3

I am learning PHP and trying to automate a website login and then post some data to another page once logged in. I managed to login to the website and when I try to post data, I got a "Document moved".

Then I analysed the headers in firebug and realised that there was a PHP_session_id, so when I tried to manually pass this PHP_session_id it worked.

So my question is, how can I automatically get the sessionid when I login and then subsequently pass this on to my second request?

This is what my code looks like:

<?php
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL,"http://www.example.com/login-main.php");
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS,
                "loginType=company&username=johndoe%40gmail.com&password=1234&company=test");

    ob_start();
    curl_exec ($ch);
    ob_end_clean();
    curl_close ($ch);
    unset($ch);

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(

    'Host:www.example.com',
    'Origin:http://www.example.com',
    'Cookie:PHPSESSID=na6ivnsdfab206ktb453o2au07',
    'Referer:http://www.example.com/bookings/'

        ));
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_URL,"http://www.example.com/bookings.php");
    curl_setopt($ch, CURLOPT_POSTFIELDS,
                "start_date=&end_date=&type=instructor&b_type=&id=41");
    $buf2 = curl_exec ($ch);
    curl_close ($ch);
    echo "<PRE>".htmlentities($buf2);
?>
  • 1
    Searching for PHPSESSID gives http://stackoverflow.com/q/1370951/1741542. Maybe this helps. – Olaf Dietsche Oct 03 '16 at 08:55
  • 1
    This might help, http://stackoverflow.com/questions/13020404/keeping-session-alive-with-curl-and-php – Alok Patel Oct 03 '16 at 09:01
  • 1
    To follow "Document moved", you must add [`CURLOPT_FOLLOWLOCATION`](https://curl.haxx.se/libcurl/c/CURLOPT_FOLLOWLOCATION.html), IIRC. See also https://curl.haxx.se/libcurl/c/curl_easy_setopt.html for many more options. – Olaf Dietsche Oct 03 '16 at 09:21
  • @OlafDietsche Thanks, I checked that out and I have added that to my code but now am getting a 404 error. –  Oct 03 '16 at 09:44
  • Have you removed the hardwired "Cookie: …"? – Olaf Dietsche Oct 03 '16 at 09:58
  • Yes, I have. I am using a cookie file as suggested by @Garden_Apple –  Oct 03 '16 at 10:12
  • Then maybe it's a real 404, or the page is missing some other parameter. – Olaf Dietsche Oct 03 '16 at 10:42
  • Well, when i hardcode the `'Cookie:PHPSESSID=na6ivnsdfab206ktb453o2au07',` it works, so im confused. –  Oct 03 '16 at 10:50
  • 1
    You do a `curl_close()` after the first request and then create a new one. Do you fully initialize the second request, including cookie jar, etc.? Maybe it works, when you continue using the first curl handle. – Olaf Dietsche Oct 03 '16 at 10:58
  • Oh I see. What I tried now is to use `curl_setopt($ch, CURLOPT_COOKIEJAR, $full_path_to_cookie_file);` in the first request and then call that cookie `curl_setopt($ch, CURLOPT_COOKIEFILE, $full_path_to_cookie_file); ` in the second request. Is that correct? –  Oct 03 '16 at 11:11
  • I don't know, I haven't tried this myself. From the docs, I would guess, you need both. Just try and you will see. If some combination doesn't work, try another. – Olaf Dietsche Oct 03 '16 at 11:32
  • If everything else fails, read the manual :-) – Olaf Dietsche Oct 03 '16 at 11:33
  • Great, i'll try different things and see what finally works. Thanks for your help :) –  Oct 03 '16 at 11:35

1 Answers1

1

Add to your code in all curl requests

 curl_setopt($ch, CURLOPT_COOKIEJAR, $full_path_to_cookie_file);
 curl_setopt($ch, CURLOPT_COOKIEFILE, $full_path_to_cookie_file);

For example 

$full_path_to_cookie_file= __DIR__.'/cookie.txt';
Dmitriy Antonenko
  • 201
  • 1
  • 8
  • Thanks, I tried that but it still returns a "document moved". Do I have to extract just the phpsessid from the cookie and pass this in the header? –  Oct 03 '16 at 09:14
  • File cookie.txt will contain all cookies of page. Cookie.txt will contain phpsessid too. – Dmitriy Antonenko Oct 03 '16 at 09:35
  • Ah I see. Any idea why it doesn't work? I can't figure out what I am missing because I understood the idea of getting and sending the cookie file based on your answer. –  Oct 03 '16 at 09:43