On Thu, 21 Nov 2002, James wrote:

> I am trying to log into a secure site and then move to another page and add
> an item to a shopping basket as part of an automated procedure.

Welcome to the fun world of HTTP scripting.

> Log in is ok but when trying to then move to another https page I find that
> I am rejected and need to log in again. I suspect its something to do with
> the cookies not being passed. Any light would be greatly appreciated.

The tricky part is that it can be any of many reasons. The script in the
other end may check referer, user-agent, cookies and whatever more or less
clever things they can think of to detect non-normal browsers and then
rejecet your request.

I often find that the quickest way to success is to "look like" an ordinary
browser as good as possible already from the start. Fill in referer, use a
user-agent that you know is accepted and most important: make sure you always
read and pass back cookies properly.

Also, I always do this:

1. Fire up mozilla. Erase all cookies. Perform the operation you wanna
   automate. Check the cookies stored now. You should have the same set of
   cookies when you're done with the curl job.

2. Ethereal (or similar) is your friend. OK, dealing with SSL is a pain, but
   recording a full browser-based session is *excellent* to understand
   exactly what's happening and often is the easiest way to reproduce
   next-to identical requests.

> Running latest php,curl,apache on win xp.
>
> $cookie = "c:/directory/this_cookie.txt";
> $data="";
> $ch=curl_init('https://www.secure.asp');
> if (!$ch){
> die(sprintf('Error [%d]: %s',curl_errno($ch),curl_error($ch)));
> }
> $id="myid";
> $pass="pass";
> $submit="USERID=$id&password=$pass";
> curl_setopt($ch,CURLOPT_POST,1);
> curl_setopt($ch,CURLOPT_POSTFIELDS,$submit);
> curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
> curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
> curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie);
> curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE
> 5.01; Windows NT 5.0)");
> curl_setopt($ch,CURLOPT_HEADER,1);
> $data=curl_exec($ch);
> if (!$data){
> die(sprintf('Error [%d]: %s',curl_errno($ch),curl_error($ch)));
> }
> curl_close($ch);
> //echo $data;
> //exit;
> //////////////// if I drop out here I am logged in.
> //unset($ch);
> ?>

At this point, I presume you have a neat set of cookies in the cookiejar
file?

> <?php // second stage
> $data="";
> $ch=curl_init('https://www.secure/another_page.asp');
> if (!$ch){
> die(sprintf('Error [%d]: %s',curl_errno($ch),curl_error($ch)));
> }
> $quantity1=1;
> $i=0;
> $stuff[$i]="book-01";
> $quantity1=1;
> $submit=""
> ."Code1=".$stuff[$i]
> ."&quantity1=".$quantity1
> ."&Source=FastOrder&submit1.x=0&submit1.y=0"; // order to put in basket
> curl_setopt($ch,CURLOPT_POST,1);
> curl_setopt($ch,CURLOPT_POSTFIELDS,$submit);
> curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
> curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
> curl_setopt($ch, CURLOPT_COOKIEFILE,$cookie);
> curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie);
> curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE
> 5.01; Windows NT 5.0)"); //
> curl_setopt($ch,CURLOPT_HEADER,1);
> $data=curl_exec($ch);
> if (!$data){
> die(sprintf('Error [%d]: %s',curl_errno($ch),curl_error($ch)));
> }
> curl_close($ch);
> echo $data;

Are you sure you haven't missed a form data in the post? Sometimes the main
page do obfuscated javascript magic to fill in form fields that are later
checked for to detect and reject non-javascript browsers. Also, try passing
on a referer to the URL from which you are supposed to fill in this post.

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf