I'm trying to get the source of a file using PHP and the file_get_contents function.
The problem is that the website requires a login. I thought that this could be bypassed by logging into the site first and then use the file_get_contents function but this is not the case. The page that the function returns is the login page.
This is the code:
<?php
if (isset($_GET['getroster'])){
$file = stripslashes(file_get_contents('https://intranet.hlf.de/custom/cddTUB.asp?show=1'));
print ($file);
}
?>
As you can see when running this function, or when going to the url, it requests a username, password and company from a dropdown list.
Is it possible to pass these values to the page by using this or any other PHP function. Or maybe doing it in a totally different way?
The cookies in your browser, and the cookies can be sent with PHP are completely unrelated.
Using curl you can set the options CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE to specify a file in which cookies should be stored and loaded from.
Doing that you will first have to make a request that does the login (this will get you the cookie). Next you can do the request you wanted to do as a logged in user (because now curl has the cookies).
You have to send the correct cookies. If you can use curl, then the script on this page should help. You can also take a look at this SO question (it's slightly different from your case since it's reusing browser cookies to make the request).
Any change you could post an example of how to do that Daniel?
There wouldn't be an option of creating a login like form which sents the user information to the page to login automatically?
Read something about the stream_context_create function which could do a login by sending header information but I really wouldn't where to start. The examples posted about that only give username and password but I ofcourse have a third option to post to the authentication page!
Related
I posted this question earlier but it was misinterpreted by those reading it and was closed before I had time to clarify. If you don't understand what I mean, please ask!
I have a site, let's call it "site A". On "site A", there is a log in page. On this page, you POST a username and password to a PHP script. If the login details are correct, the PHP script sets a cookie on the browser. This cookie is called "SESSION".
When you view the site, it checks whether "SESSION" is valid, and displays either the information or the login page.
I want to connect to the page via PHP and POST the login details. I then want to store the "SESSION" cookie via PHP, and display the contents of the page (again, via PHP).
How would I do this?
You can use PHP as a web client as well. You can use the cUrl library to make requests from PHP.
You can use setopt to set all kinds op options for your cUrl session, including POST (CURLOPT_POST) and the POST variables (CURLOPT_POSTFIELDS), but also choose a kind of authentication (CURLOPT_HTTPAUTH) in case the site doesn't use normal post for this.
I found an example that might be useful here: http://davidwalsh.name/curl-post, although you can find many other examples by Googling for something like 'php curl post'.
Much like the question asked in Detect if cookies are enabled in PHP and Check if cookies are enabled I'd like to know if cookies are enabled.
I am, however, trying to make this as transparent as possible for the user and as such I'm not interested in having some "cookietest=1" parameter appended to my URL.
I know I can just redirect back to the page the user originally entered, unset "cookietest=1" GET parameter and just tell the original page if cookies are disabled or not through sessions, but...
I'm currently using CodeIgniter and don't want to mess up CodeIgniter sessions, hence not using PHP sessions to store the cookie enabled/disabled state.
I'm actually not sure if using PHP sessions will mess up CodeIgniter sessions, but even if it doesn't I'm still interested in knowing if there is some ingenious solution out there, that can do the cookie check without setting a GET parameter or using sessions (redirect are fine, however)?
Update
Seems I need to clarify a little bit:
I want to know if cookies are enabled client side. I've already tried the method described in the questions I linked to, i.e.:
Set cookie.
Redirect to either a check cookie PHP page or the same page with a "cookietest=1" GET parameter.
See if the cookie is still set: If yes => Hooray, cookies are working!, otherwise => Boo, cookies are disabled.
The thing I'm asking is whether or not it's possible to do this without setting the GET parameter (because this becomes visible in the URL). The answer to that question is "Yes, if you use PHP sessions".
My next question is then: Is it possible to do without setting the GET parameter AND without using PHP sessions?
Basics: You can't know if a user has or not enabled cookies until you send one cookie to the client and you recive the same from him.
So the flow:
Client Request
Server Response (+ cookie)
Client Request (+ cookie)
can't be avoided from any way
You can track if cookies are enable using some test request (ajax, image, etc)
For example you can use a simple 1px image or any logo image served from your php script and you can track if cookies are enabled or not.
So the flow is now:
Client Request
Server Response HTML (+ cookie)
Client Request remote page resources (js, img, css) (+ cookie)
Server Response with page resource requested
Something like
<?php
// domain.com/some.js
if (isset($_COOKIE['test']))
$_SESSION['cookies_enabled'] = true;
echo <<JS
<someJS code or nothing>
JS;
?>
I looked into this a LOT a while ago and it seemed every way had its flaws. One thing I took into account as well was how the cookie check would work if the user were to update the page or go back to the page via the back button.
Apparently, for the server to see whether the client accepts cookies or not the client has to send an additional HTTP request after the server has attempted to set a cookie, in which the server looks for a cookie header indicating that the client accepts cookies (no header = cookies not accepted). This additional request can be a redirect to another page (see the usual method with a $_GET parameter acting as a flag saying if an attempt to set the cookie has taken place or not) but the important thing is really that it's just another HTTP request. What I ended up doing was wrapping my entire page in a HTML FRAMESET:
<?php
setcookie('test', 1, time() + 3600);
echo '<HTML>
<HEAD>
<TITLE>
</TITLE>
</HEAD>
<frameset rows="100%" cols="100%">
<frame src="next.php">
</frameset>
</HTML>';
?>
...then in the additional HTTP request for next.php I know that there will be a cookie header included in the request if the client has accepted cookies and therefore I don't have to use a $_GET parameter as a flag indicating this. Next.php thus looks like:
<?php
if(count($_COOKIE) > 0){
//Set some variable that indicates to the rest of the script that cookies
//are enabled.
}
else {
//Set some variable indicating that cookies are disabled
}
//Output the rest of the script and HTML code to be displayed
?>
I thought about doing the same thing but sending the additional HTTP request from an IMG tag instead of a FRAMESET but I ran into trouble as to how I would indicate to the parent script via an image whether cookies were set or not and therefore I ended up doing it this way. The ONLY flaw I see in this method is that if the user right-clicks inside the frame and choose to update only the frame (not the entire page) then the frame will falsely claim that cookies are disabled but compared to the downsides of all the other ways, I thought that was acceptable.
EDIT: I should also add that I made a point out of doing this without Javascript as well.
I would use php.ini settings to find such things out.
Maybe like this:
if (ini_get("session.use_cookies") == 1) {
print "cookies enabled";
}
While you could just check if php has cookies enabled a very simple test would be to just set a cookie and then try to read it.
If you successful read it, it worked.
This would also inform you if the client disallows cookies.
I am trying to use cURL to login to a site without a login form. To login, you have to go to:
example.com/index.php?version=1.74&premium=true&user=USERNAME&password=PASSWORD&model=iPhone&sv=5.0.1
Honestly, I have no idea where to start. I've gone through many cURL articles and none explains doing a login without a form.
A form has fields. It also has a HTTP method (usually POST).
In that case, it seems that the data is being posted by the GET method (as query strings in the URL).
You just have to build that URL (look for the http_build_query() built-in function) and request it using regular CURL calls. Most probably, you'll also need to accept (and keep sending) the cookie with the session information the server sends you. For that you'll need to set the CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE values using curl_setopt().
I'm trying to download a page, reddit.com/gold, one has to be logged in to access it, so my first instinct was to use curl in order to post the login form data and log in.
I came this far: http://pastie.org/3387061
The script outputs the page that is presented to you if you're not logged in, so I'm fairly certain it isn't working as it should.
Here's the login form, if that's needed (I de-minified it): http://pastie.org/3387065
Thanks for reading and for any help.
Make sure you use the same value for CURLOPT_COOKIEJAR on both requests and also add an option CURLOPT_COOKIEFILE with the same value.
try using chrome inspector to login and see what actual POST vars are being sent, there might be something you've missed
I have looked at some examples and they use Curl in php etc but I just want a simple command that passes my credentials to a site so it can login and give me access to download a file. Current problem is when I try to use get_contents I get stuck at login page because it needs a login before it can allow a download so isnt there a way to send my login info before get_contents in php? Thanks
for example we can assume the website is located at www.confluence.com
You're out of luck. file_get_contents() can only get content, hence the name. You can try to authenticate via the get syntax for standard authentication, like http://username:password#example.com.
If you have to post your credentials via HTTP POST, you'll have to use curl.
The problem is that when you log in the server send to your browser a cookies that your browser automatically stores.
With file_get_content() you can actually pass cookies ( the third context parameter of file_get_content() can handle this).
Have a look at stream context create.
By the way, you need to first send your login info to the login page (with curl), when you recive cookies back, pass them as option to file_get_content() and the trick is done.
If the server is using a login system different from cookies let us know, so we can help you