Tuesday, June 28, 2011

Logging in to HTTPS websites using PHP cURL

To log in to a HTTPS website using PHP cURL you need to do the following:

enable cURL by uncommenting the line extension=php_curl.dll in your php.ini file.

Set up cURL to either accept all certificates or add the needed certificate authority to cURLs CA list (check out http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/)

Then you need to load the page to get the session cookie:
// Create temp file to store cookies
$ckfile = tempnam ("/tmp", "CURLCOOKIE");

// URL to login page
$url = "https://www.securesiteexample.com";

// Get Login page and its cookies and save cookies in the temp file
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Accepts all CAs
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile); // Stores cookies in the temp file
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($ch);


Now you have the cookie, you can POST login values (check the source of the login page to check if you need any other fields too)
$fields = array(
'username' => 'yourusername',
'password' => 'yourpassword',
);
$fields_string = '';
foreach($fields as $key=>$value) {
$fields_string .= $key . '=' . $value . '&';
}
rtrim($fields_string, '&');

// Post login form and follow redirects
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Accepts all CAs
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile); //Uses cookies from the temp file
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); // Tells cURL to follow redirects
$output = curl_exec($ch);


Now you should be able to access any pages within the password-restricted area by just including the cookies for each call:

$url = "https://www.securesiteexample.com/loggedinpage.html";
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Accepts all CAs
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile); //Uses cookies from the temp file
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($ch);


Found from http://coderscult.com/php/php-curl/2008/05/20/php-curl-cookies-example/, http://davidwalsh.name/execute-http-post-php-curl, http://stackoverflow.com/questions/3519939/make-curl-follow-redirects, and http://www.php.net/manual/en/function.curl-setopt.php.
Also see http://php.net/manual/en/book.curl.php.

8 comments:

  1. Thanks man... this helped me hours of work ! :)

    ReplyDelete
  2. @Rohith.M - Glad it was helpful. :)

    ReplyDelete
  3. Hi I was doing experiements with the script and found out that, we should include

    curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);

    after the line

    curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile); //Uses cookies from the temp file

    So that new cookies changes will be saved :)

    ReplyDelete
    Replies
    1. Ah, great!
      When I wrote the script I was only interested in the first page after login, but that should absolutely be included.

      Thanks. :)

      Delete
  4. im sorry, im beginner with curl. how to use all that code ? , only merge into one file .php ?
    thank you before

    ReplyDelete
    Replies
    1. Hi
      It's been a while, but yes, pretty much. :)
      Have a look at http://stackoverflow.com/a/2138534 for a good example and links to more. And maybe also http://code.tutsplus.com/tutorials/techniques-for-mastering-curl--net-8470 for a tutorial on usring cURL with PHP.
      Good luck! :)


      Regards,
      Åsmund

      Delete
  5. hey, i try to logging in into a https website and take its contents,

    but it return empty, and when i tried to check with curl_errno($ch)
    it return 35 which means Unknown SSL protocol error in connection to [secure site]:443

    any ideas or clue which i do wrong ?

    Thanks before.

    Regards,
    Andy

    ReplyDelete
  6. Thanks for article .its really help me.

    ReplyDelete