authentication - PHP CURL POST get authenticated and send POST request after redirect by CURLOPT_FOLLOWLOCATION -
in order create new user on website need send post request url:
https://wifinext.internavigare.com/prepagataanagrafica/creautente/
sending fields "prepagata_codice=[chosen username]" , "prepagata_password=[chosen password]"
the page need send post request need authentication , redirect login page.
i use following code i'm not able authenticated, instead i'm redirected login page.
my question how can handle authentication after redirect , send post request?
i have try i'm not able found solution, please appreciated.
// set url page send post request create new user $url = "https://wifinext.internavigare.com/prepagataanagrafica/creautente/"; // set username , password authentication $username = 'myuser'; $password = 'mypassword'; // create new curl resource $ch = curl_init($url); # set curl options. $options = [ curlopt_cookiefile => 'cookies.txt', curlopt_cookiejar => 'cookies.txt', curlopt_returntransfer => 1, curlopt_followlocation => 1, curlopt_ssl_verifypeer => 0, curlopt_ssl_verifyhost => 0, curlopt_userpwd => $username . ":" . $password, curlopt_post => 1, curlopt_postfields => "prepagata_codice=" . $_get[user] . "&prepagata_password=" . $_get[pass] ]; curl_setopt_array($ch, $options); // request $response = curl_exec($ch); // status code $statuscode = curl_getinfo($ch, curlinfo_http_code); // show statuscode , response echo $statuscode; echo $response; // close curl curl_close($ch); thankyou answer. able login sending fields , not using curlopt_userpwd. maybe not clear in question. url posted in question not login used add new wifi user on system. prepagata[code] , prepagata[password] fields expected in page indicated url in order add new user. have achive login following code:
$url = "https://wifinext.internavigare.com/usergroups/"; // set username , password authentication $username = 'myuser'; $password = 'mypassword'; // create new curl resource $ch = curl_init($url); # set curl options. $options = [ curlopt_cookiefile => 'cookies.txt', curlopt_cookiejar => 'cookies.txt', curlopt_returntransfer => 1, curlopt_followlocation => 1, curlopt_ssl_verifypeer => 0, curlopt_ssl_verifyhost => 0, curlopt_userpwd => $username . ":" . $password, curlopt_post => 1, curlopt_postfields => "usergroupsuser[username]=" . $username . "&usergroupsuser[password]=" . $password ]; but when send next post request url $url = "https://wifinext.internavigare.com/prepagataanagrafica/creautente/";
with code:
$user = $_get[user]; $pass = $_get[pass]; $url = "https://wifinext.internavigare.com/prepagataanagrafica/creautente/"; $ch = curl_init($url); $options = [ curlopt_cookiefile => 'cookies.txt', curlopt_cookiejar => 'cookies.txt', curlopt_returntransfer => 1, curlopt_followlocation => 1, curlopt_ssl_verifypeer => 0, curlopt_ssl_verifyhost => 0, curlopt_userpwd => $username . ":" . $password, curlopt_post => 1, curlopt_postfields => "prepagata[codice]=" . $user . "&prepagata[password]=" . $pass ]; curl_setopt_array($ch, $options); i'm redirected page add new user user not added.
they don't use login scheme natively supported curl, can drop part curlopt_userpwd => $username . ":" . $password - @ best, waste of bandwidth, @ worst, it'll confuse web server , refuse log in.
quote: sending fields "prepagata_codice=[chosen username]" , "prepagata_password=[chosen password]" - no, that's not @ i'm getting. in tests, fields are
$params = array ( 'usergroupsuser' => array ( 'username' => $username, 'password' => $password, 'rememberme' => 0 ), 'yt0' => 'login' ); and easiest way handle http redirects, enable curlopt_followlocation, that, curl handle http redirects automatically. in tests, login post url https://wifinext.internavigare.com/usergroups, not https://wifinext.internavigare.com/prepagataanagrafica/creautente/
also possible trying protect against csrf attacks validating referrer header, refusing log in if wrong, easiest way around enable curlopt_autoreferer , make normal request login page first.
also, probably need cookie session before attempting login, easiest way that, set curlopt_cookiefile, curl handle cookies automatically.
and definitely need handle cookies in order stay logged in - cookie tied login. if don't send cookie next request after logging in, server won't remember login, , send login page again. enable cookies.
and protip, whenever you're debugging curl code, enable curlopt_verbose , prints lots of useful debugging info, http status codes, , redirects received.
also, check return type of curl_setopt_array! if there problem setting of settings, returns bool(false), , should use curl_error() find error.
also, in code, don't urlencode $_get[user] / $_get[password], if contain characters special meanings in urlencoded format, you'll send wrong credentials , won't logged in (this includes &,=,@, spaces, , many other characters), urlencode them.
here's example logging in, using hhb_curl https://github.com/divinity76/hhb_.inc.php/blob/master/hhb_.inc.php , convenience wrapper around curl_, taking care of cookies, response body file, verbose debugging info files, referrer header, checking return type of curl_setopt_array & throwing exception if options not set, etcetc:
<?php declare(strict_types = 1); require_once ('hhb_.inc.php'); $username = '???'; $password = '???'; $url = 'https://wifinext.internavigare.com/usergroups'; $hc = new hhb_curl ( $url, true ); $hc->exec (); // getting referer, , cookie session $hc->setopt_array ( array ( curlopt_post => true, curlopt_postfields => http_build_query ( array ( 'usergroupsuser' => array ( 'username' => $username, 'password' => $password, 'rememberme' => 0 ), 'yt0' => 'login' ) ) ) ); $hc->exec ( $url );//actually logging in. hhb_var_dump ( $hc->getstderr (), $hc->getresponsebody () ); (with real $username / $password, able log in)
Comments
Post a Comment