I wonder if is possible to keep the login while the cookie exists so i just need to do the login once, even on with differents scripts. I'm doing the things like this:
$tempCookie = 'mycookiefile';
//Begins with the base URL to save cookies
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $tempCookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $tempCookie);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible;)");
curl_exec($ch);
//Now i do the login
curl_setopt($ch, CURLOPT_URL, $loginUrl);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('username' => $usuario, 'password' => $password));
echo curl_exec($ch); //the login works
And now i do my stuff to get data from the url.
Could I skip all the login process and do it only once? like when we close a browser's window and we come back and we are still logged.
Related
When i login through htaccess loginbox i can navigate all files but when i login through curl:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_USERPWD,$_SESSION['numerTelefonu'].":".$_SESSION['smsHaslo']);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$result = curl_exec($ch);
echo $result;
Then every time when i go to other file, browser ask about pass.
How to save login data in session?
recently I've been working on a little project in order to post some information into a login page so I can access my schedule for school easily. Anyways the problem is I'm not able to post the password onto the website or submit the credentials. The only thing that actually works is posting the username. Here is the code:
<?php
$ch = curl_init();
$datafield = '__VIEWSTATE=%2FwEPDwULLTE2OTMyMjE5NzBkZKC3UMzpz2mvo4EH%2FkIAaElJ4cqX&__EVENTVALIDATION=%2FwEdAASUve01SuLnSrJ144bDmbDAY3plgk0YBAefRz3MyBlTcHY2%2BMc6SrnAqio3oCKbxYainihG6d%2FXh3PZm3b5AoMQa2TJXV1d0bJySVXtESf1LAcmqGM%3D&txtUserName=12345678&txtPassword=Password12345&btnLogin=Login';
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_URL, 'https://studentportal.eschooldata.com/Login.aspx?ReturnUrl=%2fhhs');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $datafield);
curl_setopt($ch, CURLOPT_URL, 'https://studentportal.eschooldata.com/Login.aspx?ReturnUrl=%2fSchedulePrint.aspx');
$result = curl_exec($ch);
curl_close($ch);
echo $result;
?>
I've looked through many threads but I still don't understand the issue. Any help would be appreciated. Also of course those aren't the real credentials.
Edit:
So I changed the code to this and I removed the duplicate CURLOPT_URL but now not even the Username is being inputted. Nothing is happening, the page just displays with nothing occuring.
<?php
$ch = curl_init();
$username = '12345678';
$password = 'Password12345';
$datafield = array('txtUserName' => $username, 'txtPassword' => $password);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_URL, 'https://studentportal.eschooldata.com/Login.aspx?ReturnUrl=%2fhhs');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($datafield));
curl_exec($ch);
$result = curl_exec($ch);
curl_close($ch);
echo $result;
}
?>
I am trying to login to a site using curl but for some reason when I use the print_r($login) to view the output, I always end up seeing the original login page without it being processed (it was supposed to return something like login success or fail), I think curl is not able to submit the form, any suggestion?
$user="something"; $pass="something";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, "username={$user}&password={$pass}");
curl_setopt($ch, CURLOPT_USERAGENT, "Something");
$login = curl_exec($ch);
print_r($login);
You need to add
curl_setopt($ch, CURLOPT_POST, TRUE);
To send POST content. Without it, your CURLOPT_POSTFIELDS will be ignored.
It looks like a webserver is ignoring my cookies. (used in PHP curl)
Getting the cookies works fine, but returning doesn't work. When I go to the website with my browser and remove the cookies I get the exact same behaviour.
How can I solve this? Does it have anything to do with the https?
Code:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://example.com/createAccount.jsp');
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_COOKIEFILE, "/var/www/ajax/Cache/Sessions/cookie.txt");
curl_setopt($ch, CURLOPT_COOKIEJAR, "/var/www/ajax/Cache/Sessions/cookie.txt");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
$result = curl_exec($ch);
curl_close($ch);
$ch = curl_init();
$data = array('_dyncharset' => 'UTF-8',
'_DARGS' => '/createAccount.jsp',
'firstName' => $firstname,
'login' => $email,
'lastName' => $lastname);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_URL, 'https://example.com/createAccount.jsp?action=createAccount');
curl_setopt($ch, CURLOPT_COOKIEFILE, "/var/www/ajax/Cache/Sessions/cookie.txt");
curl_setopt($ch, CURLOPT_COOKIEJAR, "/var/www/ajax/Cache/Sessions/cookie.txt");
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_HEADER, true);
$result = curl_exec($ch);
curl_close($ch);
make sure the CURLOPT_COOKIEJAR file is writeable by the server process (that executes the php script).
if that fails you can simply re-use the same instance of curl just drop the
curl_close($ch);
$ch = curl_init();
Remove below line from your first curl request. And it should work for you:
curl_setopt($ch, CURLOPT_COOKIEFILE, "/var/www/ajax/Cache/Sessions/cookie.txt");
CURLOPT_COOKIEFILE is used to send cookie to server from a file. So removing this line will mean sending no cookie. So server will not notice any previous visit :-)
I'm trying to login into twitter with php + curl, but I think there's something wrong with my request because I get this as response:
Something is technically wrong.
Thanks for noticing—we\'re going to fix it up and have things back to
normal soon.
The php code I'm using is:
<?php
$ch = curl_init($sTarget);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $sPost);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $_CKS);
curl_setopt($ch, CURLOPT_COOKIEFILE, $_CKS);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-type: multipart/form-data"));
curl_setopt($ch, CURLOPT_REFERER, "https://twitter.com");
?>
$sPost looks like this:
session[username_or_email]=user&session[password]=password&remember_me=1&scribe_log=&redirect_after_login=&authenticity_token=6e706165609354bd7a92a99cf94e09140ea86c6f
The code first fetches the login form fields so that the post variables do have the proper values(auth token). I just tried about everything and yes I know there's an api for this but I'd rather find out how to do it manual for learning's sake.
Thanks in advance.
The CURLOPT_COOKIESESSION is used to indicate a new session. That's not what you want, since you need to send the session cookie in the second post.
I got the twitter login to work with this code:
<?php
# First call gets hidden form field authenticity_token
# and session cookie
$ch = curl_init();
$sTarget = "https://twitter.com/";
curl_setopt($ch, CURLOPT_URL, $sTarget);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookie.txt");
curl_setopt($ch, CURLOPT_REFERER, "https://twitter.com/");
$html = curl_exec($ch);
# parse authenticity_token out of html response
preg_match('/<input type="hidden" value="([a-zA-Z0-9]*)" name="authenticity_token"\/>/', $html, $match);
$authenticity_token = $match[1];
$username = "your#email.com";
$password = "password";
# set post data
$sPost = "session[username_or_email]=$username&session[password]=$password&return_to_ssl=true&scribe_log=&redirect_after_login=%2F&authenticity_token=$authenticity_token";
# second call is a post and performs login
$sTarget = "https://twitter.com/sessions";
curl_setopt($ch, CURLOPT_URL, $sTarget);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $sPost);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-type: application/x-www-form-urlencoded"));
# display server response
curl_exec($ch);
curl_close($ch);
?>
PS: Sorry for not reading your post properly the first time.
I noticed two things:
1) Try to URL encode your POST data
such as:
session%5Busername_or_email%5D=user&session%5Bpassword%5D=password...
instead of:
session[username_or_email]=user&session[password]=password...
2) twitter has a hidden field named authenticity_token in the login form. It is bound to the session. Thus you cannot use a static authenticity_token, you have to read the login form first and use the authenticity_token field from there.
Hope that helps.