0

I was trying to login to a site using the PHP Curl library. Even though i have ben successfully logged in, i cant seem to access any other pages beyond the login page. Now i know there could be some issue with cookies but trust me, ive tried all possible combinations with COOKIEJAR and COOKIEFILE. I needed some help with analyzing this set of LiveHTTPHeaders info. Im worried about the post fields- particularly the Login.x and the Login.y. They seem to change on every login. Could that be an issue? How do i figure out the way a random integer is being assigned to this value? Also, are more than 1 cookies being added? If so, how do i incorporate that into curl? Do i use one COOKIEJAR, multiple or name number of cookies in a single statement..

Ive pasted the Headers below-

http://amizone.net/Amizone/default.aspx POST /Amizone/default.aspx HTTP/1.1 Host: amizone.net User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Connection: keep-alive Referer: http://amizone.net/ Cookie: ASPSESSIONIDSSBCDQAQ=FJHPMILBALMDGIFEOOOBNFHI Content-Type: application/x-www-form-urlencoded Content-Length: 55 username=1596681&password=CENSORED&Login.x=14&Login.y=15

I will only post the cURL code if needed.

LiveHTTPHeaders info for HOME PAGE:

GET /amizone/default.aspx HTTP/1.1 Host: amizone.net User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Connection: keep-alive

LiveHTTPHeaders info for LOGIN: ** Shown on top. No changes.

LiveHTTPHeaders info for ANY PAGE ACCESS AFTER LOGIN--

GET /amizone/WebForms/TimeTable/StudentTimeTableForWeek.aspx HTTP/1.1 Host: amizone.net User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Connection: keep-alive Referer: http://amizone.net/amizone/WebForms/Home.aspx Cookie: ASP.NET_SessionId=hn5mfsre0y3b1l45nxlgzr55; UserId=127953D3849DEF71FB6CF9F55DD3BBADE48E686D24ADC87923FB6C60077ECC0362AB0C5A9C4DF194461C348DBAE6FEC861827F886FE2C17EA79155500CA4FC04EE897B7658A59DA2F286F2436F6EDD07BE2DD7DD829798F4C81ABAEFEE400B3A71078A74BF1C169BF1DA2865CC9E5968FF26ED7D; countrytabs=0; countrytabsRT=0; countrytabsRB=0

***Notice how multiple cookies are sent in this case (i think). How should my cookiejar and cookiefile commands change?

Improve this question
4
  • curl_setopt(CURLOPT_COOKIE, "name1=value1;name2=value2"); Commented Sep 17, 2011 at 18:20
  • Ok, so im guessing these are the contents of the cookie. So i dont need to use cookiejar and cookiefile? Commented Sep 17, 2011 at 18:27
  • 1
    Can you show your current curl code that isn't working? a combo of cookiefile and cookiejar should work. The x and y for the login is just the coordinates of the button your are clicking, they are probably not checked for anything, but you can use rand() to get random values for it Commented Sep 17, 2011 at 19:25
  • @drew: thanks fr clearing up the x y coordinate issue. I think youre right abt tht. As far as the curl code, im still not able to do it properly.. Ive posted about this before also.. stackoverflow.com/questions/7299155/php-curl-help-needed Commented Sep 18, 2011 at 19:12

2 Answers 2

Reset to default
1

When recording a session it is important that you first flush all cookies and then make sure you note when cookies are set by the server.

Very often, the required cookies are set in the login page or another page that the browser loads first, and then when you POST to the particular URL the previously set cookies must be passed on.

So, the attached trace is insufficient.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thnx for replying... i read your post on curl.haxx.se and you have mentioned that. Ill keep tht in mind n check all cookies throughly.
1

This cURL code has been sufficient for me in the past to maintain login sessions by storing cookies:

$ch = curl_init('https://somesecureurl.com/login/account'); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_ENCODING, 'gzip, deflate'); curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/hmcookies.txt'); // cookies in this file are sent by curl with the request curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/hmcookies.txt'); // upon completing request, curl saves/updates any cookies in this file $data = curl_exec($ch);

Other things to ensure, the cookiejar file is writable by the webserver, or it has the permission to create the file.

As also stated by Daniel, some sites may require that you first visit a login page to get some initial cookies set, and then post the login form. So your requests may go:

Request login page Post to login form Try to access protected page
Improve this answer

8 Comments

hey thanks a lot! ive seen the headers sent for the homepage etc... Ive edited the post. Can you plz chk it now n tell me what im missing out on.. Im using almost the exact curl code uve given.
The cookie jar will hold all the cookies given by a particular site, whether it is 1 or 100, you shouldn't have to change anything in relation to that. Still no luck though? Can you maybe put some code on pastebin?
Your code worked okay for me, I made only changes to the URL's and was able to log into one of my sites just fine. You may just want to remove the CURLOPT_COOKIESESSION line if you are trying to persist the login across multiple requests. That tells curl to ignore previous cookies it had set (effectively logging you out). But with no changes to your code except URLs, I was able to log into a site. Maybe check the /tmp/hmcookies.txt file and see what it contains. Also verify that /tmp exists and is writable by your user.
i removed the cookiesession line and it still logs me off! Also, no cookie file is stored in the tmp folder.. Its empty. (i HAVE given the tmp folder 777 access).
Try capturing the output from the login post request and see what output you get. You may need to turn followlocation off in that request, but if the login is failing, either way you should see that in your output.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.