[RESOLVED] Curl code help

Simplyput

Okay I had this programmer create this for me a couple of years ago to autolog into another script from another. I think its perfect to implement in another project I am currently working on. However, on this one piece of code I am clueless on what its really doing. I am not the greatest when it comes to curl. I almost think its doing something malicious. I could be over reacting:evilgrin: I XXXed out the site just in case it was doing something it should not. I would like to be the first to inform the site of this and not have them find out on the internet. I owe them this much. Anyway, can someone please tell me why its pointing to another site as the agent, which was not my site at the time. I will be greatly appreciative.

Thanks


function pls_PostCurlPage ($pageSpec, $data, $cook = array())

{

$agent    = "XXX.Net agent";

$header[] = "Accept: *.*";

$header[] = "Accept-Charset: windows-1251,utf-8";

$header[] = "Accept-Language: en";

$header[] = "Accept-Encoding: gzip,deflate";

//$header[] = "Content-Type: application/x-www-form-urlencoded";



$cookstr = '';

if (!empty($cook)) while (list($k, $v) = each($cook)) $cookstr .= "$k=$v;";



if (!function_exists('curl_init')) die('CURL not accessible');

$ch = curl_init();

curl_setopt($ch,     CURLOPT_URL, $pageSpec);

curl_setopt($ch,     CURLOPT_HEADER, 1);

curl_setopt($ch,     CURLOPT_NOBODY, 0);

curl_setopt($ch,     CURLOPT_RETURNTRANSFER, 0);

curl_setopt($ch,     CURLOPT_VERBOSE, 1);

curl_setopt($ch,     CURLOPT_USERAGENT, $agent);

curl_setopt($ch,     CURLOPT_HTTPHEADER, $header);

//curl_setopt($ch,     CURLOPT_FOLLOWLOCATION, 1);

curl_setopt($ch,     CURLOPT_COOKIEJAR, "cook");

//curl_setopt($ch,     CURLOPT_COOKIEFILE, "cook");

curl_setopt($ch,     CURLOPT_POST, 1);

curl_setopt($ch,     CURLOPT_POSTFIELDS, $data);

curl_setopt($ch,     CURLOPT_COOKIE, $cookstr);



ob_start(); curl_exec($ch);

$tmp = ob_get_contents(); ob_end_clean();

curl_close ($ch);

return $tmp;

}

// ----------------------------------------------------------------------------------

function pls_GetCurlPage($pageSpec, $cook)

{

$agent    = "XXX.Net agent";

$header[] = "Accept-Charset: windows-1251";

$header[] = "Accept-Language: en";

$cookstr = '';

if (!empty($cook)) while (list($k, $v) = each($cook)) $cookstr .= "$k=$v;";



if (!function_exists('curl_init')) die('CURL not accessible');

$ch = curl_init();

curl_setopt($ch,    CURLOPT_URL, $pageSpec);

curl_setopt($ch,    CURLOPT_HTTPHEADER, $header);

curl_setopt($ch,    CURLOPT_HEADER, 1);

curl_setopt($ch,    CURLOPT_NOBODY, 0);

curl_setopt($ch,    CURLOPT_RETURNTRANSFER, 0);

curl_setopt($ch,    CURLOPT_USERAGENT, $agent);

curl_setopt($ch,    CURLOPT_COOKIE, $cookstr);

//curl_setopt($ch,    CURLOPT_POST, 0);



ob_start(); curl_exec($ch);

$page = ob_get_contents(); ob_end_clean();

curl_close ($ch);

return $page;    

}

// ----------------------------------------------------------------------------------

function pls_GetCookies($page)

{

$result = ''; preg_match_all("/Set-Cookie:(?:.*)/", $page, $m);

//echo "<pre> pls_GetCookies => "; var_dump($m); echo "</pre>";

return $m;

}

// ----------------------------------------------------------------------------------

function pls_SetCookies($ca)

{

//echo "<pre> pls_SetCookies => "; var_dump($ca); echo "</pre>";

if (isset($ca[0]))

{

    $ca0 = $ca[0]; 

    reset($ca0);

    foreach ($ca0 as $keyr => $line)

    {
     $line = str_replace("\n", '', $line);
        $line = str_replace("\r", '', $line);

        $pos = strpos($line, "path=");
        if ($pos === false)
        {
            $line .= ";path=/";
        }					
					//echo "<pre>{$keyr}[$line]</pre>";

        header("$line", false);

    }

}

}

// ----------------------------------------------------------------------------------

function pls_ConvertCookies($ca)

{

$cr = array();

if (isset($ca[0])) foreach ($ca[0] as $line)

{

    preg_match("/(?:Set-Cookie:[\s*])([\S][^=]+)=([^;\s]*)/", $line, $m);

    //var_dump($m);

    $cr[ $m[1] ] = $m[2];

}

//echo "<pre> pls_ConvertCookies => "; var_dump($cr);  echo "</pre>";

return $cr;

}

// ----------------------------------------------------------------------------------

/**

* @return string

* @param string $varName

* @param string $varVal

* @param string $uri

* @desc Returns the a string that is either

* $uri if you pass it or the current

* uri with the variable name $varName

* equal to the value urlencode($varVal)

* It replaces a current value if it find

* it or adds the variable and value pair

* if they are new.

*/

function AddToQuery($varName, $varVal, $uri=null)

{

$result = '';

$beginning = '';

$ending = '';



if (is_null($uri)) {//Piece together uri string

    $beginning = $_SERVER['PHP_SELF'];

    $ending = ( isset($_SERVER['QUERY_STRING']) ) ? $_SERVER['QUERY_STRING'] : '';

} else {

    $qstart = strpos($uri, '?');

    if ($qstart === false) {

        $beginning = $uri; //$ending is '' anyway

    } else {

        $beginning = substr($uri, 0, $qstart);

        $ending = substr($uri, $qstart);

    }

}



if (strlen($ending) > 0) {

    $vals = array();

    $ending = str_replace('?','', $ending);

    parse_str($ending, $vals);

    $vals[$varName] = $varVal;

    $ending = '';

    $count = 0;

    foreach($vals as $k => $v) {

        if ($count > 0) { $ending .= '&'; }

        else { $count++; }

        $ending .= "$k=" . urlencode($v);

    }

} else {

    $ending = $varName . '=' . urlencode($varVal);

}



$result = $beginning . '?' . $ending;

return $result;

}

// ----------------------------------------------------------------------------------
?>

dagon

its a few functions, unless they are called, they are not going to be doing anything

Simplyput

I understand that but they were getting called at one time. The script has not been in use for years now, but I am more concerned with the functions that have the XXX.net. Why was it pointing to this site when it was not my site in the first place? I do not want to use this code again if its at the expense of another site.

dagon

the $pageSpec in the function arguments is the page being accessed via curl the xxx.net is just the user agent being passed in the header, often faked

Simplyput

dagon;10978045 wrote:
the $pageSpec in the function arguments is the page being accessed via curl the xxx.net is just the user agent being passed in the header, often faked

So basically they used the xxx.net to test if curl was working properly before executing the rest of the functions and code. Do I have this right?

dagon

not exactly, when they request the page with curl they say that they are from xxx.net, a lie, but not a big issue (usually).

When you request a web page, say this one your browser says what link you clicked on to get here (not always); with curl you can lie and say any url you like; there are 'legitimate' reasons to do this that i wont go in to here.

possibly this script came from xxx.net so it wasn't a lie, the developer just didn't change it when he put it on your site. if its never called it may just be left over from an old project that was moved to your site and never cleaned up.

The short answer is, as far as I can tell this is a non-issue. :-)

Simplyput

Cool now that this is somewhat sorted now on to my next issue and thanks again.