I'm trying to write a script that will log in to the web-admin panel on a Cobalt RaQ server and create a new user.
The complete steps I'm taking are:
- Connect to server using fsockopen.
- Request the "loginHandler" page, posting the relevant login details along with it at the same time.
- Get the cookies from the HTTP response.
- Request the "addUser" page, posting all the relevant details along with it (including the cookies gleaned from step 3).
The first three bits work OK. I get two cookies back, "loginName" and "sessionId". The former contains the logged in username, the latter contains a huge session ID.
At this point, I have to fclose() the socket (see [1] below for an explanation why) and then reopen it.
I then request the addUser page, with this HTTP request:
POST /base/user/userAddHandler.php HTTP/1.0
Host: [url]www.source-web.co.uk[/url]
Cookie: loginName=example
Cookie: sessionId=asdjq893u903j93jd9jd30j390rj23
Content-Type: multipart/form-data; boundary=fj12iof
Content-Length: $post_data_length
(all the post data, in multipart/form-data format)I get a 200 OK response back, along with a load of HTML. Amongst this HTML is a javascript redirect to login.php?expired=true - this is whats making me think the cookies aren't being sent properly.
Is what I'm doing enough to get the cookies sent? Do they have to be sent in the same socket connection?
I can almost guarantee that I've not explained this properly so if anyone needs anything clarifying, please reply 
--
[1] If I re-use the same socket, then for some reason the following calls to fgets() still retrieve the contents of the FIRST page, rather than the SECOND page.
