I'm simply trying to automatically login to a login form via php and cURL
I have:
<?php
# get url to form
$url = "http://thesite.com/login.php";
$ch = curl_init($url); # initialize that form
#run value of $_POST variable in form fields from above url.
$params = "username='' OR '1'='1&password='' OR '1'='1&login-php-submit-button=submit";
## set cURL options
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params); #set parameter $_POST fields
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
if (!$response) {
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch); // make sure we closeany current curl sessions
die(stripslashes($http_code.' Can\'t connect to server.'));
}
//curl_close($ch); // close curl session
## echo the result from cURL 'ing
echo $response;
curl_close($ch);
?>
When I visit this script it just shows the value of $url as if I just visited the URL, it doesnt show any error messages like "Wrong pass" or anything.
I feel like $params may not be setup correctly here. I have tried relentlessly to try to get this to work. I currently have it setup where the setup for $params values are:
formnameofinputvalue=valueToInputIntoFormElement&
where & separates each formInputName=formInputValue
Anyone see what I am doing wrong here? Thank you.
Does the login.php script submit the values to another URL? Check the source for the login.php page and see if the form is submitting to another URL (action= in the form element). If so, you will want to use that URL instead since that is where the values are being submitted. The login.php is only the form to collect the values.
On the other hand, login.php might submit to itself, in which case you have the right URL.
Related
I try to save data from a FORM to file. But when 'submit' to external URL my script doesn't see $_POST array. How to save $_POST which I send not receive.
I can save $_POST data I received (I sent to my script and save as post_array.txt). But I have to send it to external url.
I tried to receive and resend saved $_POST using cURL but I cannot do redirect with $_POST.
So my customer stays on my page but should be redirected to payment page with $_POST data.
html : <form method="POST" action="cert.php">
php : cert.php
file_put_contents('post_array.txt', $_POST, FILE_APPEND);
$url = 'https://sandbox.przelewy24.pl/trnDirect';
$fields =['p24_merchant_id' => $_POST['p24_merchant_id'],
'p24_session_id' => $_POST['p24_session_id'],
'p24_amount' => $_POST['p24_amount'],
'p24_currency' => $_POST['p24_currency'],
'p24_sign' => md5($_POST['p24_session_id'].'|'.$_POST['p24_merchant_id'].'|'.$_POST['p24_amount'].'|'.$_POST['p24_currency'].'|'.$_POST['p24__sign'])];
//open connection
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
// this cURL dosnt have a redirect option coz it doesnt work for me :(
// execute!
$response = curl_exec($ch);
file_put_contents('response.txt', $response, FILE_APPEND);
// close the connection, release resources used
curl_close($ch);
Because cURL doesnt work as expected i want to direct send $_POST do external page. (it works well , but i dont have saved $_POST in my file)
How to save $_POST without sending data to my server/script ?
You can make a redirect with http status 307 developer.mozilla.org/en-US/docs/Web/HTTP/Status/307 In this case also body will be redirected.
Another option is to do it with js, first make a request to you server, receive successful answer and then make second request using js to external URL with POST method. Maybe you will need some hidden form to do it in browser.
I have access a web service via url and I have created a registration page with form to add users to it. There are a couple of issues though. Firstly, it does not seem to work when wrapped in an if (isset($_POST['submit'])) conditional, which means there are some empty variables (as the user hasn't added their information). This results in warnings above the document for an undefined index and a 400 status and a bad request error due to the curl processing without a form submission.
Secondly, whilst I can fill out the form and successfully add a user to the web service, I cannot work out how to redirect the user after a successful curl posting. I tried putting a header('location: 'somepage.php'); after the curl, wrapper in an if statement checking if the username existed but to no avail. They remain on the registration page looking at the now blank form they just submitted.
$headers= array('Accept: application/json','Content-Type: application/json');
$url = "http://thewebsite.com/user";
$fields = array(
'UserName' => urlencode($_POST['UserName'])
);
$fields_json = json_encode($fields);
// open connection
$ch = curl_init($url);
// set the url, number of POST vars, POST data
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_json);
// execute post
$result = curl_exec($ch);
// close connection
curl_close($ch);
Hopefully this isn't too broad a question. Any help would be appreciated. Thanks.
I have created a simple classic ASP script that will take a username and password from a post and create session variables. This script works fine if i use a standard html form and redirect to this page. I have a php site and I want to log users into both websites when they log into the php site. To do this i wanted to add a curl request to the login script in php. This would send the password and username over to the script and create the session variables. The response i get from the curl request would suggest that it worked, but it doesnt seem to be saving the session.
Here is the curl request.
$postinfo = "username=".$username."&password=".$password;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postinfo);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$result = curl_exec($ch);
curl_close($ch);
var_dump($result);
I dont want to paste the full asp script, but this is roughly how it works. The session persists when i login using a html form so i know its working correctly. When the curl request is finished executing it seems that the session variables are populated, but when i visit another page the session does not exist.
'do some stuff with the db to check if the credentials work.
if success = true then
Session("userid") = userid
Session("login") = "good"
Response.Write("Login successful - " & Session("userid"))
else
Response.Write("Login Failed")
end if
When i run the curl request the response is "Login successful - 123". This means not only is the login working, but its also setting the session value. The problem is that when i try to visit the asp site it does not detect any session data.
I have verified that the all links are pointing to https://www.website.com. Both websites are under the same domain name, just 2 different subdirectories/languages. They are both running on the same server.
To start, I am sorry about my english, I am not good writing in English and I got no time to pass through the check spelling. kkk
So, here is the overview of my problem.
I was able to login into an ASPX page with PHP CURL command, sending the post data with all that crazing variables that ASPX request.
My problem is, to send the post data (with user and password) to the Login Page, I must after, send a post data (with some crazy stuff) to the Login Page, to gain access to the page, in other words, I only have access to the Login Page if I send some specify post data (with that crazy stuuf) to page, if I dont send it, I am redirect to the Main Page, not the Login Page.
I was able to do the CURL command to Login Page with the crazy post and get access to the Login Page.
Now, how do I send the Post with the user/password to the Login Page, after send the first crazy post to gain access to Login Page?
Did you guys undestood?
If not, I can try to explain more.
Thanks!!
Rafael
If you want to give the user access to pages that only available after login - you must save COOKIE from login page, and then send them every request. This can be done through the curl.
Get cookie:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
$data = curl_exec($ch);
$header = substr($data, 0, curl_getinfo($ch, CURLINFO_HEADER_SIZE));
$body = substr($data, curl_getinfo($ch, CURLINFO_HEADER_SIZE));
preg_match_all("/Set-Cookie: (.*?)=(.*?);/i", $header, $res);
$cookie = '';
foreach ($res[1] as $key => $value) {
$cookie .= $value . '=' . $res[2][$key] . '; ';
};
curl_close($ch);
Return cookie to another curl request:
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
Hi I am new to php and want to know some alternate function for the header('location:mysit.php');
I am in a scenario that I am sending the request like this:
header('Location: http://localhost/(some external site).php'&?var='test')
something like this but what I wanna do is that I want to send values of variables to the external site but I actually dont want that page to pop out.
I mean variables should be sent to some external site/page but on screen I want to be redirected to my login page. But seemingly I dont know any alternative please guide me. Thx.
You are searching for PHP cUrl:
$ch = curl_init();
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, "http://www.example.com/");
curl_setopt($ch, CURLOPT_HEADER, 0);
// grab URL and pass it to the browser
curl_exec($ch);
// close cURL resource, and free up system resources
curl_close($ch);
Set the location header to the place you actually want to redirect the browser to and use something like cURL to make an HTTP request to the remote site.
The way you usually would do that is by sending those parameters by cURL, parse the return values and use them however you need.
By using cURL you can pass POST and GET variables to any URL.
Like so:
$ch = curl_init('http://example.org/?aVariable=theValue');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);
Now, in $result you have the response from the URL passed to curl_init().
If you need to post data, the code needs a little more:
$ch = curl_init('http://example.org/page_to_post_to.php');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'variable1=value1&variable2=value2');
$result = curl_exec($ch);
curl_close($ch);
Again, the result from your POST reqeust is saved to $result.
You could connect to another URL in the background in numerous ways. There's cURL ( http://php.net/curl - already mentioned here in previous comments ), there's fopen ( http://php.net/manual/en/function.fopen.php ), there's fsockopen ( http://php.net/manual/en/function.fsockopen.php - little more advanced )