Automatic form submission/HTTP Headers issue?

cnbingham

Folks,

How and in what format are form variables passed to a remote server?

I'm trying to duplicate in php some html code that automatically submits a form to login to a site, and I think I'm having trouble creating the proper http headers.

Here's the html code:

<html>
<body onload="document.koc.submit();">
<form action="http://www.kingsofchaos.com/login.php" method="post" name=koc>
<input type="hidden" name="usrname" value="me">
<input type="hidden" name="uemail" value="email@email.com">
<input type="hidden" name="peeword" value="funkynumber">
</form>
</body>
</html>

And here is the PHP code I've written to send the data:

<?php
         $koc_host = "www.kingsofchaos.com";
         $koc_path = "/login.php";

     $koc_fp = fsockopen($koc_host,80,$errno,$errstr,30);

$request = "SUBMIT $koc_path HTTP/1.1\r\n";
$request .= "Host: $koc_host\r\n";
$request .= "usrname:me\r\n";
$request .= "uemail:email@email.com\r\n";
$request .= "peeword:funkynumber\r\n";
$request .= "Connection: Close\r\n\r\n";
fwrite($koc_fp, $request);

// print everything received from the server

while (!feof($koc_fp)) {
    echo fgets($koc_fp);
}
fclose($koc_fp);
?>

From the server, I'm receiving this text:

HTTP/1.1 200 OK
Date: Tue, 25 Oct 2005 02:10:36 GMT
Server: Apache/1.3.33 (Unix) (Gentoo/Linux)
Set-Cookie: country=US; expires=Wed, 22-Feb-2006 02:10:36 GMT; path=/; domain=.kingsofchaos.com
Set-Cookie: koc_session=0c5d01c3a78c7c09de7ad2aed1e0f937; path=/; domain=.kingsofchaos.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

255f
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

The page loads with an error--apparently because the login information isn't recognized.

I'm assuming that the problem lies in my formatting of the form variables.

Alternatively, could it be that I should be using POST instead of SUBMIT?

	$request = "POST $koc_path HTTP/1.1\r\n";

The server response is:

HTTP/1.1 302 Found
Date: Tue, 25 Oct 2005 02:15:27 GMT
Server: Apache/1.3.33 (Unix) (Gentoo/Linux)
Set-Cookie: country=US; expires=Wed, 22-Feb-2006 02:15:28 GMT; path=/; domain=.kingsofchaos.com
Set-Cookie: koc_session=c29d72694f9d9832b7da7f9628f6bab0; path=/; domain=.kingsofchaos.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: login.php
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

If I understand the 302 code, it indicates a temporary redirect and the new URL should be in the Location: field--but this points to login.php, which I thought we had just processed... Do I need to refresh to login.php, only this time with the cookie included? (by the way, how do I send a cookie as part of the headers?)

Thanx tons for any insight.

Curtis

drew010

your request should look more like this

POST /login.php HTTP/1.0
Host: www.kingsofchaos.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 58

username=me&uemail=email%40email%2Ecom&peeword=funkynumber

the http request is the headers, followed by 2 crlfs and then the url encoded post data and then 1 crlf

also, there is no such thing as a SUBMIT request, there is get, post, head, put, trace, options, connect, and delete.
a form just turns into a post request if its method is post.

cnbingham

Drew010, thanx tons for your quick response.

With your updates, I've got the following code:

$koc_login_str = "username=me&uemail=email%40mail%2Ecom&peeword=funkynumber\r\n";

$koc_fp = fsockopen($koc_host,80,$errno,$errstr,30);

$request = "POST $koc_path HTTP/1.0\r\n";
$request .= "Host: $koc_host\r\n";
$request .= "Content-Type: application/x-www-form-urlencoded\r\n";
$request .= "Content-Length: " . strlen($koc_login_str) . "\r\n\r\n";
$request .= $koc_login_str;
fwrite($koc_fp, $request);
while (!feof($koc_fp)) {
    echo fgets($koc_fp);
}
fclose($koc_fp);

I'm receiving this response from the server:

HTTP/1.1 302 Found
Date: Tue, 25 Oct 2005 02:55:00 GMT
Server: Apache/1.3.33 (Unix) (Gentoo/Linux)
Set-Cookie: country=US; expires=Wed, 22-Feb-2006 02:55:00 GMT; path=/; domain=.kingsofchaos.com
Set-Cookie: koc_session=7799a19a003d1041bcd9b7eb28c11efc; path=/; domain=.kingsofchaos.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: login.php
Connection: close
Content-Type: text/html

Does the 302 mean that I need redirect? And to where? To login.php?

Thanx,
Curtis

drew010

yeah, when you see a 302, there should always be a Location header in there telling where you are intended to go, in this case login.php
the thing you will need to take into consideration, is since they set 2 cookies, you will need to handle those appropriately and send them back on subsequent requests.
the koc_session is what will identify you as the username you submitted.

one library that may be of interest to you is [man]curl[/man] which can do your http requests for you, and it will handle cookies if you specify a cookiefile in the options.

if you browse around those curl pages, there are a few examples sitting around, and the user comments can provide good insight too.

cnbingham

Thanx again, Drew.

Unfortunately my server doesn't have the curl extensions built in, else I'm sure I could save an awful lot of time here.

Could you take another quick look at this? I'm stuck on figuring out how to bottle up another chunk to the redirect location:

The server sent back these headers with the redirect:

Date: Wed, 26 Oct 2005 01:11:02 GMT
Server: Apache/1.3.33 (Unix) (Gentoo/Linux)
Set-Cookie: country=US; expires=Thu, 23-Feb-2006 01:11:02 GMT; path=/; domain=.kingsofchaos.com
Set-Cookie: koc_session=ea66ca7933636fb93e5bc0ad983ab40f; path=/; domain=.kingsofchaos.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: login.php
Connection: close
Content-Type: text/html

I'm sending the following back:

GET login.php
HTTP/1.0
Host: www.kingsofchaos.com
Cookie: koc_session=65729da9738160e9a3288b8b49e5bc9b; path=/; domain=.kingsofchaos.com
Cookie: country=US; expires=Thu, 23-Feb-2006 01:18:42 GMT; path=/; domain=.kingsofchaos.com
Content-Type: application/x-www-form-urlencoded
Connection: close

Should it be a GET or a POST operation?
What should the Content-Type be? I've looked at the http spec but can't find specific recommendations.
I don't need to return to the server any of the pragmas do I?

Thanx for your help,

Curtis

drew010

on the redirect, its just a regular get, the content-type is only applicable for form posts.

GET /login.php HTTP/1.0
Host: www.kingsofchaos.com
Cookie: koc_session=65729da9738160e9a3288b8b49e5bc9b; country=US
Connection: close

that should be enough to make the second request.