Codeigniter curl how to send CSRF token?

Question

I'm having trouble filling a form on another page with curl. How to download and insert CSRF token in Codeigniter? Without using CSRF, the form is added without any problem. CSRF looks like this:

<input type="hidden" name="csrf_test_name" value="795e736ebd33938c7371e50b2085f6d7" />

And my entire curl code looks like this

$curl_connection = 
  curl_init('http://localhost/form');
 curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
 curl_setopt($curl_connection, CURLOPT_USERAGENT, 
  "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_COOKIEFILE, APPPATH . '/cookies.txt');
curl_setopt($curl_connection, CURLOPT_COOKIEJAR, APPPATH . '/cookies.txt');


$result = curl_exec($curl_connection);

  $doc = new DOMDocument();
  $doc->loadHTML($result);
  $token = $doc->getElementById("csrf_test_name")->attributes->getNamedItem("value")->value;

  $post_data['title'] = 'Myname';
  $post_data['csrf_test_name'] = $token;
  $post_data['email'] = 'my@email.com';


foreach ( $post_data as $key => $value) {
    $post_items[] = $key . '=' . $value;
}

$post_string = implode ('&', $post_items);

curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);

$result = curl_exec($curl_connection);

print_r(curl_getinfo($curl_connection));
echo curl_errno($curl_connection) . '-' . 
curl_error($curl_connection);


curl_close($curl_connection);
    }

I am a beginner in the topic of curl, can anyone help me how to read this csrf? Thanks in advance for any help.

You are getting CSRF token as a POST field and setting post fields with CURLOPT_POSTFIELDS already, what kind of error / result do you get? — Adem Tepe, Feb 10 '21 at 19:17
Fatal error: Call to a member function getNamedItem() on null — gambi, Feb 10 '21 at 19:28
Oh, it seems like this is not curl problem, you are just not getting the value of the field ( $token ) correctly. — Adem Tepe, Feb 10 '21 at 19:52

score 0 · Accepted Answer · answered Feb 10 '21 at 22:00

0

I have tested this, working:

First of all, you need to change name to id:

<input type="hidden" id="csrf_test_name" value="795e736ebd33938c7371e50b2085f6d7" />

Because you are using getElementById("csrf_test_name").

Secondly, you need to get the attribute value like this:

$token = $doc->getElementById("csrf_test_name")->getAttribute('value');

You should be fine unless there is another error.

P.S. You have used here PHP XML DOM Parser but usually for this kind job PHP Simple HTML DOM Parser is used. Why? Because we are parsing HTML :)

If the data were XML, then we would be talking about nodes and we could get the value in a more clear way like this:

$token = $doc->getElementById("csrf_test_name")->nodeValue;

answered Feb 10 '21 at 22:00

Adem Tepe

564
5
10

@adam Tepe Thanks for your help now it works. But now I have another problem. The form is filled in with text data, but this form also includes uploading photos as a second form. Upload is done with Ajax. And I don't know how to upload photos. – gambi Feb 11 '21 at 10:51
I don't know if you can make an AJAX call with cURL because AJAX call is made with javascript. – Adem Tepe Feb 11 '21 at 11:12
This may help: https://stackoverflow.com/questions/48214437/send-ajax-request-through-curl – Adem Tepe Feb 11 '21 at 11:16

Codeigniter curl how to send CSRF token?

1 Answers1