I'm trying to post pin and number of giftcard to BarnesAndNoble site to get the available balance. (we are a company buying gift cards from people, and we need to verify the balance)
https://cart2.barnesandnoble.com/gc/gc_ViewBalance.asp
The weird thing is that, the content returned is the original page (not the resulted page where it should say the pin&number entered are invalid, or should return an amount)
I wonder why it doesn't work, the code is pretty straight forward
$ch = curl_init();
$formUrl = 'https://cart2.barnesandnoble.com/gc/gc_ViewBalance.asp ';
$ckfile = __DIR__.'\cookie.txt';
curl_setopt($ch, CURLOPT_URL, $formUrl);
curl_setopt($ch, CURLOPT_REFERER, $formUrl);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
$urldata = parse_url($formUrl);
$headers = array("Host: ".$urldata['host']);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
// tried this as well
//curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."/GTECyberTrustGlobalRoot.crt");
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
//curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
//curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // return content as a string
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
$content = curl_exec($ch);;
To answer my own question:
PHP curl resets content-length if CURLOPT_POST is set with curl_setopt_array?
Long answer: read the above link
Short answer: pass the query string into CURLOPT_POSTFIELDS instead of an array (I used array in the above $post)
Related
first time here, and I need help, please!
I have two functions that do different things. The first, only do a login in an external website, and its working fine. In the second fuction, I need to do a POST with the login saved from the first. I use the CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE with the same path in both functions, but when I print what I'm sending in each function with var_dump(curl_getinfo($ch)), the cookie only shows in the first one, and not in the second, causing a 401 Unauthorized Server as a result of the second function.
<?php
$cookie_path = dirname(__FILE__).'/cookie.txt';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $login_conf['login_url']);
curl_setopt($ch, CURLOPT_REFERER, $login_conf['referer_header']);
curl_setopt($ch, CURLOPT_POST, 1 );
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, TRUE );
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_path);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_path);
$html = curl_exec($ch);
?>
Thats basically the content of the login function, and this:
<?php
$cookie_path = dirname(__FILE__).'/cookie.txt';
$ch2 = curl_init();
curl_setopt($ch2, CURLOPT_URL, $purge_conf['request_url']);
curl_setopt($ch2, CURLOPT_REFERER, $refheader_submit);
curl_setopt($ch2, CURLOPT_POST, 1 );
curl_setopt($ch2, CURLOPT_POSTFIELDS, $query_purge);
curl_setopt($ch2, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch2, CURLOPT_HEADER, TRUE );
curl_setopt($ch2, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: '.strlen($query_purge))
);
curl_setopt($ch2, CURLINFO_HEADER_OUT, true);
curl_setopt($ch2, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch2, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch2, CURLOPT_COOKIEJAR, $cookie_path);
curl_setopt($ch2, CURLOPT_COOKIEFILE, $cookie_path);
$html_purge = curl_exec($ch2);
?>
Is the other one, that I need to sent a json post to other page, for witch I need to keep the login and cookie.
I dont know if I am doing something wrong, or if I am missing something.
I have the following PHP code:
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://10.0.0.99/api/login");
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "somethingsomething");
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: text/plain',
'Content-Length: 18')
);
$cookie = curl_exec($ch);
curl_setopt($ch, CURLOPT_URL, "https://10.0.0.99/api/getcmds");
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_COOKIE, "cookie=".$cookie);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "");
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: text/plain',
'Content-Length: 0')
);
$response = curl_exec($ch);
$json = json_decode($response, true);
curl_setopt($ch, CURLOPT_URL, "https://10.0.0.99/api/cmd/" . $json["value"]);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_COOKIE, "cookie=".$cookie);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "on");
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: text/plain',
'Content-Length: 2')
);
curl_exec($ch);
curl_close($ch);
The first call to curl_exec posts the string as expected and returns the response. Second call also works as expected.
The third call however doesn't post the string "on" to the server. It correctly gets the returned data (which, without the "on" is an error), but the server never receives the posted data.
The code itself is running on PHP 5.5.30 in the command line using the -f flag. Curl Verbose mode is showing that the Content-Length is beeing set correctly, however it doesn't show anything about posted data. The rest of the post seems to be correct, it's just that no data arrives.
(PS: This is not supposed to be production code, just something I'm playing around with, so please no comments about code quality/security.)
You can try closing the connection and then starting again for a new call/request. I personally do this thing.
From php.net docs on cURL: PHP: curl_setop
As for CURL_POSTFIELDS:
This parameter can either be passed as a urlencoded string like 'para1=val1¶2=val2&...' or as an array with the field name as key and field data as value.
In your case, you set an empty variable $_POST['on']. If you want it to have some particular value:
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "on=value");
I am trying to build a cURL request to download a pdf. I am getting the "Error:Maximum (100) redirects followed" error and believe it is due to a cookie issue. Here's the relevant code from my cURL request:
$cookie_file = "/home/mrpeanut/php/cookie.txt"
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSLVERSION, 4);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, implode(':', $arrayCiphers));
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 100);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);
curl_setopt($ch, CURLOPT_COOKIEJAR, realpath($cookie_file));
curl_setopt($ch, CURLOPT_COOKIEFILE, realpath($cookie_file));
And have also tried CURLOPT_COOKIEJAR, '-' (from here), all without luck. The pdf downloads just fine using a browser. However, it downloads even if I disable all cookies using the Web Developer toolbar (so maybe that's not my true issue?).
You need to send CURLOPT_COOKIE with the value of your PHPSESSID. That is how the server is going to identify the cookie.
You should add this
curl_setopt($ch, CURLOPT_COOKIE, 'PHPSESSID=' . $_COOKIE['PHPSESSID'] . '; path=/');
I'm trying to login into twitter with php + curl, but I think there's something wrong with my request because I get this as response:
Something is technically wrong.
Thanks for noticing—we\'re going to fix it up and have things back to
normal soon.
The php code I'm using is:
<?php
$ch = curl_init($sTarget);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $sPost);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $_CKS);
curl_setopt($ch, CURLOPT_COOKIEFILE, $_CKS);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-type: multipart/form-data"));
curl_setopt($ch, CURLOPT_REFERER, "https://twitter.com");
?>
$sPost looks like this:
session[username_or_email]=user&session[password]=password&remember_me=1&scribe_log=&redirect_after_login=&authenticity_token=6e706165609354bd7a92a99cf94e09140ea86c6f
The code first fetches the login form fields so that the post variables do have the proper values(auth token). I just tried about everything and yes I know there's an api for this but I'd rather find out how to do it manual for learning's sake.
Thanks in advance.
The CURLOPT_COOKIESESSION is used to indicate a new session. That's not what you want, since you need to send the session cookie in the second post.
I got the twitter login to work with this code:
<?php
# First call gets hidden form field authenticity_token
# and session cookie
$ch = curl_init();
$sTarget = "https://twitter.com/";
curl_setopt($ch, CURLOPT_URL, $sTarget);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookie.txt");
curl_setopt($ch, CURLOPT_REFERER, "https://twitter.com/");
$html = curl_exec($ch);
# parse authenticity_token out of html response
preg_match('/<input type="hidden" value="([a-zA-Z0-9]*)" name="authenticity_token"\/>/', $html, $match);
$authenticity_token = $match[1];
$username = "your#email.com";
$password = "password";
# set post data
$sPost = "session[username_or_email]=$username&session[password]=$password&return_to_ssl=true&scribe_log=&redirect_after_login=%2F&authenticity_token=$authenticity_token";
# second call is a post and performs login
$sTarget = "https://twitter.com/sessions";
curl_setopt($ch, CURLOPT_URL, $sTarget);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $sPost);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-type: application/x-www-form-urlencoded"));
# display server response
curl_exec($ch);
curl_close($ch);
?>
PS: Sorry for not reading your post properly the first time.
I noticed two things:
1) Try to URL encode your POST data
such as:
session%5Busername_or_email%5D=user&session%5Bpassword%5D=password...
instead of:
session[username_or_email]=user&session[password]=password...
2) twitter has a hidden field named authenticity_token in the login form. It is bound to the session. Thus you cannot use a static authenticity_token, you have to read the login form first and use the authenticity_token field from there.
Hope that helps.
I'm trying to make an voip call with PHP CURL and MEGAVOIP.
The problem is i can't manage the session to access the page protected by a password.
I looked which variables are posted to the login page to post it with Curl.
But my code doesn't work.
Following Colin Morelli and Waygood's advices, I just added those lines in both commands:
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies_file);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies_file);
but it's still the same:
Megavoip returns: SESSION EXPIRED
So here is my full code:
<?php
ini_set("display_errors", 1);
$username="***";
$password="***";
$url="https://www.megavoip.com/login";
$url2="https://www.megavoip.com/phone_to_phone/";
$timeout = 10;
$cookies_file = 'cookies.txt';
// HERE I GET THE TOKEN
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies_file);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies_file);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
$content = curl_exec($ch);
preg_match_all('/<input[^>]+>/i',$content, $result);
preg_match_all('/(id|value)=("[^"]*")/i',$result[0][5], $img);
$img1=str_replace('"', '', $img[0][0]);
$img2=str_replace('"', '', $img[0][1]);
$img1=substr($img1,3);
$img2=substr($img1,6);
$postdata = "login%5Busername%5D=".$username."&login%5Bpassword%5D=".$password."&page_referrer=login&".$img1."=".$img2;
// HERE I SEND THE VARIABLES
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies_file);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies_file);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
$content = curl_exec($ch);
// IF LOGGED HERE I'LL MAKE THE CALL
curl_close($ch);
echo $content;
exit;
?>
Any ideas to help me?
This is a test account so feel free to use my login and password if you want to have a look on this and help me!
Thank you a lot in advance.
Ok you need to forward the cookie/session after login,
you need to first extract the cookie from Header after login like following
// HERE I GET THE TOKEN
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
.... ....
.... ....
$content = curl_exec($ch);
preg_match('/^Set-Cookie:\s*([^;]*)/mi', $content, $m);
parse_str($m[1], $cookies);
$cookie = $cookies['NAMEOFCOOKIEUNEEDHERE'];
After that need to use $cookie variable in curl options like that
// HERE I SEND THE VARIABLES
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIE, 'NAMEOFCOOKIEUNEEDHERE='.$cookie);
I hope your problem will be resolved.
Thanks
Moin