stackoom
  简体   繁体   中英

Curl HTTP Post Login and Redirect

 原文  2014-06-09 10:59:24       php/ redirect/ cookies/ curl

Question

I am trying to create a page to log in to a local router automatically. I am using CURL currently to log in to the page and authenticate. This part of the the code appears to be working correctly. The issue I am having is that once CURL has authenticated, I need to then redirect the user to this page so that they can navigate, however, I will also need to use the cookies collected by CURL.

Here is my code as it stands at the moment 

$data = array(
'username' => 'admin',
'password' => 'admin',
);
$ch = @curl_init();
curl_setopt($ch, CURLOPT_URL,'http://192.168.69.1:65080/login.cgi');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,$data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'public_html/cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'public_html/cookie.txt');

$result = curl_exec ($ch);
$info = curl_getinfo($ch);
curl_close ($ch); 

print_r($result);
print_r($info);


//Working until this point
preg_match('/^Set-Cookie:\s*([^;]*)/mi', $result, $m);
parse_str($m[1], $cookies);

foreach($cookies as $key=>$cookie)
{
     setcookie($key, $cookie, time() + 60*60*24*30, '/');
}

header("location:".$info['redirect_url']);

As you can see I found a snippet to loop through the $result info and then set them as cookies before redirecting, however, this is not working correctly and I am redirected to the login page not the index page.

If I do a further call before I close CURL, using the redirect url as the url, I do get a partial print of the index page, however, the important images etc are not displayed. But I need to be able to access the page and navigate rather than simply printing the page.

Here is a print of $result 

HTTP/1.1 302 Found
Location: /index.cgi
Set-cookie: show_security_warning=deleted; expires=Sunday, 09-Jun-13 10:54:00 GMT
Set-cookie: ui_language=en_US; expires=Tuesday, 19-Jan-38 03:14:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 09 Jun 2014 10:54:01 GMT
Server: lighttpd/1.4.31

Here is a print of $info 

Array
(
    [url] => http://192.168.69.1:65080/login.cgi
    [content_type] => text/html
    [http_code] => 302
    [header_size] => 314
    [request_size] => 251
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.484
    [namelookup_time] => 0
    [connect_time] => 0
    [pretransfer_time] => 0
    [size_upload] => 255
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 526
    [download_content_length] => -1
    [upload_content_length] => 255
    [starttransfer_time] => 0
    [redirect_time] => 0
    [certinfo] => Array
        (
        )

    [redirect_url] => http://192.168.69.1:65080/index.cgi
)

Here is my cookie.txt 

# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

192.168.69.1    FALSE   /   FALSE   0   AIROS_SESSIONID d19e097a07b7b76fd7d90267a8e1f4d2
192.168.69.1    FALSE   /   FALSE   1370775278  show_security_warning   deleted
192.168.69.1    FALSE   /   FALSE   2147483647  ui_language en_US

Finally here is a print of $cookies 

Array
(
    [show_security_warning] => deleted
)

If anyone can point me in the right direction of how to achieve the next step, I would be most grateful.

1 answers

solution1
 1 ACCPTED  2014-06-11 14:30:54

I'm not sure your strategy will ever be sucessfull.

Curl is working as a web client. It means Curl and your web browser are probably seen as distinct hosts by the router. 

[CLIENT (WEB BROWSER)] ---HTTP---> [PHP WEBSERVER]
                                   [CURL] ---HTTP---> [ROUTER (WEBSERVER)]

PHP has a particular behaviour : it stores sessions in files whose name depends on the session id cookie value only, so it is (or was ... I dont know all versions of PHP) possible to steal a session by capturing the session cookie / cloning the cookie values.

Not all CGI libs are doing the same. I believe your router has a safer session storage method, as it should be expected from a security dedicated device (for example a key based on the client IP and the session cookie value). In this case your method is useless.

You'd better to use a javascript based form (in order to post the id/password) and maybe an iframe requesting the router login page before (in order to initialize the routers cookie values). Using a javascript form will show the credentials to your user which is probably not what you want

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question CURL POST Login and Redirect appears to not be working php curl post redirect HTTP post by CURL - PHP Curl HTTP Post Issue Authenticating Curl HTTP Post PHP Curl login with redirect not working PHP Curl - Redirect after login vBulletin Curl login redirect not working CURL Login and then redirect using curl array method CURL (PHP) and redirect after POST
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM