hisoka Posted June 10, 2015 Share Posted June 10, 2015 (edited) <?php$password="xxxxxxx";$username="yyyyyyy";$url="https://www.examples.com/index.php";$ch = curl_init();curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);$output = curl_exec($ch);echo $output;curl_close($ch);?> I changed the xxx by the real password , the yyy by the real username and I put the real url but I could not login to the website . please help Edited June 10, 2015 by hisoka Link to comment Share on other sites More sharing options...
justsomeguy Posted June 10, 2015 Share Posted June 10, 2015 Is that a website that uses HTTP basic authentication? Link to comment Share on other sites More sharing options...
hisoka Posted June 11, 2015 Author Share Posted June 11, 2015 does the URL name of the website matter ? I prefer not to mention the URL name of the website this is why I replaced it with https://www.examples.com/index.php . I already , indirectly , referred that it is not the real URL name of the website . Something is wrong or missing in the little script above . I do not know what is exactly the problem. Link to comment Share on other sites More sharing options...
justsomeguy Posted June 11, 2015 Share Posted June 11, 2015 The URL doesn't matter, the question is whether the site uses HTTP basic authentication, which is what you are trying to use. That is when the browser will pop up a dialog box asking for a username and password. If you are talking about a website that has a login form on the page, that is not HTTP authentication.If you want to see what HTTP authentication looks like, go to this page and scroll down to the Example 10 box, and run that example.http://www.httpwatch.com/httpgallery/authentication/ Link to comment Share on other sites More sharing options...
hisoka Posted June 12, 2015 Author Share Posted June 12, 2015 First , thank you very much to correct me and to wake me up to something I ignore . Now I know at least that HTTP basic authentication is not form based authentication "If you are talking about a website that has a login form on the page, that is not HTTP authentication." I am talking about form based authentication that is a website that has a login form that must be filled with username and password : Using the php curl little script above I was trying to login in a website that has a login form in the page but I failed . Link to comment Share on other sites More sharing options...
justsomeguy Posted June 12, 2015 Share Posted June 12, 2015 Right, the request above doesn't send any form data. You can use your browser's developer tools to look at the request when you login using the form, you can see what kind of data it sends and where it sends the data. That is the request you'll need to replicate using cURL. Make sure you're sending the correct headers and the data that the page expects. Link to comment Share on other sites More sharing options...
hisoka Posted June 12, 2015 Author Share Posted June 12, 2015 I opened the network section of Mozilla web developer tool , then I put my username and password and click login to see what I will get . Before even asking for what is wrong with the little script I wrote , I have a question about the result that the network section of Mozilla gave me . I wrote my password and username in the login form and then clicked the login button . However , when I checked the method part of the network section , I noticed the following: Method : 302 post file : / requested url : https://www.examples.com request method : post status mode : 302 temporary removed then under the 302 post , there : Method : 200 get file: index.php requested url : https://www.examples.com/index.php request method : get status mode : 200 ok Normally the method is post because I submitted my username and password through the login form so why the browser gave me get 200 ok and post 302 removed temporary ? Now coming to the little script I wrote : <?php$userAgent="Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Firefox/38.0";$accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";$cookies="fusion_visited=TRUE; PHPSESSID=d7993947044de57d7ca8d2c23eca3875fusion_user=86940.dcc999f4a661e513b228c29887c3ea03";$handle="gzip, deflate";$ch = curl_init();curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language:en-US,en;q=0.5',));curl_setopt($ch , CURLOPT_URL,"https://www.examples/index.php");curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );curl_setopt($ch , CURLOPT_SSL_VERIFYHOST,false);curl_setopt( $ch, CURLOPT_USERAGENT, $userAgent );curl_setopt($ch, CURLOPT_COOKIE, $cookies);curl_setopt($ch, CURLOPT_FORBID_REUSE,0);curl_setopt($ch, CURLOPT_REFERER, "https://www.examples.com/index.php");curl_setopt($ch, CURLOPT_ENCODING ,$handle);$output=curl_exec($ch);print $output;curl_close($ch);?> when I run the above script it gives no error but the page remains white and nothing is displayed . Now I am stuck on what I am missing Link to comment Share on other sites More sharing options...
justsomeguy Posted June 12, 2015 Share Posted June 12, 2015 The 302 response is the server telling the browser to redirect to another page, which gives a 200 response.With that code, for one, you're not sending a username and password. Setting a static PHP session ID in the cookie probably isn't a good idea. The server will send a cookie with the session ID that you need to send back. In fact you probably shouldn't set any static cookies, you should only send back to the server what it send to you. Once you send the request there are other cURL functions to get various response headers and things like that so you can see what the server is responding with. Link to comment Share on other sites More sharing options...
hisoka Posted June 13, 2015 Author Share Posted June 13, 2015 (edited) "The 302 response is the server telling the browser to redirect to another page, which gives a 200 response". For what is the redirection needed? why the server does not give the 200 response directly? "With that code, for one, you're not sending a username and password" I searched in Google for form based authentication using php curl but I could not find any article . I cannot find the way to send the username and password , in a form based authentication , using php curl "In fact you probably shouldn't set any static cookies, you should only send back to the server what it send to you." it sent the following cookie to me : "PHPSESSID=d7993947044de57d7ca8d2c23eca3875; path=/; secure; httponlyfusion_lastvisit=1434144212; expires=Sat, 13-Jun-2015 03:04:34 GMT; Max-Age=3600; path=/; secure; httponly" so should I turn the above cookie back using php curl ? Edited June 13, 2015 by hisoka Link to comment Share on other sites More sharing options...
justsomeguy Posted June 15, 2015 Share Posted June 15, 2015 For what is the redirection needed? why the server does not give the 200 response directly?Ask the people who set up the server to do that. Login systems normally redirect you after logging in.I cannot find the way to send the username and password , in a form based authentication , using php curlIt's just a post request, look at options like CURLOPT_POST and CURLOPT_POSTFIELDS.so should I turn the above cookie back using php curl ?Not if it sent that cookie in the browser. That cookie is for your browser, not cURL. When you send requests with cURL you can get the response data from the server, including any cookies that it's trying to set. Then, you can send those cookies back when you make other requests. cURL has support to automate much of that process. Link to comment Share on other sites More sharing options...
hisoka Posted July 25, 2015 Author Share Posted July 25, 2015 (edited) please can you tell me what is the tool or the software that I must use or in which I should put my php code for example this : <?php$userAgent="Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Firefox/38.0";$accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";$cookies="fusion_visited=TRUE; PHPSESSID=d7993947044de57d7ca8d2c23eca3875fusion_user=86940.dcc999f4a661e513b228c29887c3ea03";$handle="gzip, deflate";$ch = curl_init();curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language:en-US,en;q=0.5',));curl_setopt($ch , CURLOPT_URL,"https://www.examples/index.php");curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );curl_setopt($ch , CURLOPT_SSL_VERIFYHOST,false);curl_setopt( $ch, CURLOPT_USERAGENT, $userAgent );curl_setopt($ch, CURLOPT_COOKIE, $cookies);curl_setopt($ch, CURLOPT_FORBID_REUSE,0);curl_setopt($ch, CURLOPT_REFERER, "https://www.examples.com/index.php");curl_setopt($ch, CURLOPT_ENCODING ,$handle);$output=curl_exec($ch);print $output;curl_close($ch);?> in order to connect to the website ? should I put my php code in a normal notepad ? or there is a special tool for doing it ? Edited July 25, 2015 by hisoka Link to comment Share on other sites More sharing options...
justsomeguy Posted July 27, 2015 Share Posted July 27, 2015 Any text editor will work, as long as it can save plain text files. There are several text editors made specifically for programming. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now