxuaXpVNlpGb2d0TzNoM21NXC85dG43cVpmbUZkQ1VuOHlnU1VOXC9XWDJaWTcxckZ2OWpZY093REd1WmZEd21FQURQNnQ3NDltMmU0NnZMWm9vSE40YmV0VG1WYkpndE9DNTdEUE4wSkp5Q1BWMXJGaFdmMHV5N0NWRmZoVHFnT0JtY1VnYjJ6N29UZkxvQThRWG9KWFV3Q0k4azdibEZvVGwrcFJRaXdaQVV4OXZLaWlDVVpmeVREc3k3cW1MOTdTdHEyY1FlZ2Vuc09WWHFOanNOTjlnK1c0SStuTWhoU0VBWGxsY1ZqRExTblBOWllpeDNqaHhZNSIsIm1hYyI6IjllMWNhMzU3NTVjYTA4NWIwZTQ0NTYxMzA3ZmIzMTAxMWE5NDg0NzZlMTNmZTc2NjhhNDI2M2ZmZDMwMzgwY2QifQ%3D%3D; expires=Fri, 19-Feb-2016 13:34:02 GMT; path=/; domain=.example.com; httponly Vary: Accept-Encoding Vary: Accept-Encoding, Accept-Encoding X-Cache: Miss X-Frame-Options: SAMEORIGIN Content-Length: 51381 Connection: keep-alive
2. Request sent: GET /inx/aeGDrYQ HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept: */* Cookie: PHPSESSID=t762fd0nbi1bp3hrgb9sgc3k20; ____ri=4485; safemode=1; session=eyJpdiI6Im1HQzlNR1JhMTNDc0JRelYyRVwveUp6N0JxZG56Z2p5K094eSs3YU5HQ3dzPSIsInZhbHVlIjoiVXBPYzN4TVNReURhVnMxQlZ1TndLZ0dYUjltbUVEcW11bkJJMDdMRVZoZ0hHMjRXZ2p6azlcL1FWXC93NnZWN3oreDcxQms3aGlcL3l0MG1vTjd1V21FcmVCVzFnQjVuMUY5dHBWeUlTbU9NSjJcL1d5TlwvTW11ZWp1eHpNd3d4eFZTamV6aThsNldkdlN3aFo0XC9sTnVnU0tXVDRKbWVBU25VU0hJaDREQ1J5M2xDXC9zRUc5OXhWMWJWWG9jYndhczYyZW4xMkUxb3BoU3FmQmMrNVdzM3RqQmgzeHY1NVJ5RXRTNGZOdmQ4dTRCbmRtWVZBN210QVVEVk1BNTFPc1NQcFU3bnd4NEpKbnRaTFliRWNzbkZaXC9YWUF1Nld1ekZSbjVGRXBuZzNoRlBNND0iLCJtYWMiOiI4OWEwNmMyZGVkYjFiYTlmNDY0MDE5MTQwNzE1YzNhYWJjYTA5YjI3MWMyZjgwMTViN2MyYmI0OWUyNmMwNjM0In0%3D; toastMsg=2; ts1=11e2bb0a86bfb9669c361cc407e1e3b3decefcce
2. Request recieved: HTTP/1.1 302 Found Accept-Ranges: bytes Age: 0 Cache-Control: no-cache, private Content-Type: text/html; charset=UTF-8 Date: Tue, 09 Feb 2016 13:34:04 GMT location: http://example.com/inx/aeGDrYQ Server: nginx Set-Cookie: PHPSESSID=thrn81mu7584dvp2ek9tpde8f4; expires=Thu, 09-Feb-2017 13:34:03 GMT; path=/; domain=.example.com Set-Cookie: PHPSESSID=t762fd0nbi1bp3hrgb9sgc3k20; expires=Thu, 09-Feb-2017 13:34:03 GMT; path=/; domain=.example.com Set-Cookie: session=eyJpdiI6Im1HQzlNR1JhMTNDc0JRelYyRVwveUp6N0JxZG56Z2p5K094eSs3YU5HQ3dzPSIsInZhbHVlIjoiVXBPYzN4TVNReURhVnMxQlZ1TndLZ0dYUjltbUVEcW11bkJJMDdMRVZoZ0hHMjRXZ2p6azlcL1FWXC93NnZWN3oreDcxQms3aGlcL3l0MG1vTjd1V21FcmVCVzFnQjVuMUY5dHBWeUlTbU9NSjJcL1d5TlwvTW11ZWp1eHpNd3d4eFZTamV6aThsNldkdlN3aFo0XC9sTnVnU0tXVDRKbWVBU25VU0hJaDREQ1J5M2xDXC9zRUc5OXhWMWJWWG9jYndhczYyZW4xMkUxb3BoU3FmQmMrNVdzM3RqQmgzeHY1NVJ5RXRTNGZOdmQ4dTRCbmRtWVZBN210QVVEVk1BNTFPc1NQcFU3bnd4NEpKbnRaTFliRWNzbkZaXC9YWUF1Nld1ekZSbjVGRXBuZzNoRlBNND0iLCJtYWMiOiI4OWEwNmMyZGVkYjFiYTlmNDY0MDE5MTQwNzE1YzNhYWJjYTA5YjI3MWMyZjgwMTViN2MyYmI0OWUyNmMwNjM0In0%3D; expires=Fri, 19-Feb-2016 13:34:04 GMT; path=/; domain=.example.com; httponly Set-Cookie: toastMsg=2; expires=Fri, 08-Feb-2019 13:34:04 GMT; path=/; domain=.example.com Set-Cookie: unverified=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.example.com; httponly Set-Cookie: safemode=1; expires=Fri, 19-Feb-2016 13:34:04 GMT; path=/; domain=.example.com Set-Cookie: cacheableGrace=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.example.com; httponly X-Cache: Miss X-Frame-Options: SAMEORIGIN Content-Length: 0 Connection: keep-alive HTTP/1.1 200 OK Age: 0 Cache-Control: max-age=0, public, s-maxage=60 Content-Type: text/html; charset=UTF-8 Date: Tue, 09 Feb 2016 13:34:05 GMT Server: nginx Vary: Accept-Encoding Vary: Accept-Encoding X-Cache: Miss X-Cacheable: Yes X-Frame-Options: SAMEORIGIN transfer-encoding: chunked Connection: keep-alive
CURLOPT_COOKIESESSION set to true means you tell libcurl to treat this as a new (cookie) session and it will discard all session cookies at start of a request. You should probably not set that without being really sure that's what you need as it will flush all cookies without a specific expiry date/time.
Otherwise, when the cookie engine has been activated in libcurl it will keep the cookies associated with the handle and reuse them in subsequent requests done with that same handle.
Related
I have a
$result = curl_exec($ch)
the $ value is like that
HTTP/1.1 302 Found
Date: Wed, 18 Apr 2018 12:45:05 GMT
Set-Cookie: OAMAuthnHintCookie=0#1524055505; httponly; secure; path=/; domain=.test.com
Set-Cookie: OAMRequestContext_test.test.com:443_527635=Rv52rjM82f3htVYzT+Lp0g==;max-age=300; httponly; secure; path=/
Location: https://id.test.com/obrareq.cgi?encquery%3DE6zb4nAIzYfopY8L5SbbJJPLfvrkN7Y1RkKgv4%2FSzBKmT1cY%2BhRn0A3AhCDxGFIB10DLwLMp%2BcR40CHFKhdrh2aZcEck%2Bd2pzikJ3WzWCAo5LiVW8O3CGPVoeFXUBY2orJxN9zSZXNXkAzg%2F%2F2twT%2FS1ZIUlox8fyQrKf6mITSrqbgKhn5dcC5CR79rJDCO75VEIU472JptWmPlBlEkyFT1XRO%2BUzXQHUwui92%2FGCh34PbbDrPajiyU71ycb03ffcCt0Sl1tKVNw2S%2BsUe81VH1jgV8yLWXslvl2SzsqpQUcZVZdi80HEM2ppQTsvECX%2BiyWnZ49nVBxp3YqU4nlhkAIaNaEbTEpPVF%2FvCJSuHo%3D%20agentid%3DWgtest%20ver%3D1%20crmethod%3D2
Content-Length: 676
Cache-Control: max-age=0
Expires: Wed, 18 Apr 2018 12:45:05 GMT
I extract the location: url with:
preg_match('/(Location: https:\/\/id\.test\.com\/obrareq\.cgi\?encquery)(.*)/', $res, $location);
and put the result in $found:
$found=$location[2];
then I want to use this url in a new curl_setop
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,'https://id.test.com/obrareq.cgi?encquery'.$found);
......
but it doesn't give me any result.
If I do the same curl_setop with a manual copy of the url it works.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,'https://id.test.com/obrareq.cgi?encquery%3DE6zb4nAIzYfopY8L5SbbJJPLfvrkN7Y1RkKgv4%2FSzBKmT1cY%2BhRn0A3AhCDxGFIB10DLwLMp%2BcR40CHFKhdrh2aZcEck%2Bd2pzikJ3WzWCAo5LiVW8O3CGPVoeFXUBY2orJxN9zSZXNXkAzg%2F%2F2twT%2FS1ZIUlox8fyQrKf6mITSrqbgKhn5dcC5CR79rJDCO75VEIU472JptWmPlBlEkyFT1XRO%2BUzXQHUwui92%2FGCh34PbbDrPajiyU71ycb03ffcCt0Sl1tKVNw2S%2BsUe81VH1jgV8yLWXslvl2SzsqpQUcZVZdi80HEM2ppQTsvECX%2BiyWnZ49nVBxp3YqU4nlhkAIaNaEbTEpPVF%2FvCJSuHo%3D%20agentid%3DWgtest%20ver%3D1%20crmethod%3D2y');
Any idea of what i did wrong?
......
I'm working with an API, using cURL I have received a set of data.
The data appears to be half HTTP request and half JSON. I'm not sure why it's mixed but essentially I get this response when I do a var_dump:
string(873) "HTTP/1.1 200 OK cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 content-length: 153 content-type: application/json;charset=utf-8 date: Mon, 10 Nov 2014 10:58:49 UTC expires: Tue, 31 Mar 1981 05:00:00 GMT last-modified: Mon, 10 Nov 2014 10:58:49 GMT ml: A pragma: no-cache server: tsa_b set-cookie: guest_id=v1%3A141561712923128379; Domain=.twitter.com; Path=/; Expires=Wed, 09-Nov-2016 10:58:49 UTC status: 200 OK strict-transport-security: max-age=631138519 x-connection-hash: 57175e4dba3d726bebb399072c225958 x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-transaction: 2e4b8e053e615c75 x-ua-compatible: IE=edge,chrome=1 x-xss-protection: 1; mode=block {"token_type":"bearer","access_token":"AAAAAAAAAAAAAAAAAAAAAMVfbQAAAAAAK7qYRQOgdZ771TrJ6pZ7nugCwVQ%3DLKcongtwy3lcBDbPSEreC9DfhJk3Gm7qyQInqhFAxYvo1clv4S"}"
That's the full data back. It's got HTTP info at the beginning and then part JSON at the end.
The only bit I need from this is the access_token data.
If it was just JSON then I could use json_decode to get the access_token out but because it's got all the HTTP info at the beginning json_decode cannot understand it and gives the result NULL.
How can I remove the HTTP part so I can just grab the access_token data?
ETA: my request is made through cURL, so the var I'm dumping out is $response
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$auth_url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$header = curl_setopt($ch, CURLOPT_HEADER, 1);
$result = curl_exec($ch);
curl_close($ch);
The result I receive roughly matches the expected result given in the Twitter documentation so I don't think the data is corrupt/incorrect: https://dev.twitter.com/oauth/reference/post/oauth2/token
Switch of header output and remove
$header = curl_setopt($ch, CURLOPT_HEADER, 1);
or replace with
curl_setopt($ch, CURLOPT_HEADER, false);
$a='HTTP/1.1 200 OK cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 content-length: 153 content-type: application/json;charset=utf-8 date: Mon, 10 Nov 2014 10:58:49 UTC expires: Tue, 31 Mar 1981 05:00:00 GMT last-modified: Mon, 10 Nov 2014 10:58:49 GMT ml: A pragma: no-cache server: tsa_b set-cookie: guest_id=v1%3A141561712923128379; Domain=.twitter.com; Path=/; Expires=Wed, 09-Nov-2016 10:58:49 UTC status: 200 OK strict-transport-security: max-age=631138519 x-connection-hash: 57175e4dba3d726bebb399072c225958 x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-transaction: 2e4b8e053e615c75 x-ua-compatible: IE=edge,chrome=1 x-xss-protection: 1; mode=block {"token_type":"bearer","access_token":"AAAAAAAAAAAAAAAAAAAAAMVfbQAAAAAAK7qYRQOgdZ771TrJ6pZ7nugCwVQ%3DLKcongtwy3lcBDbPSEreC9DfhJk3Gm7qyQInqhFAxYvo1clv4S"}"';
preg_match("/\{.*\}/",$a,$m);
$ja=json_decode($m[0]);
var_dump($ja,$m);
output:
object(stdClass)[1]
public 'token_type' => string 'bearer' (length=6)
public 'access_token' => string 'AAAAAAAAAAAAAAAAAAAAAMVfbQAAAAAAK7qYRQOgdZ771TrJ6pZ7nugCwVQ%3DLKcongtwy3lcBDbPSEreC9DfhJk3Gm7qyQInqhFAxYvo1clv4S' (length=112)
I am trying to play *.wav with html5 audio.
client side js looks like
<script>
document.getElementById("player").src = "/moh/play/?track_id=1";
document.getElementById("player").play();
</script>
Server side php+Zend 1.8 looks like
public function responceWav(MyNameSpace_Model_Track $model_track)
{
$this->getResponse()->setHeader("Content-Length", #filesize($model_track->getWAVPath()))
->setHeader("Connection", "Keep-Alive")
->setHeader("Content-Disposition", "attachment; filename=\"" . $model_track->getFileName() . "\".wav")
->setHeader("ETag", md5($model_track->getWAVPath() . time()))
->setHeader("Content-Type", "audio/x-wav");
#readfile($model_track->getWAVPath());
$this->view->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
}
In FF it work pretty nice, but in Safari 6.0.1 when I try to get track, the session (by cookies) is terminates.
dump by wireshark:
1 request by safari
GET /moh/play/?track_id=1 HTTP/1.1
Host: domain.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.14 (KHTML, like Gecko) Version/6.0.1 Safari/536.26.14
Accept: */*
Range: bytes=0-1
Accept-Encoding: identity
Referer: http://domain.com/
X-Playback-Session-Id: E8F45DB5-D018-4088-8BD3-9077ECE23F31
Cookie: PHPSESSID=d0hl91519jfm2jopklbdcsre14
Connection: keep-alive
HTTP/1.1 200 OK
Date: Thu, 11 Oct 2012 08:31:14 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=aksnmpn4vquid961jp5rbthrk6; expires=Thu, 11-Oct-2012 09:01:14 GMT; path=/
Content-Length: 4118616
Connection: Keep-Alive, close
Content-Disposition: attachment; filename="cbde895a22ad1824b700f7118263bc08".wav
Etag: e1e7c9fad8c9a607ecdd5c045d5fd0bd
Content-Type: audio/x-wav
2nd request by AppleCoreMedia
GET /moh/play/?track_id=1 HTTP/1.1
Host: domain.com
User-Agent: AppleCoreMedia/1.0.0.12C54 (Macintosh; U; Intel Mac OS X 10_8_2; ru_ru)
Accept: */*
Range: bytes=0-1
Accept-Encoding: identity
Cookie: PHPSESSID=aksnmpn4vquid961jp5rbthrk6
Connection: keep-alive
HTTP/1.1 200 OK
Date: Thu, 11 Oct 2012 08:31:14 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=ec0fi4r90349h5icbaq4h4km64; expires=Thu, 11-Oct-2012 09:01:14 GMT; path=/
Content-Length: 4118616
Connection: Keep-Alive, close
Content-Disposition: attachment; filename="cbde895a22ad1824b700f7118263bc08".wav
Etag: e1e7c9fad8c9a607ecdd5c045d5fd0bd
Content-Type: audio/x-wav
3rd request by QuickTime plugin
GET /moh/play/?track_id=1 HTTP/1.1
Host: domain.com
User-Agent: QuickTime/7.7.1 (qtver=7.7.1;cpu=IA32;os=Mac 10.8.2)
Accept: */*
Cookie: PHPSESSID=ec0fi4r90349h5icbaq4h4km64;
Connection: close
HTTP/1.1 200 OK
Date: Thu, 11 Oct 2012 08:31:14 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=c7iu5ehbp852q0oi2m7evgjea3; expires=Thu, 11-Oct-2012 09:01:15 GMT; path=/
Content-Length: 4118616
Connection: Keep-Alive, close
Content-Disposition: attachment; filename="cbde895a22ad1824b700f7118263bc08".wav
Etag: a16b449dade53093415ac609dc5be199
Content-Type: audio/x-wav
4th request by Safari (hi login screen)
POST /user/index HTTP/1.1
Host: domain.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.14 (KHTML, like Gecko) Version/6.0.1 Safari/536.26.14
Content-Length: 0
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://domain.com
X-Requested-With: XMLHttpRequest
Referer: http://domain.com/
Accept-Language: ru
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=ec0fi4r90349h5icbaq4h4km64
Connection: keep-alive
HTTP/1.1 200 OK
Date: Thu, 11 Oct 2012 08:31:42 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 2040
Connection: close
Content-Type: text/html; charset=UTF-8
I do not understand what could be the problem.
After fully testing in PayPal's sandbox and getting the process to work perfectly. I've taken it live and it's not working.
I'm receiving the POST data from PayPal via the notify_url. I then send it back to PayPal with cmd=_notify-validate infront of the data.
Using PayPals documented code, I'm using this to send the message to PayPal.
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
(using this code to get the response)
$res = stream_get_contents($fp, 1024);
The response I'm getting back is:
HTTP/1.1 200 OK
Date: Fri, 11 May 2012 20:51:28 GMT
X-Frame-Options: SAMEORIGIN
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=SdeBuKBN39mjr3w791CHr_MlSkoBdDmbxpQOjT_WOicyD_Sg6BYZm8koiEv2-5XBUkCjpXQwFqIxIQgIyo3e7arO8015CVw96dpne2CNjbgc1CvpDlqXn72IBWq%7cW7uYn6Za7ljG4iLtLVcyFoPk8gZD7sr_S8WjwZrZWD8UXzE7KAH3bll9TVik3wbdCFlrZG%7csxrZZHSH5SWBGfrKsIU6Dz-K43j4h37efIkWFcVJVER0ncRxNJ0wANN1Dp3pZpV2PLxC1m%7c1336769488; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Mon, 09-May-2022 20:51:28 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navcmd=_notify-validate; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 06-May-2032 20:51:28 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.73.8.50.1336769488653443; path=/; expires=Sun, 04-May-42 20:51:28 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=14400
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: TSe9a623=bb3c8ce40a7f3f6d1c018255c9
What I'm not getting is the INVALID or VERIFIED response in this. This is the entire output from PayPal. In the sandbox, I was getting VERIFIED in the last line, and no Set-Cookie.
It seems weird that I'm not receiving an INVALID or VERIFIED response.
Any suggestions would be appreciated.
Did you write the request to the socket using fwrite/fputs? Also, judging by the length of that response, you may need to read more than 1024 bytes from the stream. That's getting awfully close.
You may want to read the response in a loop:
$resp = '';
while (!feof($fp)) {
$resp .= stream_get_contents($fp, 1024);
}
Then you can separate the headers from the body using:
list($headers, $response) = explode("\r\n\r\n", 2);
I am trying to login to a system (which happens to be using the SquirrelMail client) using cURL and I'm having trouble.
Here is my relevant PHP code:
$handle = curl_init();
curl_setopt($handle, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($handle, CURLOPT_URL, $url);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($handle, CURLOPT_POST, true);
curl_setopt($handle, CURLOPT_POSTFIELDS, "login_username=myusername&secretkey=mypass&js_autodetect_results=0");
$output = curl_exec($handle);
curl_close($handle);
print $output;
And when I try running it, the page comes back with a message saying I must be logged in to access it. Digging into the this login file (redirect.php if you are familiar with SquirrelMail), I see this error comes up when the variable login_username is not defined.
Here is my curl verbose output:
* About to connect() to www.cwazy.net port 80 (#0)
* Trying 72.18.206.197... * connected
* Connected to www.cwazy.net (72.18.206.197) port 80 (#0)
> POST /wi/sm/src/redirect.php HTTP/1.1
Host: www.cwazy.net
Accept: */*
Content-Length: 64
Content-Type: application/x-www-form-urlencoded
< HTTP/1.1 302 Found
< Date: Sun, 10 Jan 2010 06:51:34 GMT
< Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny3 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
< X-Powered-By: PHP/5.2.6-1+lenny3
< Set-Cookie: SQMSESSID=b39c5dcf6e96309ac98b08b8f4f42374; path=/wi/sm/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Set-Cookie: SQMSESSID=b39c5dcf6e96309ac98b08b8f4f42374; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=b39c5dcf6e96309ac98b08b8f4f42374; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=b39c5dcf6e96309ac98b08b8f4f42374; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=b39c5dcf6e96309ac98b08b8f4f42374; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=b39c5dcf6e96309ac98b08b8f4f42374; path=/wi/sm/; HttpOnly
< Set-Cookie: squirrelmail_language=en_US; expires=Tue, 09-Feb-2010 06:51:34 GMT; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: key=S9ZRyTL%2B; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618; path=/wi/sm/; HttpOnly
< Location: webmail.php
< Content-Length: 0
< Content-Type: text/html; charset=iso-8859-1
<
* Connection #0 to host www.cwazy.net left intact
* Issue another request to this URL: 'http://www.cwazy.net/wi/sm/src/webmail.php'
* Violate RFC 2616/10.3.3 and switch from POST to GET
* Re-using existing connection! (#0) with host www.cwazy.net
* Connected to www.cwazy.net (72.18.206.197) port 80 (#0)
> GET /wi/sm/src/webmail.php HTTP/1.1
Host: www.cwazy.net
Accept: */*
< HTTP/1.1 200 OK
< Date: Sun, 10 Jan 2010 06:51:40 GMT
< Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny3 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
< X-Powered-By: PHP/5.2.6-1+lenny3
< Set-Cookie: SQMSESSID=a6e32d5f2bd7a2ccca51edd2aa4ea143; path=/wi/sm/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Set-Cookie: SQMSESSID=a6e32d5f2bd7a2ccca51edd2aa4ea143; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=a6e32d5f2bd7a2ccca51edd2aa4ea143; path=/wi/sm/; HttpOnly
< Set-Cookie: SQMSESSID=a6e32d5f2bd7a2ccca51edd2aa4ea143; path=/wi/sm/; HttpOnly
< Content-Length: 1154
< Content-Type: text/html; charset=iso-8859-1
<
* Connection #0 to host www.cwazy.net left intact
* Closing connection #0
Any ideas?
the initial POST returns the cookie:
Set-Cookie: SQMSESSID=6d70837e874750f37df81f0aaaa48618
but this cookie is not sent by the client on the next GET request. sm doesn't see any session and tries to create a new one with a new id:
Set-Cookie: SQMSESSID=a6e32d5f2bd7a2ccca51edd2aa4ea143
to fix this you can tell curl to store cookies:
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
and you may need to disable CURLOPT_FOLLOWLOCATION, and just request webmail.php in a second call to curl (using the same cookie jar with the authenticated session).
try add this to your code
$cookie="cookie.txt";
if(!file_exists($cookie)) {
$fh = fopen($cookie, "w");
fwrite($fh,"");
fclose($fh);
}
curl_setopt($curl_connection, CURL_COOKIEJAR, $cookie);
curl_setopt($curl_connection, CURL_COOKIEFILE, $cookie);
curl_setopt($curl_connection, CURL_VERBOSE, true);
Hope this helpfull..