tags:

views:

85

answers:

3
Q: 

How can I log in to remote site with PHP cURL, then redirect to that site

Hi,

I've seen this asked in several ways but can't find an answer that works.

I've created a page that logs into a remote .NET-based site using PHP/cURL. Works great as far as it goes -- I can get the data back from the logged-in page via curl_exec and do whatever with it but what I really need to do is to redirect the user to that page. Simply redirecting gives me a logged-out page on the remote site. I know the answer is in getting the cookie that's returned when cURL logs in, then passing it in a second call . . . somehow. I;m certain that someone must be doing this and can provide a working example. Please help -- this is driving me nuts!

Thanks,

Mark

A: 

If the site use cookies you could use cURL.

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, "User=$user&passwd=$passwd");
curl_setopt ($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_NOBODY, TRUE);

$header = curl_exec($ch);

if (preg_match("/set-cookie:(.*)\n", $header, $m)) {
  $cookies = preg_replace('/(expires|path|domain)=[^;]*;?/i', '', $m[1]);
  header("Cookies: " . $cookies);
  header("Location: $url");
}

this should work but I don't test it.

jcubic  2010-09-09 12:28:54
What is that? A Hollywood blockbuster scenario?
Col. Shrapnel  2010-09-09 12:59:54
Quite glib, old thing.
mpemburn  2010-09-09 20:00:07
+1  A: 

The problem is that the login will come from your PHP server, not from the end-user's IP address, so when you redirect the user, the site probably won't see them as logged in.

You can set do stuff like passing the cookie provided to the PHP server's login back to the end user, but if the redirected site is even slightly well-written, it won't fall for that.

If you have full control of both sites and they can access each-other's databases, you could write some back end code so the PHP server tells the .net site to expect the incoming user; that might work. But you'd need to do some back-end work in both systems.

If you don't have back-end access to the .Net site, then the only way I can see to do it would be to use the PHP site as a full proxy for the .Net site -- ie rather than doing a redirect, just display the output of the .net site directly via your PHP. This will have all kinds of other problems associated with it though.

Spudley  2010-09-09 12:48:30
What if curl denies cookies, thus forcing the site to pass the session id around in the url? Ofcourse this assumes the site doesn't require cookies enabled, and that it doesn't check for changed ips as it should.
Fanis  2010-09-09 12:52:39
I hate to hear that what I want to do isn't possible. CURL is saving valid cookie information on my server -- it matches the cookie that the remote site sends when you login in directly. So, I can't parse that up into appropriate format, set and send out in with a header("Cookies: " . $cookies); ?? Never say never.
mpemburn  2010-09-09 16:16:24
The inability to read/write cookies across different domains is a fundamental protection against cross site scripting attacks.
konforce  2010-09-10 08:01:15
A: 

No wonder you can't find an answer that works.
That's impossible.

Col. Shrapnel  2010-09-09 12:49:04

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases