Hello,

I have a litle php script that used to work but stopped suddenly. I suspect
the asp servering host changed some settings.

I searched thru the form and it doesnt have any viewstate in the form nor
headers. I use libcurl/7.12.0 OpenSSL/0.9.7a ipv6 zlib/1.2.1.2 libidn/0.5.6
on a linux box.

I used the following code to log in to a asp.NET form. The code used to work
until recently when it replies me back the same login form no matter what
settings I use.

I define an array postData like this:

$postData[ 'ProcForm' ] = "Process";
$postData[ 'userid' ] = "0";
$postData[ 'Join' ] = 2;
$postData[ 'CheckCookie' ] = "1";
$postData[ 'pmode' ] = "0";
$postData[ 'from' ] = "";
$postData[ 'OrgUserEmail' ] = "";
$postData[ 'misspelledmail' ] = "";
$postData[ 'hidErrorCode' ] = "";
$postData[ 'hidbEmail' ] = "";
$postData[ 'username' ] = $luzer;
$postData[ 'password' ] = $pass;
//$postData[ 'login' ] = "Sign In >";

then I use the following code to login:

$ch = curl_init();
curl_setopt($ch, CURLOPT_POST, 13);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cok);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cok);
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_USERAGENT, $ua);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
//curl_setopt($ch, CURLOPT_HTTPHEADER, $myHeader);
curl_setopt($ch, CURLOPT_REFERER, $ref);

$buf2 = curl_exec ($ch);
curl_close ($ch); unset($ch);
echo $buf2;

I also tried to force curl to use HTTP 1.0 but it doesnt work (i look thru
the headers)
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
The form does not use HTTPS. I tried also without the CURLOPT_SLL options
but the result is the same.

The remote form issues 2 302 redirects which curl parses well but since I am
not logged in I can't access the redirect target and I redirected back to
the login form.
I insepcted the asp form very well, it uses javascript but doesn't do any
javascript redirection or cookie setting/inspection.

The headers sent back by the asp server after my login attempt:
HTTP/1.1 200 OK Connection: keep-alive
Date: Fri, 09 Jun 2006 01:32:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET <http://asp.net/>
P3P: policyref="/w3c/p3p.xml",CP="ALL DSP COR CURa ADMa DEVa TAIa OUR BUS
UNI COM NAV INT STA"
cache-control: private pragma: no-cache
cache-control: private pragma: no-cache
Content-Length: 8686
Content-Type: text/html
Expires: Wed, 01 Mar 2006 02:32:38 GMT
Set-Cookie: CKSPTED=1;
path=/ Cache-control: private

The cookie file is writeable and the cookies show up in it everytime I run
the script.

I used livehttpheaders to see whats going on when I sign in thru firefox and
I obersed that it redirects to another file then tried to access that with
curl after the first login curl_exec but it redirects me to the login form
(curl doesnt login).
Another thing that concerns me from what I saw in the headers while
comunicating thru firefox:

Content-Type: application/x-www-form-urlencoded
Content-Length: 174
ProcForm=Process&userid=0&Join=2&CheckCookie=1 [...snip...]
login=Sign+In+%3E

Does curl encodes the headers to look same way as firefox encodes them ?
Could this be the problem?

Any suggestion are greatly appreciated,

Thank you,

-- 
danyvip

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2006-06-09