cURL / Mailing Lists / curl-users / Single Mail


RE: login POST with php/libcurl

From: Joseph Glass <>
Date: Wed, 7 May 2003 12:02:47 -0400

Thank you for your response Daniel.

I'm confused as to how to do this. When I allow redirection, enable
cookies, and submit using post variables, I still get the same thing -
the login page just redisplays. See code below. I tried leaving out
the CURLOPT_COOKIE line because I don't think it belongs, but I get the
same results. The file /tmp/cookie output is below, it looks like it is
storing cookie data in the header, and storing session information in
the URL itself. Any help is greatly appreciated. Thank you again!

Joe Glass

$id = "username";
$pw = "password";
$postfields = "UserLogin=$id&UserPassword=$pw&press=login";
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 1); // Get the header
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // Allow redirection
curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookie");
curl_setopt($ch, CURLOPT_COOKIE, "/tmp/cookie");
curl_setopt($ch, CURLOPT_URL,
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "$postfields");


# Netscape HTTP Cookie File
# This file was generated by libcurl! Edit at your own risk. FALSE / FALSE 2137622400 CFID 1823564 FALSE / FALSE 2137622400 CFTOKEN 71042267

-----Original Message-----
[] On Behalf Of Daniel
Sent: Wednesday, May 07, 2003 3:21 AM
To: Curl Mailinglist
Subject: Re: login POST with php/libcurl

On Tue, 6 May 2003, Joe Glass wrote:

> With a browser, if I go to, then click on
> Directory", I am sent to a login page with the url
> So it appears a cookie is established.

Cookies are sent in the HTTP header and isn't visible in the URL. In my
this looks as if they DON'T use cookies and instead pass on
in the URL itself.

> I can then enter in the username and password and click login, and
> everything is dandy.

> I'm trying to automate this using PHP/libcurl. First, if I try to
> access this site on the command line using:
> curl -u username:passwd
> It doesn't work, the same login page is simply returned.

Yes, because it presents a HTML form for you to fill in, and then -u is
the right answer. Then you need to check the <DEFANGED_form> tags and
what variables
to pass on using -d etc.

You should probably also expect cookies to be used and follow redirects.

 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
This message has been 'sanitized'.  This means that potentially
dangerous content has been rewritten or removed.  The following
log describes which actions were taken.
Sanitizer (start="1052291857"):
  SanitizeFile (filename="unnamed.txt", mimetype="TEXT/PLAIN"):
    Match (rule="default"):
      Enforced policy: accept
  Note: Forms invoke complex, interactive elements of the operating
  system which may be buggy.  In addition, carefully crafted
  forms can be used to trick the user into performing attacks
  on his own network (thus avoiding firewalls).  References:
  Rewrote HTML tag: >>_form_<<
                as: >>_DEFANGED_form_<<
  Total modifications so far: 1
Anomy 0.0.0 :
$Id:,v 1.54 2002/02/15 16:59:07 bre Exp $
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
Received on 2003-05-07