Geek Answers Handbook

Problems with username or colon when setting CURLOPT_USERPWD

We are trying to use curl in PHP5 to enter a site using basic authentication.

Partial code is as follows:

<? ... $uname = "username"; $pass = "p:assword"; curl_setopt($ch,CURLOPT_USERPWD,"$uname:$pass"); ... ?>

but it seems that the colon in our password is causing problems.

We cannot change the password for our production site, but we have confirmed that the code works fine on another site that uses an alphanumeric username and password.

Is there a way to avoid the colon in the password, so curl still works? We tried "p \: assword" with no luck.

Thanks.

+7
source share
3 answers

therefore, it turns out that this is not a colon problem .... this is a problem with the authentication scheme.

first we used:

 curl_setopt($curl_conn, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);

and changing to:

 curl_setopt($curl_conn, CURLOPT_HTTPAUTH, CURLAUTH_ANY);

fixed problem.

Our test on another server had its drawbacks - IIS on Windows was running on the server that was running, apache on linux was running on the production server with which we had problems.

So, I repeat: there seems to be no problem using usernames or passwords containing curling colons. this explains why there was no documentation on this issue.

Sorry for jumping to conclusions and thanks for the help.

+6
source

I was looking for the implementation of extracting CURLOPT_USERPWD in curl code. Here's how to do it. The username-passwd line has a forward search, looking for the ":" character. And then the username and passwd are extracted (the line before: is username and the line after: passwd)

So, as you might have guessed, if the username line contains the character :, all of this will fail. However, since the likelihood that the symbol: as part of the username is significantly less, this is not reported as an error.

thanks

+1
source

There seems to be no documented solution, but you can try this workaround:

 curl_setopt($ch, CURLOPT_URL, "http://{$uname}:{$pass}@www.test.com/login.php");

But I did not test it.

0
source

More articles:


All Articles