PHP cURL authentication problem

Question

PHP cURL authentication problem

I worked with HttpFox and compared the values (url and post) with those that my code generated. They are exactly the same, but I always see the message "Login failed" on the web page. I have no idea what could be the problem.

the code:

require 'domparser_1_5/simple_html_dom.php'; $username = "username"; $password = "password"; function login($url,$data){ $fp = fopen("cookie.txt", "w"); fclose($fp); $login = curl_init(); curl_setopt($login, CURLOPT_URL, $url); curl_setopt($login, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($login, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($login, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($login, CURLOPT_TIMEOUT, 40000); curl_setopt($login, CURLOPT_RETURNTRANSFER, true); curl_setopt($login, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); curl_setopt($login, CURLOPT_FOLLOWLOCATION, true); curl_setopt($login, CURLOPT_POST, true); curl_setopt($login, CURLOPT_POSTFIELDS, $data); ob_start(); $result = curl_exec($login); ob_end_clean(); curl_close($login); unset($login); return $result; } function generate_pass($user, $password, $token) { if ($password) { $enc_pass = md5($password); $pass = $user.':'.$enc_pass.':'.$token; return md5($pass); } } function get_token() { $html = file_get_html('https://www.foo.com/'); $token = ""; foreach($html->find('input') as $element) { if($element->name == "token") { $token = $element->value; } } if (!$token) { die('No token found'); } return $token; } $token = get_token(); echo login("https://www.foo.com/login/start.html", "user=".$username."&password=".$password."&submit=Anmelden&logintype=login&pid=4%2C93%2C1828&pass=".generate_pass($username, $password, $token)."&redirect_url=login%2Fstart.html&tx_felogin_pi1%5Bnoredirect%5D=0&token=".$token."");

+7

php curl login

user289520 Apr 24 '15 at 8:44

source share

1 answer

Paolo · Accepted Answer · 2015-04-24T10:36:41+0000

Authentication failed due to inconsistency between token and cookie (s) .

When loading a page to receive a token with get_token() server sends you a cookie that you do not save.

Later, when you try to log in, the server expects to receive the same cookie that it sent to you when you received the token . But you do not send it.

I suggest you rewrite get_token() with curl and save cookies in cookie.txt . This will allow you to pass them later when you call login()

Like this:

 function get_token() { $url = 'https://www.foo.com/'; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($curl, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($curl, CURLOPT_TIMEOUT, 40000); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); $result = curl_exec($curl); curl_close($curl); unset($curl); $html = str_get_html( $result ); $token = ""; foreach($html->find('input') as $element) { if($element->name == "token") { $token = $element->value; } } if (!$token) { die('No token found'); } return $token; }

Important:

Delete

 $fp = fopen("cookie.txt", "w"); fclose($fp);

From login() , as this truncates the cookie.txt to zero byte, and you do not want to delete the cookie you just received.

Note that curl_exec() creates a specified cookie if it does not exist.

PHP cURL authentication problem

More articles: