curl-users
RE: login POST with php/libcurl
Date: Wed, 7 May 2003 12:02:47 -0400
Thank you for your response Daniel.
I'm confused as to how to do this. When I allow redirection, enable
cookies, and submit using post variables, I still get the same thing -
the login page just redisplays. See code below. I tried leaving out
the CURLOPT_COOKIE line because I don't think it belongs, but I get the
same results. The file /tmp/cookie output is below, it looks like it is
storing cookie data in the header, and storing session information in
the URL itself. Any help is greatly appreciated. Thank you again!
Joe Glass
$id = "username";
$pw = "password";
$postfields = "UserLogin=$id&UserPassword=$pw&press=login";
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 1); // Get the header
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // Allow redirection
curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookie");
curl_setopt($ch, CURLOPT_COOKIE, "/tmp/cookie");
curl_setopt($ch, CURLOPT_URL,
"http://www5.apa.org/membership/login/login.cfm");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "$postfields");
curl_exec($ch);
curl_close($ch);
# Netscape HTTP Cookie File
# http://www.netscape.com/newsref/std/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
www5.apa.org FALSE / FALSE 2137622400 CFID 1823564
www5.apa.org FALSE / FALSE 2137622400 CFTOKEN 71042267
-----Original Message-----
From: curl-users-admin_at_lists.sourceforge.net
[mailto:curl-users-admin_at_lists.sourceforge.net] On Behalf Of Daniel
Stenberg
Sent: Wednesday, May 07, 2003 3:21 AM
To: Curl Mailinglist
Subject: Re: login POST with php/libcurl
On Tue, 6 May 2003, Joe Glass wrote:
> With a browser, if I go to http://members.apa.org, then click on
"Member
> Directory", I am sent to a login page with the url
>
http://www5.apa.org/membership/login/login.cfm?CFID=1819003&CFTOKEN=6017
3325.
> So it appears a cookie is established.
Cookies are sent in the HTTP header and isn't visible in the URL. In my
eyes,
this looks as if they DON'T use cookies and instead pass on
session-variables
in the URL itself.
> I can then enter in the username and password and click login, and
> everything is dandy.
> I'm trying to automate this using PHP/libcurl. First, if I try to
> access this site on the command line using:
> curl -u username:passwd
"http://www5.apa.org/membership/login/login.cfm"
> It doesn't work, the same login page is simply returned.
Yes, because it presents a HTML form for you to fill in, and then -u is
not
the right answer. Then you need to check the <DEFANGED_form> tags and
what variables
to pass on using -d etc.
You should probably also expect cookies to be used and follow redirects.
-- Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs. ------------------------------------------------------- Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise solutions www.enterpriselinuxforum.com -- This message has been 'sanitized'. This means that potentially dangerous content has been rewritten or removed. The following log describes which actions were taken. Sanitizer (start="1052291857"): SanitizeFile (filename="unnamed.txt", mimetype="TEXT/PLAIN"): Match (rule="default"): Enforced policy: accept Note: Forms invoke complex, interactive elements of the operating system which may be buggy. In addition, carefully crafted forms can be used to trick the user into performing attacks on his own network (thus avoiding firewalls). References: - http://www.securityfocus.com/bid/606 - http://www.remote.org/jochen/sec/hfpa/ Rewrote HTML tag: >>_form_<< as: >>_DEFANGED_form_<< Total modifications so far: 1 Anomy 0.0.0 : Sanitizer.pm $Id: Sanitizer.pm,v 1.54 2002/02/15 16:59:07 bre Exp $ ------------------------------------------------------- Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise solutions www.enterpriselinuxforum.comReceived on 2003-05-07