PHP : send http post request but “Authentication failed”

Question

I'm trying to log in to a website, but receive an "Authentication failed" error, as if I were wrong using the username or password. The passed parameters are correct, including username and password, as I developed the same code in Java and it works. Am I making a mistake when sending the fields?

$cookies = array();
foreach ($http_response_header as $hdr) {
    if (preg_match('/^Set-Cookie:\s*([^;]+)/', $hdr, $matches)) {
        parse_str($matches[1], $tmp);
        $cookies += $tmp;
    }
}
$cookie= reset($cookies);

$request = array(
    'http' => array(
        'method' => 'POST',
        'timeout' => 0,
        'header'=> "Accept-language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3\r\n" .
            "Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n" .
            "User-Agent:    Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6\r\n" .
            "Cookie: ASP.NET_SessionId=".$cookie."\r\n",
        'content' => http_build_query(array(
            '__LASTFOCUS' => '',
            '__EVENTTARGET' => '',
            '__EVENTARGUMENT' => '',
            '__VIEWSTATE' => $viewstate,
            '__VIEWSTATEGENERATOR' => $viewstategenerator,
            'ctl00$hwsid' => $hwsid,
            'ctl00$PageSessionId' => $pagesessionid,
            'ctl00$DefaultUrl' => $defaulturl,
            'ctl00$GenericErrorUrl' => $genericerrorurl,
            'ctl00$PopupElement' => '',
            'ctl00$PollingTimeoutSecs' => $pollingtimeoutsecs,
            'ctl00$bodyContent$txtUser' => $user,
            'ctl00$bodyContent$txtPassword' => $password,
            '__CALLBACKID' => '__Page',
            '__CALLBACKPARAM' => '"hwsid="'.$hwsid.'"&PageSessionId="'.$pagesessionid.'"&DefaultUrl="'.$defaulturl.'"&GenericErrorUrl="'.$genericerrorurl.'"&PopupElement="'.'"&PollingTimeoutSecs="'.$pollingtimeoutsecs.'"&txtUser="'.$user.'"&txtPassword="'.$password,
            '__EVENTVALIDATION' => $eventvalidation,
            'ctl00$bodyContent$btnLogin' => 'Conferma'

        )),
    )
);

$context = stream_context_create($request);
$res= file_get_contents($url, false, $context);
echo htmlentities($res);

The working code used for the java is as follows:

cookies = initialResponse.cookies();

                initialResponse = Jsoup.connect(url+"Default.aspx")
                    .data("__LASTFOCUS", "")
                    .data("__EVENTTARGET", "")
                    .data("__EVENTARGUMENT", "")
                    .data("__VIEWSTATE", executionVal)
                    .data("__VIEWSTATEGENERATOR", vv1)
                    .data("ctl00$hwsid", a11)
                    .data("ctl00$PageSessionId", a22)
                    .data("ctl00$DefaultUrl", a33)
                    .data("ctl00$GenericErrorUrl", a44)
                    .data("ctl00$PopupElement", "")
                    .data("ctl00$PollingTimeoutSecs", a66)
                    .data("ctl00$bodyContent$txtUser", user)
                    .data("ctl00$bodyContent$txtPassword", pass)
                    .data("__CALLBACKID", "__Page")
                    .data("__CALLBACKPARAM", "hwsid="+a11+"&PageSessionId="+a22+"&DefaultUrl="+a33+"&GenericErrorUrl="+a44+"&PopupElement="+"&PollingTimeoutSecs="+a66+"&txtUser="+user+"&txtPassword="+pass)
                    .data("__EVENTVALIDATION", ltVal)
                    .data("ctl00$bodyContent$btnLogin", "Conferma") 
                    .cookies(cookies)
                    .userAgent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36")
                    .method(Method.POST)
                    .timeout(0)
                    .execute();
            }catch(UnknownHostException e){
                 JOptionPane.showMessageDialog(null, "No", "Turni", JOptionPane.ERROR_MESSAGE); 
                 System.exit(0);
            } catch (IOException e) {
                e.printStackTrace();
            }

            cookies.putAll(initialResponse.cookies());

            Document doc = null;
            try {
                doc = Jsoup.connect(u)
                  .cookies(cookies)
                  .get();

            } catch (IOException e) {
                e.printStackTrace();
            }

Answer 1

I suspect you are misusing reset() . It returns the value of the first array element. So if you're getting more than one cookie back, you could be in for problems. If you're looking for a specific cookie, you could do something like this:

// here's what we're looking for
$target = "ASP.NET_SessionId";

// filter the array
$cookies = array_filter(
    $http_response_header,
    function($v) use ($target) {return strpos($v, "Set-Cookie: $target=") === 0;}
);

if (!empty($cookies)) {
    // here we know we only have a single entry in the array
    $cookie = reset($cookies);
    $cookie = preg_replace("/.*=([^;]*)/", "$1", $cookie);
} else {
    // no cookies received!
    $cookie = "";
}

Really this is a lot more complicated than it needs to be though. Easiest thing to do would be to just take all the cookies and send them back in the second request:

$cookies = array_filter(
    $http_response_header,
    function($v) {return strpos($v, "Set-Cookie:") === 0;}
);
$headers = [
    "Accept-language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3",
    "Content-Type: application/x-www-form-urlencoded; charset=utf-8",
    "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6",
];
foreach ($cookies as $cookie) {
    $headers[] = preg_replace("/^Set-/", "", $cookie);
}

$request = [
    "http" => [
        "method" => "POST",
        "timeout" => 0,
        "header"=> $headers,
        "content" => "..."
];