704
This is an example of how you can use CURL to “log in” and retrieve some protected info. I’ve showed the somewhat extreme case where you need to maintain cookies, spoof HTTP referer and use SSL. The example page used here is ClickBank – one of the largest digital product retailers. I’ve tried to comment the source as much as possible to make it easier to understand. See the end of this post for more information on CURL. You can also leave a comment if you have further questions.
/*********************************
**Set up your variables**
**********************************/
$cookiefile
= tempnam(
"/tmp"
,
"cookies"
);
/* Create a temporary file to store cookies.
This should work on most systems and is more
flexible than specifying path explicitly */
/* The page that displays the login form. */
/* The "action" value of the login form. This is not always
equal to $login_url. */
$username
=
"username"
;
$password
=
"passw0rd"
;
$agent
=
"Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
;
/*********************************
**Load the "login" page and get some cookies**
**********************************/
$ch
= curl_init();
curl_setopt(
$ch
, CURLOPT_URL,
$login_url
);
/* The URL of the page to retrieve */
curl_setopt(
$ch
, CURLOPT_USERAGENT,
$agent
);
/* Disguise self as a browser app. Some servers
might need a different value here. Some servers
might try to check if the page is visited by a
real human being using this value. */
curl_setopt(
$ch
, CURLOPT_RETURNTRANSFER, 1);
/* Don't output the results -
return them as a string instead */
curl_setopt(
$ch
, CURLOPT_FOLLOWLOCATION, 1);
/* Follow redirects.
This isn't actually necessary here :P */
curl_setopt(
$ch
, CURLOPT_COOKIEFILE,
$cookiefile
);
/* Read cookies from this file */
curl_setopt(
$ch
, CURLOPT_COOKIEJAR,
$cookiefile
);
/* Save cookies to the same file too */
/* SSL stuff - remove if not needed */
curl_setopt(
$ch
, CURLOPT_SSL_VERIFYHOST, 2);
/* Check the existence of a common name and also
verify that it matches the hostname provided. Not
strictly necessary in most cases. Use 0 to disable. */
/* SSL stuff - remove if not needed */
curl_setopt(
$ch
, CURLOPT_SSL_VERIFYPEER, false);
/* Turn off SSL peer certificate verification. This prevents
the "SSL certificate problem, verify that the CA cert is OK."
error. If you really need this set to "true",
see this link for a solution -
*/
$result
= curl_exec (
$ch
);
/* Perform the query, retrieve the page. */
curl_close (
$ch
);
/*************************************
Actually log in with the proper referer and cookies
**************************************/
/* The fields of the login form. These will probably be
different for every particular page. */
$postfields
=
array
(
'nick'
=>
$username
,
'pass'
=>
$password
,
//'rememberMe' => 'false',
'j_username'
=>
$username
,
'j_password'
=>
$password
,
);
$reffer
=
$login_url
;
/* If the server checks the referer we need to spoof it */
$ch
= curl_init();
curl_setopt(
$ch
, CURLOPT_URL,
$login_post_url
);
curl_setopt(
$ch
, CURLOPT_USERAGENT,
$agent
);
curl_setopt(
$ch
, CURLOPT_POST, 1);
curl_setopt(
$ch
, CURLOPT_POSTFIELDS,
http_build_query(
$postfields
));
/* http_build_query() will properly escape the fields and
build a query string. */
curl_setopt(
$ch
, CURLOPT_RETURNTRANSFER, 1);
curl_setopt(
$ch
, CURLOPT_FOLLOWLOCATION, 1);
/* Follow redirects. This is probably necessary here. */
curl_setopt(
$ch
, CURLOPT_REFERER,
$reffer
);
/* spoof the HTTP referer */
curl_setopt(
$ch
, CURLOPT_COOKIEFILE,
$cookiefile
);
curl_setopt(
$ch
, CURLOPT_COOKIEJAR,
$cookiefile
);
/* Note that this is the same file as before */
curl_setopt(
$ch
, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt(
$ch
, CURLOPT_SSL_VERIFYPEER, false);
$result
= curl_exec (
$ch
);
/* Now we've got the contents of the page you see after
logging in saved in $result */
curl_close (
$ch
);
/*****************************************
**If you need to get another page....**
This is similar to the above examples, just use the same
cookie file and maybe spoof the referer if needed
******************************************/
$reffer
=
$login_post_url
;
$ch
= curl_init();
curl_setopt(
$ch
, CURLOPT_URL,
$data_url
);
curl_setopt(
$ch
, CURLOPT_USERAGENT,
$agent
);
curl_setopt(
$ch
, CURLOPT_RETURNTRANSFER, 1);
curl_setopt(
$ch
, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt(
$ch
, CURLOPT_REFERER,
$reffer
);
curl_setopt(
$ch
, CURLOPT_COOKIEFILE,
$cookiefile
);
curl_setopt(
$ch
, CURLOPT_COOKIEJAR,
$cookiefile
);
curl_setopt(
$ch
, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt(
$ch
, CURLOPT_SSL_VERIFYPEER, false);
$result
= curl_exec (
$ch
);
curl_close (
$ch
);
echo
$result
;
/******************************************
**All done. Kill the cookie file once it's not needed anymore**
*******************************************/
unlink(
$cookiefile
);