tags:

views:

698

answers:

4
+2  Q: 

curl sending GET instead of POST

Actually, it's gotten so messy that I'm not even sure curl is the culprit. So, here's the php:

$creds = array(
    'pw' => "xxxx",
    'login' => "user"
    );

$login_url = "https://www.example.net/login-form"; //action value in real form.
$loginpage = curl_init();

curl_setopt($loginpage, CURLOPT_HEADER, 1);
curl_setopt($loginpage, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($loginpage, CURLOPT_URL, $login_url);
curl_setopt($loginpage, CURLOPT_POST, 1);
curl_setopt($loginpage, CURLOPT_POSTFIELDS, $creds);

$response = curl_exec($loginpage);
echo $response;

I get the headers (which match the headers of a normal, successful request), followed by the login page (I'm guessing curl captured this due to a redirect) which has an error to the effect of "Bad contact type".

I thought the problem was that the request had the host set to the requesting server, not the remote server, but then I noticed (in Firebug), that the request is sent as GET, not POST.

If I copy the login site's form, strip it down to just the form elements with values, and put the full URL for the action, it works just great. So I would think this isn't a security issue where the login request has to originate on the same server, etc. (I even get rid of the empty hidden values and all of the JS which set some of the other cookies).

Then again, I get confused pretty quickly.

Any ideas why it's showing up as GET, or why it's not working, for that matter?

+1  A: 

The request is made from the server, and will not show up in Firebug. (You probably confused it with another request by your browser). Use wireshark to find out what really happens. You are not setting CURLOPT_FOLLOWLOCATION; redirects should not be followed.

Summarizing: Guess less, post more. Link to a pcap dump, and we will be able to tell exactly what you're doing wrong; or post the exact output of the php script, and we might.

phihag  2009-06-05 12:01:49
Thanks for the heads up. When I did an almost identical curl_exec to another server, I saw a POST (with the form values I set), so I thought firebug (in the Net tab) was accurate. Just to be sure, I use wireshark on my local machine? I'm guessing no since the request is server-side. How do I configure it for the server?
Anthony  2009-06-05 15:22:43
@Anthony wireshark has to be run either on the machine php is running on or the one you're sending the request to. If wireshark is not installed there, look for tcpdump. I'm quite interested in curl-related stuff, so if you have further questions that don't fit into this box, don't hesitate to contact me via IM or email (See my profile for addresses).
phihag  2009-06-05 18:36:20
+1  A: 

The shown code does a multipart formpost (since you pass a hash array to the POSTFIELDS option), which probably is not what the target server expects.

Daniel Stenberg  2009-06-06 21:29:47
A: 

try throwing in a print_r(curl_getinfo($loginpage)) at the end, see what the header data it sent back as.

also, if your trying to fake that your logging in from their site, your going to want to make sure your sending the correct referrer with your post, so that they "think" you were on the website when you sent it.

Uberfuzzy  2009-08-09 00:30:17
A: 

When troubleshooting the entire class of PHP-cURL-related problems, you simply have to turn on CURLOPT_VERBOSE and give CURLOPT_STDERR a file handle.

tail -f your file, compare the headers and response to the ones you see in Firebug, and the problem should become clear.

 2009-08-09 01:00:56

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases