I am trying to create a page to log in to a local router automatically. I am using CURL currently to log in to the page and authenticate. This part of the the code appears to be working correctly. The issue I am having is that once CURL has authenticated, I need to then redirect the user to this page so that they can navigate, however, I will also need to use the cookies collected by CURL.
Here is my code as it stands at the moment
$data = array(
'username' => 'admin',
'password' => 'admin',
);
$ch = @curl_init();
curl_setopt($ch, CURLOPT_URL,'http://192.168.69.1:65080/login.cgi');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,$data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'public_html/cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'public_html/cookie.txt');
$result = curl_exec ($ch);
$info = curl_getinfo($ch);
curl_close ($ch);
print_r($result);
print_r($info);
//Working until this point
preg_match('/^Set-Cookie:\s*([^;]*)/mi', $result, $m);
parse_str($m[1], $cookies);
foreach($cookies as $key=>$cookie)
{
setcookie($key, $cookie, time() + 60*60*24*30, '/');
}
header("location:".$info['redirect_url']);
As you can see I found a snippet to loop through the $result
info and then set them as cookies before redirecting, however, this is not working correctly and I am redirected to the login page not the index page.
If I do a further call before I close CURL, using the redirect url as the url, I do get a partial print of the index page, however, the important images etc are not displayed. But I need to be able to access the page and navigate rather than simply printing the page.
Here is a print of $result
HTTP/1.1 302 Found
Location: /index.cgi
Set-cookie: show_security_warning=deleted; expires=Sunday, 09-Jun-13 10:54:00 GMT
Set-cookie: ui_language=en_US; expires=Tuesday, 19-Jan-38 03:14:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 09 Jun 2014 10:54:01 GMT
Server: lighttpd/1.4.31
Here is a print of $info
Array
(
[url] => http://192.168.69.1:65080/login.cgi
[content_type] => text/html
[http_code] => 302
[header_size] => 314
[request_size] => 251
[filetime] => -1
[ssl_verify_result] => 0
[redirect_count] => 0
[total_time] => 0.484
[namelookup_time] => 0
[connect_time] => 0
[pretransfer_time] => 0
[size_upload] => 255
[size_download] => 0
[speed_download] => 0
[speed_upload] => 526
[download_content_length] => -1
[upload_content_length] => 255
[starttransfer_time] => 0
[redirect_time] => 0
[certinfo] => Array
(
)
[redirect_url] => http://192.168.69.1:65080/index.cgi
)
Here is my cookie.txt
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
192.168.69.1 FALSE / FALSE 0 AIROS_SESSIONID d19e097a07b7b76fd7d90267a8e1f4d2
192.168.69.1 FALSE / FALSE 1370775278 show_security_warning deleted
192.168.69.1 FALSE / FALSE 2147483647 ui_language en_US
Finally here is a print of $cookies
Array
(
[show_security_warning] => deleted
)
If anyone can point me in the right direction of how to achieve the next step, I would be most grateful.
I'm not sure your strategy will ever be sucessfull.
Curl is working as a web client. It means Curl and your web browser are probably seen as distinct hosts by the router.
[CLIENT (WEB BROWSER)] ---HTTP---> [PHP WEBSERVER]
[CURL] ---HTTP---> [ROUTER (WEBSERVER)]
PHP has a particular behaviour : it stores sessions in files whose name depends on the session id cookie value only, so it is (or was ... I dont know all versions of PHP) possible to steal a session by capturing the session cookie / cloning the cookie values.
Not all CGI libs are doing the same. I believe your router has a safer session storage method, as it should be expected from a security dedicated device (for example a key based on the client IP and the session cookie value). In this case your method is useless.
You'd better to use a javascript based form (in order to post the id/password) and maybe an iframe requesting the router login page before (in order to initialize the routers cookie values). Using a javascript form will show the credentials to your user which is probably not what you want
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.