Issue FORM POST Request From PHP using HTTP Basic Authentication

Question

I hope this is a relatively straight forward thing to do, and that my google skills have simply failed me on this occasion. I have a BASIC authentication protected resource which I want to have PHP perform a POST HTTP request against.

I have tried injecting Authentication: Basic (encrypted u/p data) into the headers which didn't appear to work - so I wonder, can the powers of Greyskull i mean StackOverflow provide any guidance.

$req .= "&cmd=_initiate_query";
$header = "POST /someendpoint HTTP/1.1\r\n".
     "Host:example.com\n".
     "Content-Type: application/x-www-form-urlencoded\r\n".
     "User-Agent: PHP-Code\r\n".
     "Content-Length: " . strlen($req) . "\r\n".
     "Connection: close\r\n\r\n";
$fp = fsockopen ('ssl://example.com', 443, $errno, $errstr, 30);
if (!$fp) {
    // HTTP ERROR
} else {
    fputs ($fp, $header . $req);
    while (!feof($fp)) {
     $result .= fgets ($fp, 128);
    }
    fclose ($fp);
}

Answer 1

Here's a function I use to perform POST requests. Hopefully it can do what you want:

function http_post($server, $port, $url, $vars) {

// get urlencoded vesion of $vars array 
$urlencoded = ""; 

foreach ($vars as $Index => $Value) 
 $urlencoded .= urlencode($Index ) . "=" . urlencode($Value) . "&"; 

$urlencoded = substr($urlencoded,0,-1);  

$headers = "POST $url HTTP/1.0\r\n" 
. "Content-Type: application/x-www-form-urlencoded\r\n" 
. "Content-Length: ". strlen($urlencoded) . "\r\n\r\n"; 

$fp = fsockopen($server, $port, $errno, $errstr, 10); 
if (!$fp) return "ERROR: fsockopen failed.\r\nError no: $errno - $errstr"; 

fputs($fp, $headers); 
fputs($fp, $urlencoded); 

$ret = ""; 
while (!feof($fp)) $ret .= fgets($fp, 1024); 

fclose($fp); 
return $ret; }

And here's an example of me using it to forward on the POST variables to an API

$response = http_post("www.nochex.com", 80, "/nochex.dll/apc/apc", $_POST);

Answer 2

Using:

$header = "POST /someendpoint HTTP/1.1\r\n".
        "Host:example.com\n".
        "Content-Type: application/x-www-form-urlencoded\r\n".
        "User-Agent: PHP-Code\r\n".
        "Content-Length: " . strlen($req) . "\r\n".
        "Authorization: Basic ".base64_encode($username.':'.$password)."\r\n".
        "Connection: close\r\n\r\n";

Should work - are you sure it is a Basic authentication system? It may be worth watching the raw header data using something like CharlesProxy to ensure it is an authentication (and you'll be then able to copy the authorization string as well!).