-3

Possible Duplicate:
Making a HTTP GET request with HTTP-Basic authentication

I want to get HTML source code of a password protected page. I usually use this code to get html source of a not-protected page.

$handle = @fopen("http://www.webmasterworld.com", "rt");
$source_code = fread($handle,9000);

How can I get source of a password protected page using username & password? It is not protected by Basic Auth.

Community
  • 1
  • 1
Zahid Habib
  • 715
  • 3
  • 12
  • 23

3 Answers3

4

Since this is not a BASIC AUTH (eg. protected via .htaccess in apache for example) and instead seems to be session/cookie based, you need to submit the username/password first the same way a regular browser would via a POST request. When successful, the web application will return to you a cookie name/value pair that you will need to use for the next request (ie. to request the page you want to read).

You can either use all the cookies key/value pairs that the server wants you to set or figure out what the important session cookie is. It depends on how the web application works. To figure out what the session cookie name should be and what the usual value looks like try looking at the HTTP requests via a tool like firebug or chrome's dev tools. Once you have figured out what the important cookie name/value is make sure you send that when attempting to read the page within your next request.

The easiest way to do all this in PHP is to use cURL. The rough idea has two parts:

1) Post the username/password to form's action="" processor and return the cookie value pair. See curl_init(), curl_setopt(), and curl_exec() to see how to initialize the request, set its options (eg to set its type as POST, set browser agent string in case the processing script only responds to real browsers, set the request as a headers only request, etc) then execute. More details on how to do this and get the cookie value can be found on a similar post here.

2) Once you get the session cookie key/value pair, read the page by supplying the cookie/value pair so the website knows you have been authenticated previously. You will want to use the CURLOPT_COOKIE option with curl_setopt() when setting this second request and supply the cookie=value pair. More details on how to send a cookie via cURL can be found on a related post here.

Community
  • 1
  • 1
Carlos N
  • 1,616
  • 14
  • 15
1

Whats sort of protection? If it's BASIC AUTH, use curl instead. If it's behind a session gets more complicated.

xelber
  • 4,197
  • 3
  • 25
  • 33
  • Don't understand what u mean but I want to read this page http://jzdw.jy100.com/main.aspx To login this page I need to put username & password on http://jzdw.jy100.com/ – Zahid Habib Nov 20 '12 at 00:46
  • Which is little harder. you will have to simulate a login using CURL, take the session id cookie once logged in, pass it when you download the page. There could be libraries to do this, so do some search. If you have communication with the site owners though, best is first talk to them about making the information available in a different method as the above is not the most elegant way of transferring information. Take a look at this http://stackoverflow.com/questions/3008817/login-to-remote-site-with-php-curl – xelber Nov 20 '12 at 01:06
1

Try url-encoding the username and password and adding them to the URL.

$encUser = urlencode($username);
$encPass = urlencode($password);
$handle = @fopen("http://{$encUser}:{$encPass}@www.webmasterworld.com", "rt");

Just about any library that will fetch a document for you via HTTP understands basic credentials in the URL.

slashingweapon
  • 11,007
  • 4
  • 31
  • 50