开发者

PHP cURL into authenticated site when already logged in

So I have a script that gets passed a URL as a get param, and consequently tries to write the contents of that page to a file. On non-authenticated pages, it works fine, but it breaks when I try to use it on pages that require authentication.

Specifically, these are pages that I have already logged in to, so I assumed making a standard cURL request with all my currently set cookies would work, but it doesn't. Initially, I receive a 302 response, but if I set 'FOLLOWLOCATION' to true, I end up at the site's log-in page instead of the page I wanted.

$client = curl_init();

//curl_setopt($client, CURLOPT_HEADER, true);
curl_setopt($client, CURLOPT_RETURNTRANSFER, true);
curl_setopt($client, CURLOPT_FOLLOWLOCATION, true); 
curl_setopt($client, CURLOPT_URL, $pageToLoad);     

/* Supposedly libcurl loads all cookies auto-magically if you don't set CURL_COOKIESESSION
if (isset($_SERVER['HTTP_COOKIE'])) {
  curl_setopt($client, CURLOPT_COOKIE, $_SERVER['HTTP_COOKIE']);
}
*/

$response = curl_exec($client);
curl_close($client);

I have the sinking feeling that I'll need to set a cookiejar file for this to work ('sinking', because my script doesn't have write permissions on the dev server), but what are your thoughts?

EDIT: So, being sort of an idiot, turns out I do have some write access... anyway, made a temp folder in my home directory, where I've verified my script can write:

$fname = '/home/temp/cookies.txt';
if( $save = fopen($fname, 'w') ) {
  fwrite($save, 'testing');
}

Run the script, and low and behold, 'testing' shows up on line one.

I've added the following 2 lines to my cURL request:

curl_setopt($ch, CURLOPT_COOKIEJAR, '/home/temp/cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, '/home/temp/cookies.txt');

And nothing has changed in my scenario. The cookies.txt file still just says 'testing' and doesn't have any cookies stored in it, nor does 开发者_StackOverflow社区the 'last access' time change, which to me means these lines aren't doing anything.

Any further thoughts? I'm kinda stumped :\


Yes, you'll need both the CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR options set. the 'file' version is where to load cookies from. the jar is where cookies should be saved when the curl object is terminated. They can be the same file.

If you don't have write permissions on the server to create an actual file (very odd if you didn't have at least write perms on /tmp or equivalent), you can use a memory file using the php://memory wrapper.


Here's my beloved pattern for tasks like this:

$loginUrl = 'http://www.remote_site.de/login.php';
$loginFields = array('username' => 'username', 'password' => 'password');

getUrl($loginUrl, 'post', $loginFields); 
//now you're logged in and a session cookie was generated

$remote_page_content = getUrl('http://www.remote_site.de/some_page.php');


  function getUrl($url, $method='', $vars='') {
    $ch = curl_init();
    if ($method == 'post') {
      curl_setopt($ch, CURLOPT_POST, 1);
      curl_setopt($ch, CURLOPT_POSTFIELDS, $vars);
    }
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
    curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
    $buffer = curl_exec($ch);
    curl_close($ch);
    return $buffer;
  }


So I took out the raw cURL code I had and copied in some Zend specific code from a different project, and that seemed to work for the most part (not really sure why...). The only other problems I've run into deal with CoSign (http://cosign.sourceforge.net/) and using proxy cookies. Thanks to those who offered answers!

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜