6

Today I'm trying to make a cron job for some forum login to check for online stats. The login.php script accepts an ajax request with the form submitted values: user, password, server, and a hash id (in a hidden field). I can already submit the values to the login script and also preserve the session using a cookie jar but when I try to pass the required parameters (coming from sendlogin.php), it seems to reject requests that do not come with the proper request headers. So I need to know how I could simulate this using cURL:

GET login.php?user=foo&password=bar&server=1&id=7131c359e534e3790eaefa495d621b2a HTTP/1.1

Host: someloginserver.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://someloginserver.com/sendlogin.php
Cookie: __cfduid=de2fe207593d1135fc2426fb06e3270741303115848; hellobar_current=1300711502; hellobar_1300711502_variation=11462; PHPSESSID=cc621c6f57c43130d51d3147e319d8c2

hope you could help me on this.

VeeBee
  • 847
  • 4
  • 13
  • 30
  • Pass the relevant headers in to `curl_setopt($curlHandle, 'CURLOPT_HTTPHEADER', $headersArray);`. Turn on verbose curl logging. Revise until the headers cURL outputs match what you expect. – Frank Farmer May 12 '11 at 01:42

2 Answers2

10

That array format doesn't work. Curl does not accept associative arrays. Each element must be a string in the following format:

    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        "Host: www.somehost.com",
        "User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
        "Accept: application/json, text/javascript, */*; q=0.01",
        "Accept-Language: en-us,en;q=0.5",
        "Accept-Encoding: gzip, deflate",
        "Connection: keep-alive",
        "X-Requested-With: XMLHttpRequest",
        "Referer: http://www.somehost.com/"
    ));
Isidro Moran
  • 322
  • 2
  • 6
10

In the PHP api to curl you can use:

curl_setopt($curl, CURLOPT_HTTPHEADER, array(
    "Host" => "someloginserver.com",
    "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
    "Accept" => "application/json, text/javascript, */*; q=0.01",
    "Accept-Language" => "en-us,en;q=0.5",
    "Accept-Encoding" => "gzip, deflate",
    "Accept-Charset" => "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
    "Keep-Alive" => "115",
    "Connection" => "keep-alive",
    "X-Requested-With" => "XMLHttpRequest",
    "Referer" => "http://someloginserver.com/sendlogin.php"
));

But your actual problem might be the Cookie:, which I've excluded above. Setup your cURL request with a COOKIEJAR. Make one faux request to get a current session value, and only afterwards send your actual XHR request.

Alix Axel
  • 151,645
  • 95
  • 393
  • 500
mario
  • 144,265
  • 20
  • 237
  • 291
  • ok seems youre right about me whos gonna be having problems on the cookie. i found out that in sendlogin.php, there's a javascript file that adds 2 new cookie variables: hellobar_current and hellobar_1300711502_variation so the question now is, how do i include thos javascript added cookie values onto the cookie jar? – VeeBee May 12 '11 at 04:36
  • You can either reuse a preseeded cookie file of Firefox, or use `CURLOPT_COOKIE` to inject the other two manually. I doubt those two cookies are relevant autorizationwise however. – mario May 12 '11 at 05:16
  • ok now i'm able to inject the additional cookies but they don't seem to get saved in the cookiejar. here's my code snippet: http://pastebin.com/FZb9mfKZ – VeeBee May 12 '11 at 07:08
  • The curl_setopt() for CURLOPT_COOKIE should occur after setting the _COOKIEJAR I'd assume. – mario May 12 '11 at 07:26
  • 2
    ok now i found out the culprit: the headers doesn't seem to be working when passed with associative arrays. it should be something like: array('Accept-Language: en-us,en;q=0.5', 'etc', etc'); – VeeBee May 12 '11 at 07:41
  • For some obscure reason, the CURL developer does not accept associative arrays for the headers, while it does for the POST fields... – andreszs Sep 04 '14 at 01:57