I have Symfony2 app running, that has login mechanism implemented.
However I need somehow to send request from other app, that checks whether requested URL exists on that system:
For example there's request http://myapp/order/1111 that I need to check whether it returns 200 OK header or 404 Not Found status;
When I send request it's unauthorized and get's redirected to login page /login which is returns 200 OK status header.
What I need is to somehow safely bypass login mechanism. Is there a way that I could add login credentials to request, or create additional login method?
EDIT:
As suggested in comments, I tried to use curl. But I can't figure out how make it work. Here's what I'v got, but It doesn't work.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://localhost/en/login');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6');
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_POST, true);
$html = new DOMDocument();
$html->loadHTML(curl_exec($ch));
if (curl_error($ch)) {
echo(curl_error($ch));
}
$csrf_token = $html->getElementById('csrf_token')->getAttribute('value');
curl_setopt($ch, CURLOPT_URL, 'http://localhost/en/login');
//curl_setopt($ch, CURLOPT_REFERER, 'http://localhost/en/login');
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'_username' => 'login_username',
'_password' => 'login_password',
'_remember_me' => 'on',
'_csrf_token' => $csrf_token
)));
curl_setopt($ch, CURLOPT_POST, true);
$result = curl_exec($ch);
if (curl_error($ch)) {
echo(curl_error($ch));
}
echo $result;
curl_close($ch);
Any suggestions, how to work with curl on this case?
I wrote a solution to this problem if anyone else struggling with this:
$ch = curl_init();
//get login form
curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6');
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_path);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_path);
//parse html to get csrf_token, I added id attribute to it for easier retrieving
$html = new DOMDocument();
$html->loadHTML(curl_exec($ch));
$csrf_token = $html->getElementById('csrf_token')->getAttribute('value');
if (curl_error($ch)) {
throw new Exception(curl_error($ch));
}
//send post request to login_check with parameters (csrf_token included)
curl_setopt($ch, CURLOPT_URL, $check_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'_username' => $username,
'_password' => $password,
'_remember_me' => 'on', //if you use remember me functionality
'_csrf_token' => $csrf_token
)));
curl_exec($ch);
if (curl_error($ch)) {
throw new Exception(curl_error($ch));
}
//request login protected urls
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, false);
curl_exec($ch);
if (curl_error($ch)) {
throw new Exception(curl_error($ch));
}
$info = curl_getinfo($ch);
curl_close($ch);
//I used this code in a function returning url and http_code for further processing
return array(
'url' => $info['url'],
'http_code' => $info['http_code']
);
I was having a problem with localization. I used to pass login_check url with locale like this http://localhost/en/login_check, by removing locate I fixed the problem: http://localhost/login_check
Related
I am trying to do API calls to Airbnb, but you must be logged in to make these calls, and with no public API, I am left to try and come up with a solution.
I am first trying to login via CURL, I am trying to use this piece of code but I'm not having much luck.
$url = "https://www.airbnb.co.uk/login";
$postinfo = "email=".$username."&password=".$password;
$cookie_file_path = $path."/cookie.txt";
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_NOBODY, false);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
//for certain features, set the cookie the site has - this is optional
curl_setopt($ch, CURLOPT_COOKIE, "cookiename=0");
curl_setopt($ch, CURLOPT_USERAGENT,
"Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER['REQUEST_URI']);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postinfo);
curl_exec($ch);
curl_setopt($ch, CURLOPT_URL, $url);
$html_data = curl_exec($ch);
curl_close($ch);
echo $html_data;
The response I get is:
{
success: false,
redirect: ""
}
Where am I going wrong ( I have declared the vars, username, and password but have obviously left that out).
You can't login to Airbnb by curl because Airbnb uses google captcha which can't be resolved. This is why it returns success: false.
If you want to do something with their application you should try to go here and apply as partner in order to use their API.
Login URL is: https://192.X.X.X/abc/Login.aspx?FromMasterLogin=true
Header data sent by login page:
__EVENTTARGET:btnLogin
__EVENTARGUMENT:
__VIEWSTATE:/wEPDwULLTEwNzI1MzU5MzBkGAIFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYGBQhidG5Mb2dpbgUPYnRuQ2xlYXJTZXNzaW9uBRFSYWRXaW5kb3dNYW5hZ2VyMQUOcmR3aW5kb3dGb3JnZXQFD3Jkd2luZG93RW5mb3JjZQUYcmRXaW5kb3dQdWJsaWNOZXdzQWxlcnRzBQpyYWRDYXB0Y2hhDxQrAAIFJDQyM2FlNDE3LTEwMTctNDE2OS1hNjgzLTBmMjMyZDZkMDdmZAYAAAAAAAAAAGQdkHIfEfL2XAG+8+/wu30lMfjmEwOeIiiC7jveX5PnZg==
__EVENTVALIDATION:/wEdAAfBlkUqNKBEV3moC9pS8IJTY3plgk0YBAefRz3MyBlTcJxpWckI3qdmfEJVCu2f5cGinihG6d/Xh3PZm3b5AoMQf2Dr69OxAarGhVFbQWZWFpd+ecw9lQ5sg8SY03yGmgNKhPS/+yQ5+zLwEb8uDfAwYKkBfoLWkbIJoPnHfXTqz5B/GZyy44ThZCPCAskCEVA=
txtUserName:admin
txtUserName_ClientState:{"enabled":true,"emptyMessage":""}
txtpassword:admin#123
txtpassword_ClientState:{"enabled":true,"emptyMessage":""}
btnLogin_ClientState: btnClearSession_ClientState:
rdwindowForget_ClientState: rdwindowEnforce_ClientState:
rdWindowPublicNewsAlerts_ClientState: RadWindowManager1_ClientState:
Below is the code
<?php
//username and password of account
$username = 'admin';
$password = 'admin#123';
//login form action url
$url="https://192.168.X.X/abc/Login.aspx?FromMasterLogin=true";
$postinfo ='txtUserName:admin&txtpassword:admin#123';
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_NOBODY, false);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
//set the cookie the site has for certain features, this is optional
curl_setopt($ch, CURLOPT_COOKIE, "cookiename=0");
curl_setopt($ch, CURLOPT_USERAGENT,
"Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER['REQUEST_URI']);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postinfo);
curl_exec($ch);
//page with the content I want to grab
//curl_setopt($ch, CURLOPT_URL, "https://192.168.X.X/abc/MemberManagement/MemberFileDownload.aspx");
//do stuff with the info with DomDocument() etc
$html = curl_exec($ch);
echo $html;
curl_close($ch);
?>
But the result says session expired.
I realize this doesn't answer your specific question about curl, but it might be worth trying the Guzzle HTTP client for PHP, which includes some functionality for maintaining sessions and reduces the confusion of working with curl directly.
Here's a snippet from the Guzzle documentation:
// Use a specific cookie jar
$jar = new \GuzzleHttp\Cookie\CookieJar;
$r = $client->request('GET', 'http://httpbin.org/cookies', [
'cookies' => $jar
]);
// Use a shared client cookie jar
$client = new \GuzzleHttp\Client(['cookies' => true]);
$r = $client->request('GET', 'http://httpbin.org/cookies');
I am trying to login into oscommerce admin panel via cURL and PHP, I put already the right login and password in the post_array but I keep getting "Error: Invalid administrator login attempt." Am I sending the POST data and saving the cookies correctly?
Here is my code:
<?php
$agent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729; .NET4.0E)';
$username = 'PromptUsername';
$password = 'PromptPassword';
$URL = 'http://www.example.com/admin/login.php'; //'http://www.example.com/admin/categories.php?cPath=21';
$path1 = 'cookies/';
$post_array = array(
'username'=>'usernAme',
'password'=>'passw0rd'
);
$authURL = $URL.'?action=process';
// Login here
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $authURL);
curl_setopt($ch,CURLOPT_USERAGENT,$agent);
curl_setopt($ch, CURLOPT_COOKIEJAR, realpath($path1.'cookies.txt') );
curl_setopt($ch, CURLOPT_COOKIEFILE, realpath($path1.'cookies.txt'));
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
curl_setopt($ch, CURLOPT_REFERER, $URL);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_array));
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'method' => 'POST',
"Authorization: Basic ".base64_encode("$username:$password")."\r\n",
));
$debug = curl_getinfo($ch, CURLINFO_HTTP_CODE);
var_dump($debug);
$store = curl_exec ($ch);
var_dump($store);
?>
You are adding \r\n with the authorization header which upsetting the server. Just remove them.
"Authorization: Basic ".base64_encode("$username:$password"),
I would like to get the html of the page. After some google-ing, i found following code, which isn't working.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$passwd");
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
$output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
echo $output;
edit: something like this then:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, '');
curl_setopt($ch, CURLOPT_POSTFIELDS,'username='.urlencode($username).'&passwd='.urlencode($passwd));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/my_cookies.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/my_cookies.txt");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3");
curl_setopt($ch, CURLOPT_REFERER, "");
$output = curl_exec($ch);
echo $output
This just shows the target page, it doesn't log in, nor does it return the html code.
edit 2: now tried with $data = array('username' => $username, 'passwd' => $passwd); and curl_setopt($ch, CURLOPT_POSTFIELDS,$data);
This shows the same as above + an error: Request Entity Too Large
That page does not use HTTP Basic Authentication.
You need to make an HTTP request to match what submitting the form would sent, then you need to process the response (which will probably involve storing cookies).
Does any one have have some PHP login curl code for SMF version 1.1.11
I tried and it logs then when I check the curl output, but when the broswer loads, they are no longer logged in
My code
function login($data)
{
if(function_exists('curl_init' )) {
$_SESSION['old_url'] = $_SERVER['HTTP_HOST'] .'test';
// smf needs this sigh
// create a new cURL resource
$data = array( 'noverify'=>1 , 'user'=> $data['username'] , 'passwrd' => $data['password'] ,'hash_passwrd'=>$data['password'], 'cookielength'=>'60');
$ch = curl_init();
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, $_SERVER['HTTP_HOST'] . "/forum/index.php?action=login2");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HEADER, 0);
$agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)";
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__).'/cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__).'/cookie.txt');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
// grab URL and pass it to the browser
$a = curl_exec($ch);
//$ch_temp=curl_copy_handle($ch);
//print_r($ch_temp);
// close cURL resource, and free up system resources
curl_close ($ch);
}
}
That's to be expected. Your script and your browser do not use the same cookie. It's like if you logged in with Firefox and expected that when you open Chrome you'll be logged in as well.