0

I am currently working on a script where the user has to fill in a username and a password. Then, when the user logs in, the script checks if his/her username is registered in my database. If that is the case, the user logs in on my external website (using cURL), and if not, the user logs in on a different website of which I do not have access to the database. 

if($count==1){
    $curl = curl_init('http://www.myownwebsite.com/');
    curl_setopt ($curl, CURLOPT_POSTFIELDS, "gebruikersnaam=$myusername&wachtwoord=$mypassword");
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
    curl_exec($curl);
}
else {
    $curl = curl_init('http://www.differentwebsite.com/');
    curl_setopt ($curl, CURLOPT_POSTFIELDS, "username=$myusername&password=$mypassword");
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
    curl_exec($curl);
}

as you can see, my script stores the row count in a count variable, and if the query results 1 row, it logs in on my site, and if not it logs in on the other site. The username and password checking is done on the actual websites the user logs in to.

Now my problem is, that I want it to "follow the location", or so to speak. The script, as it is right now, redirects(?) to e.g. http://www.myownwebsite.com/checklogin.php (checklogin.php being the script I'm using cURL in).

I tried solving this by using the followlocation cURL function, but doing that gives me a warning:

Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in -----

I checked my php.ini by using the phpinfo(); function and safemode is turned off, open_basedir has no value, so I don't think this is the problem. I looked up some other possible solutions, but nothing so far helped me solve this issue.

If anything is unclear, feel free to ask.

hakre
  • 193,403
  • 52
  • 435
  • 836
Tienus McVinger
  • 467
  • 9
  • 24
  • What's the value of `CURLOPT_MAXREDIRS` ? – Ja͢ck Mar 13 '13 at 08:35
  • There is no maxredirs in the script, so it's probably whatever's the default value, I guess? Do I need to do anything with it? – Tienus McVinger Mar 13 '13 at 08:39
  • 1
    As I can see .. you are using the CURLOPT_POSTFIELDS but you are not setting the value for CURLOPT_POST .. .Are you setting it somewhere else .. ? – alwaysLearn Mar 13 '13 at 08:40
  • 1
    Read the error message again. Your trouble-shooting didn't turn out correct results so far, as you can either safe_mode is on or open_basedir is set. You say both is not the case. Please double-check with the concrete request that fails. For it, it's likely not what you have checked elsewhere. Always trouble-shoot the concrete request, not some other castle in the sky. - See as well [Php - Debugging Curl](http://stackoverflow.com/questions/3757071/php-debugging-curl) – hakre Mar 13 '13 at 08:40
  • @new_developer That's wrong, `CURLOPT_POST` is implied. – Ja͢ck Mar 13 '13 at 08:41
  • I would add `CURLOPT_VERBOSE` and see why it's not redirecting. – Ja͢ck Mar 13 '13 at 08:41
  • @Jack: No, it's not. At least it was not yesterday when I checked that. – hakre Mar 13 '13 at 08:41
  • @hakre I'm pretty sure it is, but I'll test it :) – Ja͢ck Mar 13 '13 at 08:42
  • @TienusMcVinger have a loook http://stackoverflow.com/questions/6918623/curlopt-followlocation-cannot-be-activated and http://www.webhostingtalk.com/showthread.php?t=644247 – alwaysLearn Mar 13 '13 at 08:43
  • @hakre The behaviour is different; when an array is used, `CURLOPT_UPLOAD` seems to be implied; for a string it's `CURLOPT_POST` :) php 5.4.12 – Ja͢ck Mar 13 '13 at 08:46
  • OK, I tried using that curl_setopt ($curl, CURLOPT_VERBOSE, true); by putting it before the if-else statement but I didn't get any different output message. What am I doing wrong? – Tienus McVinger Mar 13 '13 at 08:53
  • What exactly are you trying to do and how does it fail? What do you mean by *I want it to "follow the location"*? – Ranty Mar 13 '13 at 08:57
  • @Jack: I must correct myself, it is implied with using an array as well. – hakre Mar 13 '13 at 08:59
  • @Ranty, what I want it to do is, after checking the database and all that, I want it to log in on the site it forwards you to as if the user entered his username and password on that website (the website it forwarded you to). – Tienus McVinger Mar 13 '13 at 09:00

1 Answers1

2

You can't log in user by sending POST request to login page with your server. What happens is you get your server logged in, not the user.

Also, you can't redirect the user with POST data with PHP. All you can do is you can make a form with method="POST" and action="http://www.differentwebsite.com/" with hidden fields username and password, which will be submitted via JavaScript on page load. Here's simple example of the page you could output.

<html>
<head>
<script type="text/javascript">
function submit_form()
{
    document.myform.submit();
}
</script>
</head>
<body onload="submit_form();">
    <form method="POST" name="myform" action="http://www.google.com/">
        <input type="hidden" name="username" value="someusername"/>
        <input type="hidden" name="password" value="somepassword"/>
    </form>
</body>
</html>

As for why you get user redirected, it is due to the fact that you skipped:

curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

so the output gets sent to the user directly.

Ranty
  • 3,333
  • 3
  • 22
  • 24
  • Hmm, I'm quite confused. How do I implement this? After having added curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); with the same warning. I know thatmerely adding the RETURNTRANSFER shouldn't have solved it anyway, but just so you know. How exactly should I implement that form with the hidden fields? – Tienus McVinger Mar 13 '13 at 09:32
  • Ah yes, after playing around a bit, I got it working. Thank you! – Tienus McVinger Mar 14 '13 at 15:16