Hello,

What I’m trying to do is access a Password protected URL using
Session/Cookies and to retrieve the resulting page. From the command line
this is easy. From what I’ve read from the Mailing List and the Manual
everything seems logical. Therefore I’m quite frustrated that I can’t
succeed doing the same thing using PHP, especially since I think I
understand it.

From the command line it looks like this:

curl -d "database=databaseName&agent_number=number&pswd=000000" –b cookies
-c cookies.txt -e https://secure.website.net/shop/logon.asp -i -v
https://secure.website.net/shop/main.asp
https://secure.website.net/shop/search.asp
?item=155

In PHP my code looks like this:

$ch = curl_init ();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
“database=databaseName&agent_number=number&pswd=000000");
curl_setopt($ch, CURLOPT_REFERER,
“https://secure.website.net/shop/logon.asp ");
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_URL, "https://secure.website.net/shop/main.asp ");
curl_setopt($ch, CURLOPT_URL,
" https://secure.website.net/shop/search.asp?item=155");

curl_exec ($ch);
curl_close ($ch);

VERIFYHOST & VERIFYPEER: These I assume I am doing correctly.

POSTFIELDS: these values are used for authentication purposes and are what a
Form at the REFERER location requires to login, as if navigating through a
browser. I know this works because if I remove the last URL and simply POST
to main.asp the script will successfully login and return the page.

REFERER: Set in an attempt to lead the final desired URL (search.asp) to
believe that the request started from the beginning (logon.asp)

HEADER: Set to retrieve the Header data which contains the very important
Session/Cookie that I need to send back on the subsequent and final request
(main.asp => search.asp)

COOKIEJAR: Separates the Cookie from the header to send with the
aforementioned request.

VERBOSE: Set to display what cURL is doing, which by the way does not work
in PHP for some reason, but was very useful when working from the command
line.

URL(1): The url that is a step before getting to search.asp as if navigating
through a browser.

URL(2): The url which should process a query based on the attached query
string and return a page with details about the appropriate “item”.

When I run the above script I get the following header along with the
infamous Object Moved page as illustrated by the second header.

HTTP/1.1 100 Continue
Server: Microsoft-IIS/5.0
Date: Fri, 21 Nov 2003 03:45:40 GMT
X-Powered-By: ASP.NET

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Fri, 21 Nov 2003 03:45:40 GMT
X-Powered-By: ASP.NET
Location: logon.asp
Content-Length: 121
Content-Type: text/html
Cache-control: private

I believe that for some reason the Cookie with the Session value is not
being sent to search.asp and thus, as can be seen from the second heade,r it
will send me back out to logon.asp. But from what I understand of the
documentation the cookies should be extracted from the header and sent upon
subsequent request. Can anyone tell me if there’s anything I am doing wrong
because I am for the moment totally stumped.

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca

-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
Received on 2003-11-21