I'm using the following commands to read a remote XML file in a PHP web page:
$url = 'http://www.examplesite.com/xml';
$xml = simplexml_load_file($url);
Unfortunately, the site uses digest authentication and a username/password box normally pops up and requires me to log into the site. It does not work to embed my username and password in the URL itself (like http://USER:PASSWORD#examplesite.com/), nor is this very secure.
How do I authenticate (in PHP) to get the XML file?
function get($url, $user, $pass) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$res = curl_exec();
curl_close($ch);
return $res;
}
You can do this with cURL. Note that first 3 curl flags - forbid reuse, fresh connect, follow location, are probably not needed but may be required in some cases(a 302 post auth etc.).
Related
The purpose of this CURL is to generate a token for the user. If the token is returned correctly, then the user can be able to access all the menus. If not, the user will get a logout from the application.
$ch = curl_init();'
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_PROXY, 'Proxy IP');
curl_setopt($ch, CURLOPT_POST, count($data));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
$result = curl_exec($ch);
What I am missing here??
NOTE: The server I am connecting to is in the AWS cloud, and we already have a server which is outside the cloud, and the curl is working fine and the generated token is receiving. I am not sure what the problem here is.
I am using CURL to invoke an API with self signed public key in .pfx extension
function execute_curl($string,$URL)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $URL);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/xml','SOAPAction:"http://xxxxxxxxxxxxxxxxxx/SendDoc"'));
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $string);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
$ch_result = curl_exec($ch);
return $ch_result;
}
I cannot set the CURLOPT_SSL_VERIFYPEER to FALSE for security purpose, anyone can show me how I can properly add the certificate along with its password into curl? EDIT I am not even sure if that is the solution for it, so far I am only getting no response from it. Any additional solution or ways to make it work is very much appreciated.
Also, I am trying to make it work on 2 environment, my dev environment which is in windows and also my test server environment which is in fedora, should the certificate be in different format?
I've searched high and low for the answer to this question but cant find anything...
We've got a single server and on it we've got a PHP service with an API.
We've recently written an PHP app which interacts with the API. When it goes live the API and the app will be on the same server.
However, when they are on the same server the cURL requests from the app to the API always return false. I'm sure this must be something to do with the way that the request is being routed by the server. Is there any way to make this work properly?
$url = 'http://api.some_address_on_the_same_server.com';
$postdata = array(...);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch); // $result is always false when on the same server for some reason
curl_close($ch);
Must be related to locking session situations. Try this way.
<?php
$url = 'http://api.some_address_on_the_same_server.com';
$postdata = array(...);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
session_write_close();
$result = curl_exec($ch); // $result is always false when on the same server for some reason
curl_close($ch);
session_start();
?>
EDIT :
Have you added an exception in your windows host file ?
/windows/system32/drivers/etc/hosts
like
127.0.0.1 yourdomain.com
For more information. Check out this
Since recently, cPanel has changed the way that it logs in.
Before login, the url is : https://accessurl:2083/
After login : https://accessurl:2083/cpsessXXXX/frontend/x3/index.html?post_login=89711792346495
You will note the cpsessXXXX embedded in the url.
And the page to access AWSTATS is :https://accessurl:2083/cpsessXXXX/awstats.pl?config=domain_name&ssl=&lang=en
I have tried the following PHP code
$username = 'xxx';
$password = 'xxx';
$loginUrl = 'https://<accessurl>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $loginUrl);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'user='.$username.'&pass='.$password);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_PORT,2083);
$store = curl_exec($ch);
curl_close($ch);
When I step through the code, the value of $store is FALSE, meaning that the login process failed.
The only reference that I found on the web to a similar problem is
at http://blog.mcfang.com/ in the March 28 entry.
I was hoping that cookies.txt would have the cpsessXXXX info, but no file is created.
Thanks for any help
You need to reference the security token back to cPanel in order for your script to be accepted. As per the documentation over at cPanel documentation for Security tokens
Take the following example:
function createSession() { // Example details
$ip = "127.0.0.1";
$cp_user = "username";
$cp_pwd = "password";
$url = "http://$ip:2082/login";
$cookies = "/path/to/storage/for/cookies.txt";
// Create new curl handle
$ch=curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies); // Save cookies to
curl_setopt($ch, CURLOPT_POSTFIELDS, "user=$cp_user&pass=$cp_pwd");
curl_setopt($ch, CURLOPT_TIMEOUT, 100020);
// Execute the curl handle and fetch info then close streams.
$f = curl_exec($ch);
$h = curl_getinfo($ch);
curl_close($ch);
// If we had no issues then try to fetch the cpsess
if ($f == true and strpos($h['url'],"cpsess"))
{
// Get the cpsess part of the url
$pattern="/.*?(\/cpsess.*?)\/.*?/is";
$preg_res=preg_match($pattern,$h['url'],$cpsess);
}
// If we have a session then return it otherwise return empty string
return (isset($cpsess[1])) ? $cpsess[1] : "";
}
cpsess is used to append the URLs the correct token that cPanel expects back.
You can send the "Authorization" row by Headers adding this simple row:
$header[0] = "Authorization: Basic " . base64_encode($cp_user.":".$cp_pwd) . "\n\r";
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
So you can send a request directly to the resource $myResource, without cookies and anything else.
Simply:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $myResource);
$header[0] = "Authorization: Basic " . base64_encode($cp_user.":".$cp_pwd) . "\n\r";
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_PORT,2083);
$store = curl_exec($ch);
curl_close($ch);
You should consider to use the XML API of CPanel. On Github you can find the xmlapi-php class, it works great and help me to keep the code simple and easy to update!
I have a server that prompts for http authentication before it gives personalized json results.
How can I write a php script that runs on another box to prompt for the auth, pass it along and pull the results?
Just create a HTML form with login and password inputs, and then retrieve data with cURL.
$curl = curl_init('http://example.com/api');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_USERPWD, $_POST['login'].':'.$_POST['password']);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
$response = curl_exec($curl);
If you want to be more "interactive" try to add some AJAX stuff.
make sure this is going with SSL. otherwise, anyone could hijack your unencrypted credential.
Change USER:PASS to be the username and password, and change the URL to your URL. The return value is in $jsonStr.
// create a new cURL resource
$ch = curl_init();
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, "http://www.example.com/");
// Puts return in variable rather than the browser
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "USER:PASS");
// grab URL and pass it to the variable
$jsonStr = curl_exec($ch);
// close cURL resource, and free up system resources
curl_close($ch);