I have made a bot that is designed to traverse my site, looking for forms and links and reporting any errors, warnings or notices that it finds.
I use Antz_IntelliForm, which generates a random seed, places the seed in a session variable and puts the seed in a hidden form field. When I ask if the form has been submitted, Antz_IntelliForm::submitted() checks if the submitted form seed matches the seed in the session variable. If so, the form was submitted otherwise it was not.
Problem it seems, is when using curl to submit my forms, the session array is empty, even after calling session_start() at the top of the page.
I have googled curl & sessions etc, but all documentation refers to curl sessions, which is not really the answer I need.
<?php
session_start();
/*
CREATE TABLE users (
id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(255) NOT NULL,
password VARCHAR(255) NOT NULL
) ENGINE = MYISAM;
*/
include('../Antz_Db.php');
include('IntelliForm.php');
$showErrors = true;
$dbParams['host'] = 'localhost';
$dbParams['username'] = '***';
$dbParams['password'] = '***';
$dbParams['dbname'] = '***';
$DB = new Antz_Db($dbParams, $showErrors);
$DB->debug(true);
if(Antz_IntelliForm::submitted()){
// form has been submitted
echo '<h1>submitted</h1>';
$username = $_POST['username'];
$password = $_POST['password'];
$id = $DB->insert('users', array('username'=>$username, 'password'=>$password));
echo 'done';
};
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1250">
<meta name="generator" content="PSPad editor, www.pspad.com">
<title></title>
</head>
<body>
<form method="post">
<?php echo Antz_IntelliForm::seed() ?>
<input type="text" name="username" value="">
<input type="password" name="password" value="">
<input type="submit" name="submit" value="Go >>">
</form>
</body>
</html>
I need to know how to get curl to handle session cookies as a browser does. I have cookies.txt in the same directory as interrogate.php, it doesn't seem to help.
Here is the function I am using to send post data with curl:
function hitForm($loginURL, $loginFields, $referer="") {
$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIEJAR, “cookies.txt”);
curl_setopt($ch, CURLOPT_COOKIEFILE, “cookies.txt”);
curl_setopt($ch, CURLOPT_URL, $loginURL);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_REFERER, $referer);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $loginFields);
$ret = curl_exec($ch);
curl_close($ch);
return $ret;
}
And an example of data that would be sent:
-- interrogating http://silver-sleuth/interrogate/record.php ( POST )
sending: antzSeed=42076518&username=simple&password=simple