I am testing my site for cURL, and I am trying to make cURL "clear the cache", so that the session cookie will be regenerated.
So I have an index.php and a login.php.
I do a POST to index with correct credentials and then get as expected a redirect to login.php.
Then, I try to "clear the cache" and cURL to login.php.
I am expecting to get a 302 (redirect) to index.php, but I get a 200 OK...
I am using these settings to try clear the cache:
$cookiefile = "d://cookie.txt";
curl_setopt($curl, CURLOPT_FRESH_CONNECT , 0);
curl_setopt($curl, CURLOPT_COOKIESESSION, true);
curl_setopt($curl, CURLOPT_COOKIEFILE, $cookiefile);
curl_setopt($curl, CURLOPT_COOKIEJAR, $cookiefile);
curl_setopt($curl, CURLOPT_FRESH_CONNECT , 1);
Thanks!
If you want to clear the cookies, you should unlink the file unlink($cookiefile); And after that, you can login again without the old cookie.
Good lock.
Delete the file whose name is in $cookiefile.
Related
I've got NTLM (Active Directory) based service, and I need to write a PHP application. Normally, users are logging in to website with Activre Directory credentials, and it's ok.
But what I want to do, is to let them type in their credentials to PHP-written site, which in next step will use cURL to authenticate users to that Active Directory based site where they normally log in.
And this part is hard. I need then to keep session of users that through PHP cURL script authenticated to Active Directory based site in order to use them again later
(CRON querying site to determine that it has changed and automatically do some operations when this happens, which normally user has do manually).
In order to NOT store their credentials to authenticate again when this change happens, I somehow need to store NTLM session in PHP cURL site to every user that authenticated to
that site through this PHP cURL site.
My question is: Is that even possible?
Thanks in advance.
#Willem Mulder
The code you've posted actually does cookie-storing, but that is not my point becouse I've already done that (sorry for not writing it before). What I got so far is:
$cookie_file_path = dirname(__FILE__) . '/cookies.txt';
$ch = curl_init();
//==========================================================================
curl_setopt($ch, CURLOPT_USERPWD, $username. ':' . $password);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_MAXREDIRS, 100);
//==========================================================================
$ret = curl_exec($ch);
By using options CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR, cURL does the cookie storing in local file "cookies.txt". The problem is, that when I comment CURLOPT_USERPWD option (after authenticating and storing cookie, so theoretically I have session), I cannot authorize to website. Perhaps it reinitializes NTLM Handshake authorisation and is expecting username and password, which I don't want to store.
I want to store session info only, to provide service this session info and omit second authentication, but cURL seems to not take this data from cookie file, and REWRITES it with not relevant data send to me from service as response to NOT AUTHRORISED access request.
Well, yes you could
$ch = curl_init('http://www.google.com/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// Get headers too with this line
curl_setopt($ch, CURLOPT_HEADER, 1);
$result = curl_exec($ch);
// Get cookie
preg_match('/^Set-Cookie:\s*([^;]*)/mi', $result, $m);
var_dump(parse_url($m[1]));
// And then of course store it somewhere :-)
As seen here how to get the cookies from a php curl into a variable
My cURL session is generating a new cookie everytime I run it.
How can I use the same cookie for different scripts?
My settings:
curl_setopt($curl, CURLOPT_COOKIESESSION, false);
curl_setopt($curl, CURLOPT_COOKIEFILE, $cookiefilename);
curl_setopt($curl, CURLOPT_COOKIEJAR, $cookiefilename);
Thanks!
Have you tried using True?
curl_setopt($curl, CURLOPT_COOKIESESSION, true);
Have you verified that cookies are being written to $cookiefilename?
Are you trying to 're-run' the script within the duration of the cookie(s)?
You are trying to re-use the cookie(s)?
So I have a script that gets passed a URL as a get param, and consequently tries to write the contents of that page to a file. On non-authenticated pages, it works fine, but it breaks when I try to use it on pages that require authentication.
Specifically, these are pages that I have already logged in to, so I assumed making a standard cURL request with all my currently set cookies would work, but it doesn't. Initially, I receive a 302 response, but if I set 'FOLLOWLOCATION' to true, I end up at the site's log-in page instead of the page I wanted.
$client = curl_init();
//curl_setopt($client, CURLOPT_HEADER, true);
curl_setopt($client, CURLOPT_RETURNTRANSFER, true);
curl_setopt($client, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($client, CURLOPT_URL, $pageToLoad);
/* Supposedly libcurl loads all cookies auto-magically if you don't set CURL_COOKIESESSION
if (isset($_SERVER['HTTP_COOKIE'])) {
curl_setopt($client, CURLOPT_COOKIE, $_SERVER['HTTP_COOKIE']);
}
*/
$response = curl_exec($client);
curl_close($client);
I have the sinking feeling that I'll need to set a cookiejar file for this to work ('sinking', because my script doesn't have write permissions on the dev server), but what are your thoughts?
EDIT:
So, being sort of an idiot, turns out I do have some write access... anyway, made a temp folder in my home directory, where I've verified my script can write:
$fname = '/home/temp/cookies.txt';
if( $save = fopen($fname, 'w') ) {
fwrite($save, 'testing');
}
Run the script, and low and behold, 'testing' shows up on line one.
I've added the following 2 lines to my cURL request:
curl_setopt($ch, CURLOPT_COOKIEJAR, '/home/temp/cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, '/home/temp/cookies.txt');
And nothing has changed in my scenario. The cookies.txt file still just says 'testing' and doesn't have any cookies stored in it, nor does the 'last access' time change, which to me means these lines aren't doing anything.
Any further thoughts? I'm kinda stumped :\
Yes, you'll need both the CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR options set. the 'file' version is where to load cookies from. the jar is where cookies should be saved when the curl object is terminated. They can be the same file.
If you don't have write permissions on the server to create an actual file (very odd if you didn't have at least write perms on /tmp or equivalent), you can use a memory file using the php://memory wrapper.
Here's my beloved pattern for tasks like this:
$loginUrl = 'http://www.remote_site.de/login.php';
$loginFields = array('username' => 'username', 'password' => 'password');
getUrl($loginUrl, 'post', $loginFields);
//now you're logged in and a session cookie was generated
$remote_page_content = getUrl('http://www.remote_site.de/some_page.php');
function getUrl($url, $method='', $vars='') {
$ch = curl_init();
if ($method == 'post') {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $vars);
}
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
$buffer = curl_exec($ch);
curl_close($ch);
return $buffer;
}
So I took out the raw cURL code I had and copied in some Zend specific code from a different project, and that seemed to work for the most part (not really sure why...). The only other problems I've run into deal with CoSign (http://cosign.sourceforge.net/) and using proxy cookies. Thanks to those who offered answers!
Im using cURL to post data to a php file (setcookie.php) on another domain.
The file, setcookie.php is supposed to set a cookie on that domain with the data posted to it.
The problem is the cookie doesn't want to be set when im doing it with cURL, because cURL returns to the calling file/domain, i guess.
So how can I make cURL not come back to the calling file?
Or is there an easier way to do this?
Here's my code :
$ch = curl_init ("http://<other domain>/setnewcookie.php");
curl_setopt ($ch, CURLOPT_POST, true);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $datatopost);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, false);
$returndata = curl_exec ($ch);
Here's what you need to do:
$ch = curl_init('http://example.org/setnewcookie.php');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_exec($ch);
For cookies to work with cURL, you need to define both CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE. ALso, if you don't want the content of "http://example.org/setnewcookie.php" to be outputted to the browser, you need to set CURLOPT_RETURNTRANSFER to TRUE.
This will create a cookie on your server that cURL can use for subsequent requests but it won't allow the user of your website for instance to use that cookie. If the intent is for the user to be logged in on both sites, this will not work as-is.
For cross sub-domains (as in between www1.example.org and www2.example.org), have a look at PHP authentication with multiple domains and subdomains.
If you want the cookie to get sent from domain2 to browser, browser needs to make request directly.
So if you must get the information from domain1 and user must not get it directly, I'd somehow encrypt the data and redirect browser to send the request to domain2 like this:
domain1/script.php
$return_url = 'http://domain1/script2.php';
$request_url = 'http://domain2/setnewcookie.php';
$request = $request_url . '?data=' . url_encode($encrypted_data) . '&return_url=' . urlencode($return_url);
header('Location: ' . $request);
exit;
And then in domain2/setnewcookie.php just decrypt the data, set the cookie and once that is done, redirect user back to domain1 with help of the $return_url.
Still not sure if this was what you were trying to accomplish, HTH.
I'm trying to login to megaupload.com using cURL and PHP. What I want to do is login so I have premium access, and then download a file. This the code for my login method:
public function login()
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.megaupload.com/?c=login");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, "username={$this->username}&password={$this->password}&login=1");
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$store = curl_exec($ch);
curl_close ($ch);
}
And this is my index.php:
<?php
include_once("plugins/megaupload.class.php");
$megaupload = new Megaupload("username", "password");
$megaupload->login();
?>
But nothing seems to happen. When I run the script, cookie.txt isn't saved anywhere. I got the POST values from Firebug:
login=1&password=password&redir=1&username=username
This is what's being sent through the form when I log in using their site. And yeah, the username and password is correct.
Thanks for any help!
EDIT: Okay, it seems it is actually logging in as I can access my account page, which I wouldn't be able to unless I'm logged in. But that still doesn't solve where the cookie.txt file is being saved...
You need to make sure the directory where you're trying to store the cookie is world-writable.
Also, you should use an absolute path (setup a separate folder outside of your webroot, if you're able), and ensure proper permissions.
You should also set the CURLOPT_COOKIEFILE option:
url_setopt($ch, CURLOPT_COOKIEFILE, ABS_PATH_TO_COOKIE_TXT);
It might be this error:
http://www.renownedmedia.com/blog/php-curl-cookies-not-saving-on-windows/
It seems CURLOPT_COOKIEJAR option have some problems with relative urls. Try setting an absolute path:
curl_setopt($ch, CURLOPT_COOKIEJAR, realpath("cookie.txt"));