I am trying to write an "auto-login" script, that uses curl to log in to a specific site and then echoing the response, so that the user can "bypass" the login.
(For example, to grant one-time logins etc)
Obviously, using the following method, the cookie is stored on the server, not on the client, in cookie.txt.
I've tried setting $_COOKIE, but that won't work, since the URLs (actually subdomains) of the auto-login script and the service to be logged into, are different.
Login works fine. You see the screen as if you were logged in, but clicking any link requires you to login again.
Any ideas? Thanks
The code I've used to auto-login:
<?php
$username="email#domain.com";
$password="password";
$url="http://sub.domain-to-login.com/index.php/sessions/login";
$cookie="cookie.txt";
$postdata = "email=".$username."&password=".$password.'&btn_login=Login';
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
curl_close($ch);
echo $result;
?>
I guess that you need to replace all links (in $result) from http://sub.domain-to-login.com/index.php/stuff to something like http://mysite.com?url=http://sub.domain-to-login.com/index.php/stuff and then using curl download this site again.
You just cannot set cookie for diffrent site.
Related
Let's say I've one site LoginSite and other two sites site1 and site2.
Now, If user logs in from LoginSite then he/she should be automatically logged in into the site1 and site2.
I've tried below two ways for the same
Way1 :: using ajax
I've white listed LoginSite's domain into site1 and site2.
But, It has only enabled cross domain ajax requests. It is not storing session for site1 and site2.
Way2 :: using cURL
I've tried the same using cURL by set of below code.
$username="mylogin#gmail.com";
$password="mypassword";
$url="http://site1.com/api/login";
$cookie="cookie.txt";
$postdata = "username=myusername#gmail.com&password=mypassword";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
echo $result;
curl_close($ch);
Above code is not working. There must be something missing. I guess somehow I've to return sessionID from site1 and use it.
Pl. help/guide me how to do this.
Note : I do not want to post form to site1 or site2
LoginSite must generate a UniqueID and give it back to the connected User, it will be used as a token
When User connect to site2 it will send his token, and site2 will ask for his validity, if it still valid, so it will accept the connection and creting a session
Conclusion : think about token, validity and security :)
I'm trying to login to a remote site using CURL but I just keep getting the error message your session has expired, please re-login.
$username="xxxxxx";
$password="yyyyyyyy";
$url="https://remotesite.com/my.activation.php3";
$cookie="cookie.txt";
$postdata = "username=".$username."&password=".$password;
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
// check for errors before close
$result = curl_exec($ch);
echo $result;
curl_close($ch);
The cookie file is writeable and something is getting written to it. Any ideas what I can try to keep the session going?
Make sure you're using the correct option for CURLOPT_COOKIE*.
CURLOPT_COOKIEJAR - The name of a file to save all internal cookies to when the handle is closed, e.g. after a call to curl_close.
CURLOPT_COOKIE - The contents of the "Cookie: " header to be used in the HTTP request. Note that multiple cookies are separated with a semicolon followed by a space (e.g., "fruit=apple; colour=red")
CURLOPT_COOKIEFILE - The name of the file containing the cookie data. The cookie file can be in Netscape format, or just plain HTTP-style headers dumped into a file. If the name is an empty string, no cookies are loaded, but cookie handling is still enabled.
Additionally, enabling CURLOPT_VERBOSE may be of assistance when debugging cURL.
use curl_setopt ($ch, CURLOPT_COOKIESESSION, TRUE);
My code is doing the login to a remote site using CURL. But it is not keeping the session alive there. In my case I am logging into the site using the following code.
$username=$options['session[login]'];
$password=$decryptedPassword;
$cookie = tempnam("/tmp", "cookies");
$postdata = "session[login]=".$username."&session[password]=".$password;
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
$result = str_replace("href=\"","href=\"$onappurl\\",$result);
$result = str_replace("href=\"$onappurl\\","href=\"$onappurl",$result);
echo $result;
curl_close($ch);
Now the result is echoed in a popup and it is showing logged in interface. But if I click on any link of the site, I loose the session and it is redirected to the login page.
I think this is because your server is sending the request, and the remote site is creating a session for your server, not for you. So, if you click a link that redirects to that remote site, and you do not have an active session there, you will be prompted to log in.
I have a php script that is being used login into a remote site and it is working well. However it seems to only works when the designated cookie file is named cookie.txt
What I want is for each person who uses this script to have a separate cookie file. So if a person on machineA uses it on the 19th they're cookie will be located in something like /tmp/19/someNameCookie.txt, machineB would have /tmp/19/someOtherNamedCookie.txt, and if machineC uses it on the 20th they will have /tmp/20/someNamedCookie.txt.
There are many ways to generate uniquely named files but the key here is getting them to work. I've very young in the php knowledge and completely new to curl.
On a side note, I've also have had no success using CURLOPT_FOLLOWLOCATION for getting the new page that results from logging in.
Thanks.
Here's a code exert. Got to this from another source.
$username=urlencode($usr);
$password=urlencode($pass);
$url="http://domain.com/";
$cookie="cookie.txt";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_HEADER, 1);
curl_setopt ($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie); // have tried with just the jar, and just the file and both
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
echo $result;
curl_close($ch);
And this is the code I would call after to check if the login is successful
$ch2 = curl_init();
//curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch2, CURLOPT_COOKIEFILE, $cookie);
curl_setopt ($ch2, CURLOPT_URL, "http://domain.com/");
$r = curl_exec($ch2);
echo $r;
curl_close($ch2);
From my understanding curl is supposed to create the cookie file if it doesn't exist. I've also tried creating other files manually and through script using fopen but still only works if I'm using cookie.txt, and right now it's all being saved to public_html just for testing.
set the Cookie Jar
<?php
$machine = 'PC_A'; // here it's your problem how you define each machine
$cookie_file = "/tmp/".date('d')."/".$machine."_cookie.txt";
// and set the cURL cookie jar and file
if (!file_exists($cookie_file) || !is_writable($cookie_file)){
echo 'Cookie file missing or not writable.';
die;
}
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file);
?>
use for example session_id() for cookie file name, it is unique for every single machine connecting to your application, and its still the same till it expires
Well, I want to login using cURL on some page.
When i paste this data in addressbar in that form in the browser
http://mywebpage.net/login.php?username=HERESMYUSERNAME&password=dded0102f44e7e0809520eb93055cb16
page takes me to the address http://mywebpage.net/user.php and everything works.
Now i want to get the same effect by using cURL but something does not work.
$url="http://mywebpage.net/login.php";
$cookie="cookie.txt";
$postdata = "username=cow&password=ass";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
if (!$result) {
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch); // make sure we closeany current curl sessions
die($http_code.' Unable to connect to server. Please come back later.');
}
echo $result;
curl_close($ch);
it's showing me the login page with empty input's and it don't login me and move to the correct address.
When I type www.mywebpage.net/user.php shows "Err 401"
Working code here:
$url="http://mywebpage.net/login.php?username=user&password=ddad0102f44e7f0800354eb11155cb16";
$cookie="cookie.txt";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
if (!$result) {
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch); // make sure we closeany current curl sessions
die($http_code.' Unable to connect to server. Please come back later.');
}
echo $result;
curl_close($ch);
How i can now redirect myself to /all.php?
I see 3 things wrong
You are using CURL POST instead of GET
CURLOPT_FOLLOWLOCATION is set to false but your login script does redirection to user.php , even if the authentication works you would be getting empty response. I think you should set CURLOPT_FOLLOWLOCATION to true
The Url you gave not valid or not working .. am not sure if this is the real URL or just an example.
Thanks
:)