login to https website using php curl

[hisoka]

<?php$password="xxxxxxx";$username="yyyyyyy";$url="https://www.examples.com/index.php";$ch = curl_init();curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);$output = curl_exec($ch);echo $output;curl_close($ch);?>

 

I changed the xxx by the real password , the yyy by the real username and I put the real url but I could not login to the website . please help

Edited June 10, 2015 by hisoka

[justsomeguy]

Is that a website that uses HTTP basic authentication?

[hisoka]

does the URL name of the website matter ? I prefer not to mention the URL name of the website this is why I replaced it with https://www.examples.com/index.php . I already , indirectly , referred that it is not the real URL name of the website . Something is wrong or missing in the little script above . I do not know what is exactly the problem.

[justsomeguy]

The URL doesn't matter, the question is whether the site uses HTTP basic authentication, which is what you are trying to use. That is when the browser will pop up a dialog box asking for a username and password. If you are talking about a website that has a login form on the page, that is not HTTP authentication.If you want to see what HTTP authentication looks like, go to this page and scroll down to the Example 10 box, and run that example.http://www.httpwatch.com/httpgallery/authentication/

[hisoka]

First , thank you very much to correct me and to wake me up to something I ignore . Now I know at least that HTTP basic authentication is not form based authentication

 

"If you are talking about a website that has a login form on the page, that is not HTTP authentication."

 

I am talking about form based authentication that is a website that has a login form that must be filled with username and password : Using the php curl little script above I was trying to login in a website that has a login form in the page but I failed .

[justsomeguy]

Right, the request above doesn't send any form data. You can use your browser's developer tools to look at the request when you login using the form, you can see what kind of data it sends and where it sends the data. That is the request you'll need to replicate using cURL. Make sure you're sending the correct headers and the data that the page expects.

[hisoka]

I opened the network section of Mozilla web developer tool , then I put my username and password and click login to see what I will get . Before even asking for what is wrong with the little script I wrote , I have a question about the result that the network section of Mozilla gave me . I wrote my password and username in the login form and then clicked the login button . However , when I checked the method part of the network section , I noticed the following:

 

Method : 302 post

file : /

requested url : https://www.examples.com

request method : post

status mode : 302 temporary removed

 

then under the 302 post , there :

 

Method : 200 get

file: index.php

requested url : https://www.examples.com/index.php

request method : get

status mode : 200 ok

 

Normally the method is post because I submitted my username and password through the login form so why the browser gave me get 200 ok and post 302 removed temporary ?

 

Now coming to the little script I wrote :

 

<?php$userAgent="Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Firefox/38.0";$accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";$cookies="fusion_visited=TRUE; PHPSESSID=d7993947044de57d7ca8d2c23eca3875fusion_user=86940.dcc999f4a661e513b228c29887c3ea03";$handle="gzip, deflate";$ch = curl_init();curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language:en-US,en;q=0.5',));curl_setopt($ch , CURLOPT_URL,"https://www.examples/index.php");curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );curl_setopt($ch , CURLOPT_SSL_VERIFYHOST,false);curl_setopt( $ch, CURLOPT_USERAGENT, $userAgent );curl_setopt($ch, CURLOPT_COOKIE, $cookies);curl_setopt($ch, CURLOPT_FORBID_REUSE,0);curl_setopt($ch, CURLOPT_REFERER, "https://www.examples.com/index.php");curl_setopt($ch, CURLOPT_ENCODING ,$handle);$output=curl_exec($ch);print $output;curl_close($ch);?>

 

when I run the above script it gives no error but the page remains white and nothing is displayed . Now I am stuck on what I am missing

[justsomeguy]

The 302 response is the server telling the browser to redirect to another page, which gives a 200 response.With that code, for one, you're not sending a username and password. Setting a static PHP session ID in the cookie probably isn't a good idea. The server will send a cookie with the session ID that you need to send back. In fact you probably shouldn't set any static cookies, you should only send back to the server what it send to you. Once you send the request there are other cURL functions to get various response headers and things like that so you can see what the server is responding with.

[hisoka]

"The 302 response is the server telling the browser to redirect to another page, which gives a 200 response".

 

For what is the redirection needed? why the server does not give the 200 response directly?

 

"With that code, for one, you're not sending a username and password"

 

I searched in Google for form based authentication using php curl but I could not find any article . I cannot find the way to send the username and password , in a form based authentication , using php curl

 

"In fact you probably shouldn't set any static cookies, you should only send back to the server what it send to you."

 

it sent the following cookie to me :

 

"PHPSESSID=d7993947044de57d7ca8d2c23eca3875; path=/; secure; httponlyfusion_lastvisit=1434144212; expires=Sat, 13-Jun-2015 03:04:34 GMT; Max-Age=3600; path=/; secure; httponly"

 

so should I turn the above cookie back using php curl ?

Edited June 13, 2015 by hisoka

[justsomeguy]

For what is the redirection needed? why the server does not give the 200 response directly?

Ask the people who set up the server to do that. Login systems normally redirect you after logging in.

I cannot find the way to send the username and password , in a form based authentication , using php curl

It's just a post request, look at options like CURLOPT_POST and CURLOPT_POSTFIELDS.

so should I turn the above cookie back using php curl ?

Not if it sent that cookie in the browser. That cookie is for your browser, not cURL. When you send requests with cURL you can get the response data from the server, including any cookies that it's trying to set. Then, you can send those cookies back when you make other requests. cURL has support to automate much of that process.

[hisoka]

please can you tell me what is the tool or the software that I must use or in which I should put my php code for example this :

 

<?php$userAgent="Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Firefox/38.0";$accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";$cookies="fusion_visited=TRUE; PHPSESSID=d7993947044de57d7ca8d2c23eca3875fusion_user=86940.dcc999f4a661e513b228c29887c3ea03";$handle="gzip, deflate";$ch = curl_init();curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language:en-US,en;q=0.5',));curl_setopt($ch , CURLOPT_URL,"https://www.examples/index.php");curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );curl_setopt($ch , CURLOPT_SSL_VERIFYHOST,false);curl_setopt( $ch, CURLOPT_USERAGENT, $userAgent );curl_setopt($ch, CURLOPT_COOKIE, $cookies);curl_setopt($ch, CURLOPT_FORBID_REUSE,0);curl_setopt($ch, CURLOPT_REFERER, "https://www.examples.com/index.php");curl_setopt($ch, CURLOPT_ENCODING ,$handle);$output=curl_exec($ch);print $output;curl_close($ch);?>

 

in order to connect to the website ? should I put my php code in a normal notepad ? or there is a special tool for doing it ?

Edited July 25, 2015 by hisoka

[justsomeguy]

Any text editor will work, as long as it can save plain text files. There are several text editors made specifically for programming.