I have a server that prompts for http authentication before it gives personalized json results.
How can I write a php script that runs on another box to prompt for the auth, pass it along and pull the results?
Just create a HTML form with login and password inputs, and then retrieve data with cURL.
$curl = curl_init('http://example.com/api');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_USERPWD, $_POST['login'].':'.$_POST['password']);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
$response = curl_exec($curl);
If you want to be more "interactive" try to add some AJAX stuff.
make sure this is going with SSL. otherwise, anyone could hijack your unencrypted credential.
Change USER:PASS to be the username and password, and change the URL to your URL. The return value is in $jsonStr.
// create a new cURL resource
$ch = curl_init();
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, "http://www.example.com/");
// Puts return in variable rather than the browser
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "USER:PASS");
// grab URL and pass it to the variable
$jsonStr = curl_exec($ch);
// close cURL resource, and free up system resources
curl_close($ch);
Related
The documentation says like this:
curl —X POST -c cookies.txt —d "login=demo&password=demo42" https://www.myadcash.com/console/login_proxy.php
Output will be:
{"token":"6333531373034343433623663646836383165693937383167373264323334663"}
My current code
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("login"=>"demo","password"=>"demo42"));
curl_setopt($ch,CURLOPT_URL,"https://www.myadcash.com/console/login_proxy.php");
curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__) . 'cookies.txt');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
No JSON response is showing. Although the text file is saving. Please help me to find right direction. Also if there is any error in the code, please let me know.
-d "login=demo&password=demo42" means data field, thats why pass as post fields not headers.
Therefore these two lines in your curl
curl_setopt($ch, CURLOPT_POST, 1); //Optional
curl_setopt($ch, CURLOPT_POSTFIELDS, "login=demo&password=demo42");
and you must get output.
On the basis of documentation, credentials must be post fields not header that's why no need to put login and password on header.
You don't need
curl_setopt($ch, CURLOPT_HTTPHEADER, array("login"=>"demo","password"=>"demo42"));
I am trying to access a page, say http://www.domain.com/profile. The action and login urls are the same, and I am trying to save cookies to http://www.example.com/cookies.txt for authentication. Here is the code I'm using:
$loginURL = 'http://www.domain.com/login';
$COOKIE_FILE = 'http://wwww.example.com/cookies.txt';
$postValues = array(
'username' => 'myusername',
'password' => 'mypassword'
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $loginURL);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postValues));
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_COOKIEJAR, $COOKIE_FILE);
curl_setopt($curl, CURLOPT_USERAGENT, 'Chrome/35.0.2309.372');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_REFERER, $loginURL);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_exec($curl);
if(curl_errno($curl)){throw new Exception(curl_error($curl));}
// now we are logged in, attempt to access a password-protected page
curl_setopt($curl, CURLOPT_URL, 'http://www.domain.com/profile');
curl_setopt($curl, CURLOPT_COOKIEJAR, $COOKIE_FILE);
curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
echo curl_exec($curl);
It seems like the curl requests are successful, but I am getting echoed a page from the server saying "Unauthorized Access". I don't think my cookies system is working correctly? How can I check that? How do I fix it?
Set CURLOPT_COOKIEFILE to same path as CURLOPT_COOKIEJAR. curl reads from file and writes to jar.
ETA: One likely reason your script doesn't work is that you don't send the cookie data from the first request in the second request.
So the actual answer was that the login was through CAS, which necessitates a much more complicated authentication process. However, my code above was improperly using CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR, so after I made those fixes I discovered I needed a rework of the approach.
So I'm using cURL to log into a website here, and spoofing the user agent. I have two constants: one called IOS that is an iOS user agent, and one called CHROME that is a Chrome user agent. Here is the code to log in:
public function signIn($username, $password)
{
$url = "https://www.site.net/post/Index.page";
$cookie = "cookie.txt";
$postdata = "screenName=$username&kclq=$password&submitEvent=1&TCNK=authenticationEntryComponent&enterClicked=true&ajaxSupported=yes";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_USERAGENT, IOS);
curl_setopt($ch, CURLOPT_TIMEOUT, 200);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIE, 1);
curl_setopt($ch, CURLOPT_COOKIESESSION, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_REFERER, "https://www.site.net/Index.page");
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_POST, 1);
$result = curl_exec($ch);
curl_close($ch);
}
In subsequent requests, I would like to change the user agent from IOS to CHROME, and it doesn't seem to work (I change to CHROME and the website still serves up a mobile page). When I run this request:
curl -L -X POST -b "cookie.txt" --user-agent " . CHROME . " https://site.net
It does not serve up a desktop site, but a mobile one. Is it possible to change the user agent while logged in?
The server is detecting your visit based on cookie also. So at the first line inside the function signIn() either empty the cookie file, or delete it.
For example:
file_put_contents($cookie, "");
or delete it, curl will create a new one:
unlink($cookie);
The website seems to be saving the user agent as a global session variable upon logging in. In that case, no, changing the user agent in a later curl request will not change the user agent in the session variable.
I'm using the following commands to read a remote XML file in a PHP web page:
$url = 'http://www.examplesite.com/xml';
$xml = simplexml_load_file($url);
Unfortunately, the site uses digest authentication and a username/password box normally pops up and requires me to log into the site. It does not work to embed my username and password in the URL itself (like http://USER:PASSWORD#examplesite.com/), nor is this very secure.
How do I authenticate (in PHP) to get the XML file?
function get($url, $user, $pass) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$res = curl_exec();
curl_close($ch);
return $res;
}
You can do this with cURL. Note that first 3 curl flags - forbid reuse, fresh connect, follow location, are probably not needed but may be required in some cases(a 302 post auth etc.).
I have a problem with my requests with cURL.
I want to log-in, it works. I want to conserve the cookie to keeep the connexion available, it works.
$lien = 'https://thewebsite.com';
$postfields = array(
'username' => 'test123',
'password' => 'test123'
);
$path_cookie = 'connexion.txt';
if (!file_exists(realpath($path_cookie))) touch($path_cookie);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $lien);
curl_setopt($curl, CURLOPT_COOKIESESSION, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postfields);
curl_setopt($curl, CURLOPT_COOKIEJAR, realpath($path_cookie));
$return = curl_exec($curl);
echo($return);
curl_close($curl);
Second part :
$lien2 = 'https://thewebsite.com/myaccount';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $lien2);
curl_setopt($curl, CURLOPT_COOKIESESSION, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postfields);
curl_setopt($curl, CURLOPT_COOKIEFILE, realpath($path_cookie));
$return = curl_exec($curl);
echo realpath($path_cookie);
curl_close($curl);
But when I want to make an other requests, it won't work, the output is :
Object moved to here.
Here is the page of the login (https://thewebsite.com) ...
So the connexion doesn't stay available and the server has been kicked out when I try to achieve the second curl command.
Any one can help me please?
Maybe the first request isn't complete before the second one, how can I make a pause between the 2 requests? (sleep won't work)
Taken from php documentation:
CURLOPT_COOKIESESSION:
TRUE to mark this as a new cookie "session". It will force libcurl to ignore all cookies it is about to load that are "session cookies" from the previous session. By default, libcurl always stores and loads all cookies, independent if they are session cookies or not. Session cookies are cookies without expiry date and they are meant to be alive and existing for this "session" only.
So in other words, remove CURLOPT_COOKIESESSION from your second part code and your code should work.