I want to login via curl and maintain the cookies and session information for further calls.i have created cookie text file in the same directory and used the CURLOPT_COOKIEJAR ,CURLOPT_COOKIEFILE to maintain the cookie in CUL. whenever i had try to call login api it take the old cookie and show the previous user information. i need to maintain different user cookies and maintain session like normal browser handle. how to do that. any one give idea to do it.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_HEADER,0); // TRUE to include the header in the output.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // it will follow with server redirects
curl_setopt($ch,CURLOPT_AUTOREFERER,1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);//ssl certificate verifyer
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); //ssl certificate host
// Set the location of and send the cookies
curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__) . "/cookies.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__) . "/cookies.txt");
curl_setopt( $ch, CURLOPT_COOKIESESSION, true );
$result = curl_exec($ch); //execute curl and store data in result
You can modify
dirname(__FILE__) . "/cookies.txt"
Into something like
dirname(__FILE__) . '/user_cookies/' . $username . '.txt'
You will need to sanitize username for that line so that it will not contain any invalid characters.
Also, set /user_cookies/ permissions to something like 777.
This way you won't need to check if user has cookies or not. If not, the file will be created. If user has them, existing file content will be used.
You could also store cookies in database, but that's way more complicated.
Related
I have a php proxy server to which email and password are posted on the beginning (login). I then use
$ch = curl_init($url);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $myvars);
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookieJar);
curl_setopt( $ch, CURLOPT_HEADER, 1);
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1);
to post forward to some API that expects certain parameters. As you can see I save a cookie in a cookie jar file.
I can then use this cookie file to call any other requests to proxy -> API and successfully get the response. Everything works just fine. I use
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookieJar);
to make other requests after user successfully signed in.
The problem is that only one user can login(and call other requests) at the time, because there is only one cookie jar file. I could probably generate unique cookie files on proxy and access them somehow with each new request by each user. But that is a load on the server and definitely not a good idea.
So what I would like to do is to save a cookie that is received into variable instead of a file and then send this to user...
This didn't work for me unfortunately; I can probably manage to write my own regex but I am wondering if there is a possibility to directly save a cookie into variable with curl or do I have to parse headers manually? (I want to be able to feed CURLOPT_COOKIEFILE with cookie in variable rathen than cookie in file)
Lets try this with a single curl handle($ch):
Making my first request:
$url= "http://www.google.com";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, '-'); // <-- see here
$result = curl_exec($ch);
// remember i didn't close the curl yet!
Now make another curl request with the same handle:
$url= "http://www.google.com";
curl_setopt($ch, CURLOPT_URL,$url);
$result = curl_exec($ch);
// if you are done, you can close it.
curl_close($ch);
In this example, I have used the - for the cookiejar. Which means it will not use any file. So during second curl request, it will use the cookiejar of previous call.
One problem: It will print the cookie jar values into std-output.
I've got NTLM (Active Directory) based service, and I need to write a PHP application. Normally, users are logging in to website with Activre Directory credentials, and it's ok.
But what I want to do, is to let them type in their credentials to PHP-written site, which in next step will use cURL to authenticate users to that Active Directory based site where they normally log in.
And this part is hard. I need then to keep session of users that through PHP cURL script authenticated to Active Directory based site in order to use them again later
(CRON querying site to determine that it has changed and automatically do some operations when this happens, which normally user has do manually).
In order to NOT store their credentials to authenticate again when this change happens, I somehow need to store NTLM session in PHP cURL site to every user that authenticated to
that site through this PHP cURL site.
My question is: Is that even possible?
Thanks in advance.
#Willem Mulder
The code you've posted actually does cookie-storing, but that is not my point becouse I've already done that (sorry for not writing it before). What I got so far is:
$cookie_file_path = dirname(__FILE__) . '/cookies.txt';
$ch = curl_init();
//==========================================================================
curl_setopt($ch, CURLOPT_USERPWD, $username. ':' . $password);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_MAXREDIRS, 100);
//==========================================================================
$ret = curl_exec($ch);
By using options CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR, cURL does the cookie storing in local file "cookies.txt". The problem is, that when I comment CURLOPT_USERPWD option (after authenticating and storing cookie, so theoretically I have session), I cannot authorize to website. Perhaps it reinitializes NTLM Handshake authorisation and is expecting username and password, which I don't want to store.
I want to store session info only, to provide service this session info and omit second authentication, but cURL seems to not take this data from cookie file, and REWRITES it with not relevant data send to me from service as response to NOT AUTHRORISED access request.
Well, yes you could
$ch = curl_init('http://www.google.com/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// Get headers too with this line
curl_setopt($ch, CURLOPT_HEADER, 1);
$result = curl_exec($ch);
// Get cookie
preg_match('/^Set-Cookie:\s*([^;]*)/mi', $result, $m);
var_dump(parse_url($m[1]));
// And then of course store it somewhere :-)
As seen here how to get the cookies from a php curl into a variable
I have below curl code to GET.
<?php
function get_content($URL){
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_URL, $URL);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
echo get_content("http://www.domain.com/cool.php");
?>
I have used http headers and cookie looks like below
xidseq:22
xid:b05f251c-8a72-4c2b-a230-e03b9c5c87b7&&BAYIDSAMFE1C013&343
data:dsfsfssdss
I need to send GET request to http://www.domain.com/cool.php with some cookies.
how do i put the cookie in cookie.txt ?? is there any specific format for cookies..or just posting it works ?
If script above doesn't work try:
curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__) . '/cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__) . '/cookie.txt'); /* make sure you provide FULL PATH to cookie files*/
Check file permissions and ownership on dirname(__FILE__) . '/cookie.txt' . Make sure file is writable.
To put the cookie in cookie.txt you need to visit certain web page that contains them - only server side cookies you can fetch with cURL, javascript cookies is not reachable vie cURL, at least not directly.
If you want to create cookies manually for your GET request, read about Netscape cookies format or - best way, save some 'real website' cookies via CURLOPT_COOKIEJAR to see and understand format.
I have a cURL script that is sending login info to a script.
//open connection
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url;
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields1);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
//open connection
The script has a setcookie function.
setcookie("cookie_email",$email,time()+(3600*24*$i),"/");
setcookie("cookie_password",$password,time()+(3600*24*$i),"/");
When I login to the form using the form everything works as expected. For some reason when you run the cURL it's skipping the setcookies function.
I've been all over the net and I can't find a solution. I'm not sure why it's failing to set the cookies.
Any step in the right direction would be much appreciated.
Thanks,
Phil
UPDATE! - Getting Closer
Okay I have made some changes that grab cookies and put them into a cookie file. Two Issues I set.
1. The cookied password in the file reads: deleted
2. The cookies aren't being set in the browser.
How do I get the md5($password) into the file and how does:
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies/cookies.txt');
set the cookies in the browser?
You must set the CURL_COOKIEJAR and CURL_COOKIEFILE options for curl to set where cookies should be stored and loaded from respectively.
EDIT: Your example rewritten:
//open connection
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url;
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields1);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies/cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies/cookies.txt');
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
This assumes you have created a directory 'cookies/' and will save the cookies in a file called 'cookies.txt' (as long as your webserver can write to that directory, it will create the file itself)
Subsequent requests will then use any cookies stored in cookies.txt when sending their request (assuming you set the cookiefile for that request as well)
Im using cURL to post data to a php file (setcookie.php) on another domain.
The file, setcookie.php is supposed to set a cookie on that domain with the data posted to it.
The problem is the cookie doesn't want to be set when im doing it with cURL, because cURL returns to the calling file/domain, i guess.
So how can I make cURL not come back to the calling file?
Or is there an easier way to do this?
Here's my code :
$ch = curl_init ("http://<other domain>/setnewcookie.php");
curl_setopt ($ch, CURLOPT_POST, true);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $datatopost);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, false);
$returndata = curl_exec ($ch);
Here's what you need to do:
$ch = curl_init('http://example.org/setnewcookie.php');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_exec($ch);
For cookies to work with cURL, you need to define both CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE. ALso, if you don't want the content of "http://example.org/setnewcookie.php" to be outputted to the browser, you need to set CURLOPT_RETURNTRANSFER to TRUE.
This will create a cookie on your server that cURL can use for subsequent requests but it won't allow the user of your website for instance to use that cookie. If the intent is for the user to be logged in on both sites, this will not work as-is.
For cross sub-domains (as in between www1.example.org and www2.example.org), have a look at PHP authentication with multiple domains and subdomains.
If you want the cookie to get sent from domain2 to browser, browser needs to make request directly.
So if you must get the information from domain1 and user must not get it directly, I'd somehow encrypt the data and redirect browser to send the request to domain2 like this:
domain1/script.php
$return_url = 'http://domain1/script2.php';
$request_url = 'http://domain2/setnewcookie.php';
$request = $request_url . '?data=' . url_encode($encrypted_data) . '&return_url=' . urlencode($return_url);
header('Location: ' . $request);
exit;
And then in domain2/setnewcookie.php just decrypt the data, set the cookie and once that is done, redirect user back to domain1 with help of the $return_url.
Still not sure if this was what you were trying to accomplish, HTH.