[RESOLVED] Curl with sessions
Results 1 to 3 of 3

Thread: [RESOLVED] Curl with sessions

  1. #1
    Member
    Join Date
    Jul 2005
    Location
    NZ
    Posts
    41

    resolved [RESOLVED] Curl with sessions

    I have made a bot that is designed to traverse my site, looking for forms and links and reporting any errors, warnings or notices that it finds.

    I use Antz_IntelliForm, which generates a random seed, places the seed in a session variable and puts the seed in a hidden form field. When I ask if the form has been submitted, Antz_IntelliForm::submitted() checks if the submitted form seed matches the seed in the session variable. If so, the form was submitted otherwise it was not.

    Problem it seems, is when using curl to submit my forms, the session array is empty, even after calling session_start() at the top of the page.

    I have googled curl & sessions etc, but all documentation refers to curl sessions, which is not really the answer I need.

    PHP Code:
    <?php
    session_start
    ();
    /*
        CREATE TABLE users (
          id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
          username VARCHAR(255) NOT NULL,
          password VARCHAR(255) NOT NULL
        ) ENGINE = MYISAM;
    */

    include('../Antz_Db.php');
    include(
    'IntelliForm.php');
    $showErrors true;
    $dbParams['host'] = 'localhost';
    $dbParams['username'] = '***';
    $dbParams['password'] = '***';
    $dbParams['dbname'] = '***';

    $DB = new Antz_Db($dbParams$showErrors);
    $DB->debug(true);

    if(
    Antz_IntelliForm::submitted()){
        
    // form has been submitted
        
    echo '<h1>submitted</h1>';
        
    $username $_POST['username'];
        
    $password $_POST['password'];
        
    $id $DB->insert('users', array('username'=>$username'password'=>$password));
        echo 
    'done';
    };

    ?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
      <head>
      <meta http-equiv="content-type" content="text/html; charset=windows-1250">
      <meta name="generator" content="PSPad editor, www.pspad.com">
      <title></title>
      </head>
      <body>
        <form method="post">
          <?php echo Antz_IntelliForm::seed() ?>
          <input type="text" name="username" value="">
          <input type="password" name="password" value="">
          <input type="submit" name="submit" value="Go >>">
        </form>
      </body>
    </html>
    I need to know how to get curl to handle session cookies as a browser does. I have cookies.txt in the same directory as interrogate.php, it doesn't seem to help.

    Here is the function I am using to send post data with curl:

    PHP Code:
    function hitForm($loginURL$loginFields$referer="") {
    $ch curl_init();
    curl_setopt($chCURLOPT_COOKIEJAR“cookies.txt”);
    curl_setopt($chCURLOPT_COOKIEFILE“cookies.txt”);
    curl_setopt($chCURLOPT_URL$loginURL);
    curl_setopt($chCURLOPT_POST1);
    curl_setopt($chCURLOPT_REFERER$referer);
    curl_setopt($chCURLOPT_RETURNTRANSFER1);
    curl_setopt($chCURLOPT_POSTFIELDS$loginFields);
    $ret curl_exec($ch);
    curl_close($ch);
    return 
    $ret;

    And an example of data that would be sent:
    Code:
    -- interrogating http://silver-sleuth/interrogate/record.php ( POST )
    sending: antzSeed=42076518&username=simple&password=simple
    Music Matters Most
    www.studiojunkies.com

  2. #2
    NMaOtBG bpat1434's Avatar
    Join Date
    Oct 2004
    Location
    Around 255.255.255.0
    Posts
    7,849
    You need to grab the cookies from the CURL headers

    PHP Code:
    curl_setopt($ch,    CURLOPT_AUTOREFERER,         true);
    curl_setopt($ch,    CURLOPT_COOKIESESSION,         true);
    curl_setopt($ch,    CURLOPT_FAILONERROR,         false);
    curl_setopt($ch,    CURLOPT_FOLLOWLOCATION,        false);
    curl_setopt($ch,    CURLOPT_FRESH_CONNECT,         true);
    curl_setopt($ch,    CURLOPT_HEADER,             true);
    curl_setopt($ch,    CURLOPT_POST,                 true);
    curl_setopt($ch,    CURLOPT_RETURNTRANSFER,        true);
    curl_setopt($ch,    CURLOPT_CONNECTTIMEOUT,     30);
    curl_setopt($ch,    CURLOPT_POSTFIELDS,         $data);
    $result curl_exec($ch);
    curl_close($ch);

    $pattern "#Set-Cookie: (.*?; path=.*?;.*?)\n#";
    preg_match_all($pattern$result$matches);
    array_shift($matches);
    $cookie implode("\n"$matches[0]);

    // Then, once we have the cookie, let's use it in the next request:
    curl_setopt($ch,    CURLOPT_COOKIE,                $cookie);
    curl_setopt($ch,    CURLOPT_AUTOREFERER,         true);
    curl_setopt($ch,    CURLOPT_COOKIESESSION,         true);
    curl_setopt($ch,    CURLOPT_FAILONERROR,         false);
    curl_setopt($ch,    CURLOPT_FOLLOWLOCATION,        false);
    curl_setopt($ch,    CURLOPT_FRESH_CONNECT,         true);
    curl_setopt($ch,    CURLOPT_HEADER,             false);
    curl_setopt($ch,    CURLOPT_POST,                 false);
    curl_setopt($ch,    CURLOPT_RETURNTRANSFER,        true);
    curl_setopt($ch,    CURLOPT_CONNECTTIMEOUT,     30);
    $result curl_exec($ch);
    curl_close($ch); 
    Now, I left out the curl_init as it's not important to your issue. But that's how I can use CURL to log into a vBulletin board and maintain state between page-loads with cookies

  3. #3
    Member
    Join Date
    Jul 2005
    Location
    NZ
    Posts
    41
    Good one, that does the trick.

    Cheers.
    Music Matters Most
    www.studiojunkies.com

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •