How can I post a form field through CURL in PHP?

Question

I am trying to integrate an API on my website and it requires me to post an authorization field which is encoded in base64. However, it is saying that I am not doing it correctly. I wonder if it is because I am not posting the field correctly. This is what I have done so far.

$pro = '00000000000';

$host = 'http://www.saiasecure.com/irsec/getimginfo1.aspx?refNumber='.$pro; 

$authorization = 'username : password';

$authorization = base64_encode($authorization);

$post = array(

    'Authorization' => $authorization

    );

$ch = curl_init($host);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$return = curl_exec($ch);
curl_close($ch);

$xml = new SimpleXMLElement($return);

try
{

    print_r($xml);

} catch(SoapFault $ex){

    $ex->getMessage();
    echo $ex;

}

These are the API instructions provided by the developer.

This is the response I get from the API:

Does anybody know what I'm doing wrong? It is driving me crazy!

There's something wrong with authentication, Cross check your username and password. — Shahnawaz Kadari, Jul 18 '18 at 23:39
You probably shouldn't have that space between the username and password. — Anthony, Jul 18 '18 at 23:43

score 1 · Answer 1 · edited Jul 19 '18 at 10:58

1

The documentation says the value is the concatenation of user id, ':', and password. This might be confusing wording. You should remove those spaces, making your code:

$authorization = 'username:password';

The C# example of the code shows it needs a base64 encode:

$authorization = base64_encode($authorization);

And based on Xorifelse's input it's simpler to just let curl set the headers for you:

curl_setopt($ch, CURLOPT_USERPWD, $authorization);

edited Jul 19 '18 at 10:58

Xorifelse

7,878
1
27
38

answered Jul 18 '18 at 23:52

Anthony

36,459
25
97
163

I would use encoding on the password (might as well the username), decode on the other end of course. – Xorifelse Jul 18 '18 at 23:54
I don't know what you mean. My answer is just addressing the part of your code example that looks like the problem. I assume they want you to base64 encode the whole thing (not do anything special to the password by itself). – Anthony Jul 18 '18 at 23:55
That didn't work. It keeps giving me the same error message :( – Carlos Jul 18 '18 at 23:55
Probably don't want to have a password with `:` in it then. Does it work if you change the password to not use `:`? – Anthony Jul 18 '18 at 23:58
Sorry, two different people, just realized. Xorifelse: no idea about encoding the password. Is there such a thing as a POST field escaping? I'm not aware of one. Carlos: Do you have any examples of where it does work that we can use to compare to what you're doing? – Anthony Jul 19 '18 at 00:00
@Anthony unfortunately, they don't give me any examples – Carlos Jul 19 '18 at 00:01
@Carlos - One thing that is kind of weird is that they want it as a form field. Have you tried also setting the Authorization header with the same value? – Anthony Jul 19 '18 at 00:01
I tried encoding the user and the password separately and then adding the : at the end, but that didn't work either – Carlos Jul 19 '18 at 00:02
@Anthony I tried setting as a header, but that was worst because then it gave me no response at all – Carlos Jul 19 '18 at 00:02
@Xorifelse I tried doing that and posting as a form field, but it didn't work. You mean setting it as a header? – Carlos Jul 19 '18 at 00:07
1

You could, I tend to use `curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");` instead. [This](https://stackoverflow.com/q/23809392/4982088) might give you more insight on how to set the headers manually. – Xorifelse Jul 19 '18 at 00:09
Have you confirmed elsewhere that the credentials are actually correct? – Anthony Jul 19 '18 at 00:13
Yeah, I just used them to sign into their website and the instructions say that if the credentials are invalid it will say so @Anthony – Carlos Jul 19 '18 at 00:15
@Xorifelse That actually gave me a different answer. It says that username is invalid. I will get in contact with the web service provider to see if they request a separate username/password to use their API – Carlos Jul 19 '18 at 00:18
They do provide an example, it's just in C#. `webreq.Headers.Add("Authorization", Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes(SaiaSecureUserID + ":" + password)));`. So it is supposed to be a header, and it is `base64_encode('username: password')` – Anthony Jul 19 '18 at 00:18
@Anthony I tried setting as a header, but it didn't work. Maybe I'm doing something wrong? How would you add the header in this case? – Carlos Jul 19 '18 at 00:20
@Carlos Don't be so quick to jump to conclusion. Maybe the API doesn't understand encoding at all. Maybe it wants a full encode (including the `:` separator), maybe nothing at all. As what Anthony comments, it seems it wants a full encode. Try that with `CURLOPT_USERPWD`. – Xorifelse Jul 19 '18 at 00:21
1

Try using the example from http://www.saiasecure.com/irsec/b_cs_http.asp on https://tio.run plugging in your credentials and anything else necessary. See if it works. – Anthony Jul 19 '18 at 00:23
Oh shoot! I got it lol @Xorifelse you were right! [curl_setopt($ch, CURLOPT_USERPWD, "username:password");] was correct, but I had to encode the whole thing together including the colon. – Carlos Jul 19 '18 at 00:23
Thank you both for helping me with this! It was driving me crazy! – Carlos Jul 19 '18 at 00:24
@Anthony your answer is not correct. The solution was adding `curl_setopt($ch, CURLOPT_USERPWD, base64_encode("username:password");` to the curl execution. Would you mind changing it? – Carlos Jul 19 '18 at 01:09

How can I post a form field through CURL in PHP?

1 Answers1