cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Re: PHP - CURL - Custom authentication script

From: Michael Gawrychowski <mgawrych_at_excelmicro.com>
Date: Thu, 31 Mar 2011 10:22:18 -0400

On Wed, Mar 30, 2011 at 8:45 PM, David Colter <dolan2go_at_yahoo.com> wrote:

>
> Do you have Live Headers for your firefox session?
>
>
Sure, let me explain the way it works. Here is the form. It has few drop
down menus but only four of them are AJAX operated, so when you selected an
item from the first drop down, it would unlock the second drop down (and
load drop down elements) and so on.

Here is the form:

http://www.nerdalert.biz/OUTPUTS/form.png

Here are the outputs from each drop down selection:

http://www.nerdalert.biz/OUTPUTS/headers-when-first-dropdown-selected

http://www.nerdalert.biz/OUTPUTS/headers-when-second-dropdown-selected

http://www.nerdalert.biz/OUTPUTS/headers-when-third-dropdown-selected

http://www.nerdalert.biz/OUTPUTS/headers-when-fourth-dropdown-selected

and the headers when the form is submitted:

http://www.nerdalert.biz/OUTPUTS/headers-when-form-submitted-selected

> $headers[] = 'Connection: Keep-Alive';
> $headers[] = 'Content-type:
> application/x-www-form-urlencoded;charset=ISO-8859-1';
> $headers[] = 'Expect:';
>
>
> I see a few more things you could look at.
>
> You might try a different set of $headers. For example, I see firefox
> sending the below:
>
> $header_array[] = "Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
> $header_array[] = "Accept-Language: en-us,en;q=0.5";
> $header_array[] = "Accept-Encoding: gzip,deflate";
> $header_array[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
> $header_array[] = "Keep-Alive: 115";
> $header_array[] = "Connection: Keep-Alive";
>
>
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
preg_match("[com.salesforce.visualforce.ViewState\" value=\"(.*)\" ]U",
$content3, $result);
preg_match("[com.salesforce.visualforce.ViewStateMAC\" value=\"(.*)\" ]U",
$content3, $result1);
preg_match("[com.salesforce.visualforce.ViewStateCSRF\" value=\"(.*)\" ]U",
$content3, $result2);

$posts =
"com.salesforce.visualforce.ViewState=".urlencode($result[1])."&com.salesforce.visualforce.ViewStateMAC=".urlencode($result1[1])."&com.salesforce.visualforce.ViewStateCSRF=".urlencode($result2[1])."";

$header_array[] = "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1;
en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16";
$header_array[] = "Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
$header_array[] = "Accept-Language: en-us,en;q=0.5";
$header_array[] = "Accept-Encoding: gzip,deflate";
$header_array[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
$header_array[] = "Keep-Alive: 115";
$header_array[] = "Connection: Keep-Alive";
//.$header_array[] = 'Content-Type: application/x-www-form-urlencoded';
$header_array[] = 'Expect:';
curl_setopt($ch, CURLOPT_URL, "https://c.na4.visual.force.com/apex/NewCase
");
curl_setopt($ch, CURLOPT_REFERER,"Referer:
https://c.na4.visual.force.com/apex/NewCase?retURL=%2F500%2Fo&save_new=1&sfdc.override=1
");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);

curl_setopt($ch, CURLOPT_HTTPHEADER, $header_array);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $posts);
$verbose_file = 'xyz.txt';
$fp = fopen ( $verbose_file, 'w+' );
curl_setopt ( $ch, CURLOPT_VERBOSE, TRUE );
curl_setopt ( $ch, CURLOPT_STDERR, $fp );
fwrite ( $fp, "Post data sent: " . $posts . "\n\n" );
$content4 = curl_exec ($ch);
echo $content4;
print "<pre>\n";
print_r(curl_getinfo($ch)); // get error info
echo "\n\ncURL error number:" .curl_errno($ch); // print error info
echo "\n\ncURL error:" . curl_error($ch);
print "</pre>\n";
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

http://www.nerdalert.biz/OUTPUTS/changed_headers_result.png

> These I use exactly as Live Headers show firefox sending. Also, I don't
> think you need to declare the second on (your) above. curl will add that to
> the POST request (my experience).
>
> It might help to have this set, just in case the server's checking for
> robots.
> curl_setopt ( $ch1, CURLOPT_USERAGENT, $WEBBOT_NAME ); // Desire User
> agent string (copy firefox or IE)
>
> I did a test on the url you provided. The referer is changing from page to
> page or not even present.
>

Ok

On many occasions, I print out the Live Header content, the verbose output,
> and modify the script until they MATCH. Based on what I see, you are not
> matching the browser's request, and therefore the server is sending
> something you don't want. That's the point of the exercise with verbose
> output and Live Headers.
>
>
I've tried it many times already and when I copy the LiveHeader output it
works ok, but as soon as I replace one (or all )of the 3 variables (
com.salesforce.visualforce.ViewState,
com.salesforce.visualforce.ViewStateMAC,
com.salesforce.visualforce.ViewStateCSRF) with the ones extracted from the
page it starts to freak out.

> The POST string pulled from LiveHeaders works perfectly when pasted into
>>> my code, however when I replace the SUPER LONG variable (with the current
>>> one extracted from HTML) I get a system permission error.
>>>
>>
>> Are you encoding the string correctly?
>>
>
> The POST string must also MATCH.
>
> Unless you try to match the (entire) output of curl with the browser's
> request headers and then compare response headers, it might take a very long
> time to complete this. You might also want to reread my first (or second)
> reply with regard to curl and followlocation.
>

I don't quite understand this part. What do you mean by this? "The POST
string must also MATCH."

>
>

Thank you very much for your patience.

M.

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2011-03-31