POST in cURL lib with PHP isn't sending

Question

I'm trying to send POSTDATA via cURL with PHP and i think post isn't sending

$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_URL, $url);
$t = curl_exec($ch);

Don't know why, but i'm trying to login in a page and when i dump $t, i always see the form, curl_error is empty, what can i do to debug this? the page trying to login isn't mine!

---

I have a local form emulating cURL and its OK:

<form action="$url" method="POST">
  <input type="hidden" name="username" value="$uspw" />
  <input type="hidden" name="password" value="$uspw" />
  <input type="submit" value="Send" />
</form>

It login in the $url! Here is the $data i send to POSTFIELDS in cURL

$data = array('username' => $uspw,
              'password' => $uspw);

Yes.. the user and password is the same

---

Headers received:

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Date: Sun, 25 Nov 2012 05:23:19 GMT
Server: Apache
Cache-Control: no-cache="set-cookie"
Content-Length: 4822
Set-Cookie: SESSIONID_portalApp=xxxxxx!-xxx!xxx; path=/
Content-Language: en
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Type: text/html; charset=ISO-8859-1

and after this i receive all the form, again...

---

$data = array('username' => $uspw,
    'password' => $uspw);


$header = array('Origin: xxx',
        'Content-Type: application/x-www-form-urlencoded',
        'Connection: keep-alive',
        'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3',
        'Cache-Control: max-age=0',
        'Except:',
        'Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
        'Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3',
        'Accept-Encoding:gzip,deflate,sdch',
        'Accept-Language:es-ES,es;q=0.8',
        );

$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_FORBID_REUSE, 0);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, 0);
curl_setopt($ch, CURLOPT_AUTOREFERER, 1);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11");
curl_setopt($ch, CURLOPT_COOKIEJAR, 'xxx.txt');
curl_setopt($ch, CURLOPT_REFERER, 'xxxx');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_URL, $url);
$t = curl_exec($ch);

Thank You!

Answer 1

It looks like you're trying to login to a third party system without a browser.

It's extremely likely that this isn't working because you're not doing something that it expects, which is establishing a session cookie. Though you might be logging in correctly , the remote site is probably showing you the form again because nothing in your cookie is telling it to do otherwise upon redirection. The headers explain this:

Set-Cookie: SESSIONID_portalApp=xxxxxx!-xxx!xxx; path=/

Create a cookie file for cURL to use (using something like tempnam() ) and tell cURL where it lives using the CURLOPT_COOKIEJAR directive. You could also grab an existing cookie from your browser and try, as an additional way to troubleshoot.

Add this prior to initializing cURL:

$cookieFile = tempnam('/dev/shm', 'curlCookie_'); 

Then tell cURL to use it:

curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFile);

I suggested /dev/shm because it's obliterated across reboots, you could create it anywhere you have the ability to do so. Just take care to remove them when no longer needed. You can also change the prefix to make the individual files easier to associate with individual requests (timestamp, PID, etc), handy for debugging.

Also make sure that you set the user agent string to something known to be acceptable to the remote site. Remember, it expects a browser - so you have to be sure you behave like one. Setting CURLOPT_FOLLOWLOCATION true is probably a good idea, as suggested in comments.

If that doesn't work, do the action normally in a browser and look at the pages closely. It could be that JS is required in order for a session to be properly constructed .. at which point you're kind of out of luck just using cURL.

Answer 2

Visit the form page and then, with same curl resource do a post request. Also, add the following settings:

curl_setopt($ch, CURLOPT_FORBID_REUSE, 0);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, 0);
curl_setopt($ch, CURLOPT_AUTOREFERER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "valid user agent");