I'm trying to login to a remote site using CURL but I just keep getting the error message your session has expired, please re-login.
$username="xxxxxx";
$password="yyyyyyyy";
$url="https://remotesite.com/my.activation.php3";
$cookie="cookie.txt";
$postdata = "username=".$username."&password=".$password;
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
// check for errors before close
$result = curl_exec($ch);
echo $result;
curl_close($ch);
The cookie file is writeable and something is getting written to it. Any ideas what I can try to keep the session going?
Make sure you're using the correct option for CURLOPT_COOKIE*.
CURLOPT_COOKIEJAR - The name of a file to save all internal cookies to when the handle is closed, e.g. after a call to curl_close.
CURLOPT_COOKIE - The contents of the "Cookie: " header to be used in the HTTP request. Note that multiple cookies are separated with a semicolon followed by a space (e.g., "fruit=apple; colour=red")
CURLOPT_COOKIEFILE - The name of the file containing the cookie data. The cookie file can be in Netscape format, or just plain HTTP-style headers dumped into a file. If the name is an empty string, no cookies are loaded, but cookie handling is still enabled.
Additionally, enabling CURLOPT_VERBOSE may be of assistance when debugging cURL.
use curl_setopt ($ch, CURLOPT_COOKIESESSION, TRUE);
Related
I need to login to another site with php then get the contents from another page of this site, because after login it goes to the home page I need the customers page.
I tried with file_get_contents and curl but the latter is known to be better here the code with php curl:
$username='username';
$password='password';
$cookie="/home/cookie.txt";
$url = 'http://the-site.com/';
$postdata = "?&username=$username&password=$password&op=login&rUrl=?
op=customers";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
$result = curl_exec ($ch);
echo $result;
curl_close($ch);
op and rUrl are the names of hidden input tag.
If I put the $url+$postdata in the address bar of the browser it goes to the desired page, but through code it doesn't work as expected, it remains to the login page without entering in.
Your $postdata appears to be invalid - it shouldn't have that leading ?&. Also op appears twice, second time as op=customers after another ?:
$postdata = "?&username=$username&password=$password&op=login&rUrl=?
op=customers";
http_build_query is recommended here to ensure you generate a precise URL-encoded query string, like so:
$postdata = [
'username' => $username,
'password' => $password,
'op' => 'login',
'rUrl' => 'customers',
];
echo '$postdata: ' . http_build_query($postdata);
exit;
Setting:
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
it works because:
CURLOPT_FOLLOWLOCATION TRUE to follow any "Location: " header that the server sends as part of the HTTP header (note this is recursive, PHP will follow as many "Location: " headers that it is sent, unless CURLOPT_MAXREDIRS is set).
After log in it will be redirected to the page specified in the url.
Let's say I've one site LoginSite and other two sites site1 and site2.
Now, If user logs in from LoginSite then he/she should be automatically logged in into the site1 and site2.
I've tried below two ways for the same
Way1 :: using ajax
I've white listed LoginSite's domain into site1 and site2.
But, It has only enabled cross domain ajax requests. It is not storing session for site1 and site2.
Way2 :: using cURL
I've tried the same using cURL by set of below code.
$username="mylogin#gmail.com";
$password="mypassword";
$url="http://site1.com/api/login";
$cookie="cookie.txt";
$postdata = "username=myusername#gmail.com&password=mypassword";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
echo $result;
curl_close($ch);
Above code is not working. There must be something missing. I guess somehow I've to return sessionID from site1 and use it.
Pl. help/guide me how to do this.
Note : I do not want to post form to site1 or site2
LoginSite must generate a UniqueID and give it back to the connected User, it will be used as a token
When User connect to site2 it will send his token, and site2 will ask for his validity, if it still valid, so it will accept the connection and creting a session
Conclusion : think about token, validity and security :)
I am trying to write an "auto-login" script, that uses curl to log in to a specific site and then echoing the response, so that the user can "bypass" the login.
(For example, to grant one-time logins etc)
Obviously, using the following method, the cookie is stored on the server, not on the client, in cookie.txt.
I've tried setting $_COOKIE, but that won't work, since the URLs (actually subdomains) of the auto-login script and the service to be logged into, are different.
Login works fine. You see the screen as if you were logged in, but clicking any link requires you to login again.
Any ideas? Thanks
The code I've used to auto-login:
<?php
$username="email#domain.com";
$password="password";
$url="http://sub.domain-to-login.com/index.php/sessions/login";
$cookie="cookie.txt";
$postdata = "email=".$username."&password=".$password.'&btn_login=Login';
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
curl_close($ch);
echo $result;
?>
I guess that you need to replace all links (in $result) from http://sub.domain-to-login.com/index.php/stuff to something like http://mysite.com?url=http://sub.domain-to-login.com/index.php/stuff and then using curl download this site again.
You just cannot set cookie for diffrent site.
My code is doing the login to a remote site using CURL. But it is not keeping the session alive there. In my case I am logging into the site using the following code.
$username=$options['session[login]'];
$password=$decryptedPassword;
$cookie = tempnam("/tmp", "cookies");
$postdata = "session[login]=".$username."&session[password]=".$password;
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
$result = str_replace("href=\"","href=\"$onappurl\\",$result);
$result = str_replace("href=\"$onappurl\\","href=\"$onappurl",$result);
echo $result;
curl_close($ch);
Now the result is echoed in a popup and it is showing logged in interface. But if I click on any link of the site, I loose the session and it is redirected to the login page.
I think this is because your server is sending the request, and the remote site is creating a session for your server, not for you. So, if you click a link that redirects to that remote site, and you do not have an active session there, you will be prompted to log in.
I have a php script that is being used login into a remote site and it is working well. However it seems to only works when the designated cookie file is named cookie.txt
What I want is for each person who uses this script to have a separate cookie file. So if a person on machineA uses it on the 19th they're cookie will be located in something like /tmp/19/someNameCookie.txt, machineB would have /tmp/19/someOtherNamedCookie.txt, and if machineC uses it on the 20th they will have /tmp/20/someNamedCookie.txt.
There are many ways to generate uniquely named files but the key here is getting them to work. I've very young in the php knowledge and completely new to curl.
On a side note, I've also have had no success using CURLOPT_FOLLOWLOCATION for getting the new page that results from logging in.
Thanks.
Here's a code exert. Got to this from another source.
$username=urlencode($usr);
$password=urlencode($pass);
$url="http://domain.com/";
$cookie="cookie.txt";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_HEADER, 1);
curl_setopt ($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie); // have tried with just the jar, and just the file and both
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
echo $result;
curl_close($ch);
And this is the code I would call after to check if the login is successful
$ch2 = curl_init();
//curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch2, CURLOPT_COOKIEFILE, $cookie);
curl_setopt ($ch2, CURLOPT_URL, "http://domain.com/");
$r = curl_exec($ch2);
echo $r;
curl_close($ch2);
From my understanding curl is supposed to create the cookie file if it doesn't exist. I've also tried creating other files manually and through script using fopen but still only works if I'm using cookie.txt, and right now it's all being saved to public_html just for testing.
set the Cookie Jar
<?php
$machine = 'PC_A'; // here it's your problem how you define each machine
$cookie_file = "/tmp/".date('d')."/".$machine."_cookie.txt";
// and set the cURL cookie jar and file
if (!file_exists($cookie_file) || !is_writable($cookie_file)){
echo 'Cookie file missing or not writable.';
die;
}
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file);
?>
use for example session_id() for cookie file name, it is unique for every single machine connecting to your application, and its still the same till it expires