I have a problem with my requests with cURL.
I want to log-in, it works. I want to conserve the cookie to keeep the connexion available, it works.
$lien = 'https://thewebsite.com';
$postfields = array(
'username' => 'test123',
'password' => 'test123'
);
$path_cookie = 'connexion.txt';
if (!file_exists(realpath($path_cookie))) touch($path_cookie);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $lien);
curl_setopt($curl, CURLOPT_COOKIESESSION, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postfields);
curl_setopt($curl, CURLOPT_COOKIEJAR, realpath($path_cookie));
$return = curl_exec($curl);
echo($return);
curl_close($curl);
Second part :
$lien2 = 'https://thewebsite.com/myaccount';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $lien2);
curl_setopt($curl, CURLOPT_COOKIESESSION, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postfields);
curl_setopt($curl, CURLOPT_COOKIEFILE, realpath($path_cookie));
$return = curl_exec($curl);
echo realpath($path_cookie);
curl_close($curl);
But when I want to make an other requests, it won't work, the output is :
Object moved to here.
Here is the page of the login (https://thewebsite.com) ...
So the connexion doesn't stay available and the server has been kicked out when I try to achieve the second curl command.
Any one can help me please?
Maybe the first request isn't complete before the second one, how can I make a pause between the 2 requests? (sleep won't work)
Taken from php documentation:
CURLOPT_COOKIESESSION:
TRUE to mark this as a new cookie "session". It will force libcurl to ignore all cookies it is about to load that are "session cookies" from the previous session. By default, libcurl always stores and loads all cookies, independent if they are session cookies or not. Session cookies are cookies without expiry date and they are meant to be alive and existing for this "session" only.
So in other words, remove CURLOPT_COOKIESESSION from your second part code and your code should work.
Related
I have multiple application nodes under a load-balancer which is making it problematic for me to save cookies on file as it might save on one node but then next request might point to the other node where the file doesn't exist.
This is the code I use to do the request which works fine on a single node but not on multiple ones:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $endpoint);
curl_setopt($ch, CURLOPT_USERAGENT, $this->userAgent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_HEADER, true);
if ($this->proxy) {
curl_setopt($ch, CURLOPT_PROXY, $this->proxy);
}
if (!is_null($headers)) {
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_COOKIEFILE, $this->settingsPath . $this->username . '-cookies.dat');
curl_setopt($ch, CURLOPT_COOKIEJAR, $this->settingsPath . $this->username . '-cookies.dat');
if ($post) {
curl_setopt($ch, CURLOPT_POST, count($post));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
}
$resp = curl_exec($ch);
So is there any other way I could grab the "Set-Cookie" headers directly, save them into a session and re-use them instead of using COOKIEJAR and COOKIEFILE?
I know there is CURLOPT_COOKIE, however my response header seems to have multiple "Set-Cookie" references and I don't know how to format them to use in CURLOPT_COOKIE.
Or at least is there a way to store the cookie files with CURLOPT_COOKIEJAR in a centralized storage server and read them back from there and how would I go on doing so?
Thanks in advance.
store/load the cookies from a database. you can use the browser client's cookie session id as the db id (aka what you get from session_id()). also, don't hardcode cookie locations, that's asking for trouble (what happens when 2 people load the same page with the same hardcoded cookie location at the same time? or what happens if you're on a read-only filesystem, where PHP doesn't have write-access?), just use tmpfile.
Is it possible to set multiple curl_setopt only once and re-use them in future curl exec's as long as the curl handle is not closed ? (Especially Useragent and the Cookie)
<?php
$curl = curl_init();
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HEADER, TRUE);
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 Gecko/20100101 Firefox/49.0");
curl_setopt($curl, CURLOPT_COOKIE, "PHPSESSID=".session_id());
curl_setopt($curl, CURLOPT_URL, "https://foo.bar/action/");
$ret = curl_exec($curl);
## DO SOME STUFF ##
curl_setopt($curl, CURLOPT_URL, "https://foo.bar/anotherAction/"); // Set only new URL ..
curl_setopt($curl, CURLOPT_POSTFIELDS, $data); // ... and the POST data.
$ret2 = curl_exec($curl);
curl_close($curl);
?>
Solution is as simple as the question .. just do it the way I did in the question. As long as the cURL session is not closed by curl_close();, you can query as many requests as you like with the headers of your choice only set once after curl_init();.
I am trying to access a page, say http://www.domain.com/profile. The action and login urls are the same, and I am trying to save cookies to http://www.example.com/cookies.txt for authentication. Here is the code I'm using:
$loginURL = 'http://www.domain.com/login';
$COOKIE_FILE = 'http://wwww.example.com/cookies.txt';
$postValues = array(
'username' => 'myusername',
'password' => 'mypassword'
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $loginURL);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postValues));
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_COOKIEJAR, $COOKIE_FILE);
curl_setopt($curl, CURLOPT_USERAGENT, 'Chrome/35.0.2309.372');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_REFERER, $loginURL);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_exec($curl);
if(curl_errno($curl)){throw new Exception(curl_error($curl));}
// now we are logged in, attempt to access a password-protected page
curl_setopt($curl, CURLOPT_URL, 'http://www.domain.com/profile');
curl_setopt($curl, CURLOPT_COOKIEJAR, $COOKIE_FILE);
curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
echo curl_exec($curl);
It seems like the curl requests are successful, but I am getting echoed a page from the server saying "Unauthorized Access". I don't think my cookies system is working correctly? How can I check that? How do I fix it?
Set CURLOPT_COOKIEFILE to same path as CURLOPT_COOKIEJAR. curl reads from file and writes to jar.
ETA: One likely reason your script doesn't work is that you don't send the cookie data from the first request in the second request.
So the actual answer was that the login was through CAS, which necessitates a much more complicated authentication process. However, my code above was improperly using CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR, so after I made those fixes I discovered I needed a rework of the approach.
I'm writing a function to fetch the captcha, of course it needs to keep the session. I'm using cookie file for curl and use it for every request but it does not work. When I view the cookie file, I see that the PHPSESSID changed each time I call the function. How could I solve it?
Here is my code
<?php
function fetch_captcha($url, $cookie_file = false, $user_agent = DEFAULT_USER_AGENT, $timeout = 10) {
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_VERBOSE, true);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
if ($cookie_file) {
curl_setopt($curl, CURLOPT_COOKIESESSION, true);
curl_setopt($curl, CURLOPT_COOKIEJAR, $cookie_file);
curl_setopt($curl, CURLOPT_COOKIEFILE, $cookie_file);
}
curl_setopt($curl, CURLOPT_USERAGENT, $user_agent);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, $timeout);
$response = curl_exec($curl);
curl_close($curl);
return $response;
}
Don't use:
curl_setopt($curl, CURLOPT_COOKIESESSION, true);
PHPSESSID is a session cookie, and this option causes each cURL call to start a new session, so it ignores all session cookies in the file.
I have a server that prompts for http authentication before it gives personalized json results.
How can I write a php script that runs on another box to prompt for the auth, pass it along and pull the results?
Just create a HTML form with login and password inputs, and then retrieve data with cURL.
$curl = curl_init('http://example.com/api');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_USERPWD, $_POST['login'].':'.$_POST['password']);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
$response = curl_exec($curl);
If you want to be more "interactive" try to add some AJAX stuff.
make sure this is going with SSL. otherwise, anyone could hijack your unencrypted credential.
Change USER:PASS to be the username and password, and change the URL to your URL. The return value is in $jsonStr.
// create a new cURL resource
$ch = curl_init();
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, "http://www.example.com/");
// Puts return in variable rather than the browser
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "USER:PASS");
// grab URL and pass it to the variable
$jsonStr = curl_exec($ch);
// close cURL resource, and free up system resources
curl_close($ch);