How to Navigate Pages After Curl Login

slevytam · Sep 7, 2008

Hi,

Sorry if this is a really basic question; however, I am a curl newbie. I have managed to successfully login to a secure page using a webform; however, I can't seem to navigate to a different page after I've logged in.

Currently, I am using this:

$loginName = 'login';
$password = 'password';
$cookie = 'cookiefile';

$postdata = 'loginName='.urlencode($loginName).'&password='.urlencode($password);

$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL,"https://www.domain.com/main/loginConfirm");
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt ($ch, CURLOPT_TIMEOUT, 20);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);

curl_close($ch);

I'm not sure how I now go to a different page in the secure area. Everytime I try to access a page it redirects me to the login window.

Hope I'm making myself clear,

Thanks,

slevytam

bpat1434 · Sep 7, 2008

So on the next cURL request you make, you need to specify the cookie file to send along with it. So you should be able to just save the cookie, then set it in the next request with CURLOPT_COOKIE. Here's something I used a while ago that worked:

$cookie = './temp.cookie';

$data = array(
	'login_username'			=>	'username',
	'login_password'			=>	'',
	'cookieuser'				=>	'1',
	'login_md5password'		=>	'supercalafragilisticexpialidocious',
	'login_md5password_utf'	=>	'supercalafragilisticexpialidocious',
	'do'						=>	'login',
	's'							=>	'',
);

$ch = curl_init("http://website.com/auth/login");
curl_setopt($ch,	CURLOPT_AUTOREFERER, 		true);
curl_setopt($ch,	CURLOPT_COOKIESESSION, 		true);
curl_setopt($ch,	CURLOPT_FAILONERROR, 		false);
curl_setopt($ch,	CURLOPT_FOLLOWLOCATION,		false);
curl_setopt($ch,	CURLOPT_FRESH_CONNECT, 		true);
curl_setopt($ch,	CURLOPT_HEADER, 			true);
curl_setopt($ch,	CURLOPT_POST, 				true);
curl_setopt($ch,	CURLOPT_RETURNTRANSFER,		true);
curl_setopt($ch,	CURLOPT_CONNECTTIMEOUT, 	30);
curl_setopt($ch,	CURLOPT_POSTFIELDS, 		$data);
$result = curl_exec($ch);
curl_close($ch);

$pattern = "#Set-Cookie: (.*?; path=.*?;.*?)\n#";
preg_match_all($pattern, $result, $matches);
array_shift($matches);
$cookie = implode("\n", $matches[0]);

unset($ch, $result);

$ch = curl_init('http://website.com/protected/page.php');
curl_setopt($ch,	CURLOPT_COOKIE,				$cookie);
curl_setopt($ch,	CURLOPT_AUTOREFERER, 		true);
curl_setopt($ch,	CURLOPT_COOKIESESSION, 		true);
curl_setopt($ch,	CURLOPT_FAILONERROR, 		false);
curl_setopt($ch,	CURLOPT_FOLLOWLOCATION,		false);
curl_setopt($ch,	CURLOPT_FRESH_CONNECT, 		true);
curl_setopt($ch,	CURLOPT_HEADER, 			false);
curl_setopt($ch,	CURLOPT_POST, 				false);
curl_setopt($ch,	CURLOPT_RETURNTRANSFER,		true);
curl_setopt($ch,	CURLOPT_CONNECTTIMEOUT, 	30);
$result = curl_exec($ch);
curl_close($ch);

I've removed some sensitive info (urls, password hashes, etc), but the gist is still there.

slevytam · Sep 8, 2008

Thanks,

I'll give that a try as soon as i can...

slevytam

bpat1434 · Sep 8, 2008

Just a note... you do have to capture the cookie stuff and then use it again. So you need the uncommented portion. I've updated my earlier post to reflect that.

slevytam · Sep 9, 2008

Hi,

Unfortunately that didn't seem to work for logging in or getting the second page. I have managed to find and modify some code though that has!

Thanks for the efforts!

$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIEJAR, "/Library/WebServer/Documents/tmp/cookieFileName");
curl_setopt($ch, CURLOPT_URL,"https://www.example.com/myaccount/start.asp");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
ob_start();      // Prevent output
curl_exec ($ch);
ob_end_clean();  // End preventing output
curl_close ($ch);
unset($ch);

$ch = curl_init();
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "field1=".$f1."&field2=".$f2."&SomeFlag=True");
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEFILE, "/Library/WebServer/Documents/tmp/cookieFileName");
curl_setopt($ch, CURLOPT_URL,"https://www.example.com/myaccount/Login.asp");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec ($ch);

curl_setopt($ch, CURLOPT_URL,"https://www.example.com/myaccount/Different.asp");
curl_setopt($ch, CURLOPT_POST, 0);

$result = curl_exec ($ch);
curl_close ($ch);