I am trying to get information from an external site that requires a login. I am using my localhost. It seems to log in and set the cookie okay in cookie.txt in my home directory but I get an empty result back. I've reviewed these questions in detail but can't get it to work. I am quite new to PHP. Here's my code:
3rd party HTML login form
<form method="post">
<input type="hidden" name="t" value="/index.php?"/>
<input type="hidden" name="count" value="1" />
<input type="text" id="username" name="username" value="" size="10" maxlength="10" required/>
<input type="password" id="password" name="password" value="" size="10" maxlength="10" required/>
<input type=submit name=submit value=Login />
Keep me logged in <input type="checkbox" id="keep" name="keep" checked/>
</form>
PHP
define('USERNAME', 'user');
define('PASSWORD', 'password1');
define('USER_AGENT', 'Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36');
define('COOKIE_FILE', $_SERVER['DOCUMENT_ROOT'].'/cookie.txt');
define('LOGIN_FORM_URL', 'http://www.example.com/sub/login.php?t=%2Findex.php%3f');
define('LOGIN_ACTION_URL', 'http://example.com/sub/index.php?t=%2Findex.php%3f'); //Same as LOGIN_FORM_URL
$postValues = array(
'username' => USERNAME,
'password' => PASSWORD,
'submit' => 'Login',
'count' => '1',
't' => '/index.php?',
'keep' => 'on'
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, LOGIN_ACTION_URL);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postValues));
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_COOKIEJAR, COOKIE_FILE);
curl_setopt ($curl, CURLOPT_COOKIEFILE, COOKIE_FILE);
curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
//Just to see what is going on
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_HEADER, 1);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_REFERER, LOGIN_FORM_URL);
//There is one header redirect so this is needed
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
echo curl_exec($curl);
//Checking for errors. None returned.
if(curl_errno($curl)){
throw new Exception(curl_error($curl));
}
//We should be logged in by now. So I try to access a password protected page
curl_setopt($curl, CURLOPT_URL, 'http://www.example.com/protected');
curl_setopt($curl, CURLOPT_COOKIEJAR, COOKIE_FILE);
curl_setopt ($curl, CURLOPT_COOKIEFILE, COOKIE_FILE);
curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
//Execute the GET request and print out the result.
$content = curl_exec($curl);
curl_close($curl);
echo $content;
I expect to see the content from the password protected page but I only see the HTTP header info (as I called CURLOPT_HEADER). As suggested in another question, I checked the post variables on the third party site in my browser's network monitor and they are all correct.
I feel that it has something to do with the redirect but I don't know what.
EDIT: After playing around for a long time I think I have isolated the problem to the PHPSESSID cookie. I logged in manually, copied the PHPSESSID value and passed it to my site (either by creating a manual header using CURLOPT_HTTPHEADER or by editing the cookie file created by CURLOPT_COOKIEJAR). I was able to log in this way. However, when my site logs in and creates its own different PHPSESSID this does not work for some reason. Any ideas?
