By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,564 Members | 1,070 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,564 IT Pros & Developers. It's quick & easy.

CURL form posting to self referencing form action

P: n/a
I've successfully used CURL to maneuver around and through sites
but a new site I've been trying to work with has got me stumped.

To retrieve the data I'm trying to get a login is required. If
you go to any page in the "member" area without logging in you
get directed to a https connection and hit login.php (ie: you
end up at https://www.domain.com/login.php). The problem, I
believe, lies in the fact that the form on that page references
itself in the form action tag.

The action tag in the form is "/login.php" and nothing I've tried
has been successful in getting CURL to actually submit the data
and get me logged in. Not surprising really since you'd normally
point CURL to the action target to pass form data.

The things I've tried so far without luck are:

* Hit the main site page to pick up the session cookie then go
to one of the "member" only pages

* Gone directly to one of the "member" pages to get redirected
to login.php

Both attempts end up simply returning me the contents of the
login.php page which, obviously, doesn't help or do any good.

What isn't clear from the CURL documentation with PHP is whether
or not the CURLOPT_POSTFIELDS get passed to pages after a redirect
takes place. I suspect they are but the fact that login.php
refers back to itself seems to be the real problem.

If anyone has any ideas on how to convince CURL to get me past
login.php or any other suggestions on things I could try I would
very much appreciate it.

Thanks,
Dave Martin
Jul 17 '05 #1
Share this Question
Share on Google+
9 Replies


P: n/a
d
What happens when you remove the "action" parameter from the <form> tag?
That makes the form re-submit to the exact same page...

"Dave Martin" <da*********@mindspring.com> wrote in message
news:MP************************@news-out.barditch.com...
I've successfully used CURL to maneuver around and through sites
but a new site I've been trying to work with has got me stumped.

To retrieve the data I'm trying to get a login is required. If
you go to any page in the "member" area without logging in you
get directed to a https connection and hit login.php (ie: you
end up at https://www.domain.com/login.php). The problem, I
believe, lies in the fact that the form on that page references
itself in the form action tag.

The action tag in the form is "/login.php" and nothing I've tried
has been successful in getting CURL to actually submit the data
and get me logged in. Not surprising really since you'd normally
point CURL to the action target to pass form data.

The things I've tried so far without luck are:

* Hit the main site page to pick up the session cookie then go
to one of the "member" only pages

* Gone directly to one of the "member" pages to get redirected
to login.php

Both attempts end up simply returning me the contents of the
login.php page which, obviously, doesn't help or do any good.

What isn't clear from the CURL documentation with PHP is whether
or not the CURLOPT_POSTFIELDS get passed to pages after a redirect
takes place. I suspect they are but the fact that login.php
refers back to itself seems to be the real problem.

If anyone has any ideas on how to convince CURL to get me past
login.php or any other suggestions on things I could try I would
very much appreciate it.

Thanks,
Dave Martin

Jul 17 '05 #2

P: n/a
> What happens when you remove the "action" parameter from the <form> tag? That makes the form re-submit to the exact same page...

Nope. It makes the browser responsible for handling such form. Maybe
some browsers do it like you said, but they may change this behaviour
in any new wersion without warning.
Better way to achieve the same thing is to use $_SERVER['PHP_SELF']
or something like that as "action" attribute value in "form" tag.

Hilarion
Jul 17 '05 #3

P: n/a
.oO(d)
What happens when you remove the "action" parameter from the <form> tag?
The action-attribute is required. Omitting it is invalid code.
That makes the form re-submit to the exact same page...


Not necessarily.

Micha
Jul 17 '05 #4

P: n/a
Couple of suggestions:

If the site you are trying to access requires sessions/cookies, are you sure
you're capturing these correctly? Try to get your script to successfully
login and capture the cookies to a cookie jar. This is probably where the
problem lies.

If you can't figure out what your browser is doing that your script isn't,
use a proxy debugger like Charles 1.8. This lets you capture exactly what
the browser sends and gets back.

Hopefully helpful,
Kevin

"Dave Martin" <da*********@mindspring.com> wrote in message
news:MP************************@news-out.barditch.com...
I've successfully used CURL to maneuver around and through sites
but a new site I've been trying to work with has got me stumped.

To retrieve the data I'm trying to get a login is required. If
you go to any page in the "member" area without logging in you
get directed to a https connection and hit login.php (ie: you
end up at https://www.domain.com/login.php). The problem, I
believe, lies in the fact that the form on that page references
itself in the form action tag.

The action tag in the form is "/login.php" and nothing I've tried
has been successful in getting CURL to actually submit the data
and get me logged in. Not surprising really since you'd normally
point CURL to the action target to pass form data.

The things I've tried so far without luck are:

* Hit the main site page to pick up the session cookie then go
to one of the "member" only pages

* Gone directly to one of the "member" pages to get redirected
to login.php

Both attempts end up simply returning me the contents of the
login.php page which, obviously, doesn't help or do any good.

What isn't clear from the CURL documentation with PHP is whether
or not the CURLOPT_POSTFIELDS get passed to pages after a redirect
takes place. I suspect they are but the fact that login.php
refers back to itself seems to be the real problem.

If anyone has any ideas on how to convince CURL to get me past
login.php or any other suggestions on things I could try I would
very much appreciate it.

Thanks,
Dave Martin

Jul 17 '05 #5

P: n/a
"d" <d@example.com> wrote in message
news:<ZJ******************@fe1.news.blueyonder.co. uk>...

What happens when you remove the "action" parameter from the <form> tag?
That makes the form re-submit to the exact same page...
Nope. It makes the form submit to the default file in the current
directory.

"Dave Martin" <da*********@mindspring.com> wrote in message
news:MP************************@news-out.barditch.com...
To retrieve the data I'm trying to get a login is required. If
you go to any page in the "member" area without logging in you
get directed to a https connection and hit login.php (ie: you
end up at https://www.domain.com/login.php). The problem, I
believe, lies in the fact that the form on that page references
itself in the form action tag.

The action tag in the form is "/login.php" and nothing I've tried
has been successful in getting CURL to actually submit the data
and get me logged in. Not surprising really since you'd normally
point CURL to the action target to pass form data.

The things I've tried so far without luck are:

* Hit the main site page to pick up the session cookie then go
to one of the "member" only pages

* Gone directly to one of the "member" pages to get redirected
to login.php


There is no silver bullet here. You need to study the server's
raw output at each step of the authentication process. Keep in
mind there may be redirects involved, so you need to follow them
while keeping all relevant cookies...

Cheers,
NC
Jul 17 '05 #6

P: n/a
Hello,

On 12/03/2004 09:50 AM, Dave Martin wrote:
The action tag in the form is "/login.php" and nothing I've tried
has been successful in getting CURL to actually submit the data
and get me logged in. Not surprising really since you'd normally
point CURL to the action target to pass form data.

The things I've tried so far without luck are:

* Hit the main site page to pick up the session cookie then go
to one of the "member" only pages

* Gone directly to one of the "member" pages to get redirected
to login.php

Both attempts end up simply returning me the contents of the
login.php page which, obviously, doesn't help or do any good.


This is odd because Curl is supposed to do collect any cookies.

Personally I only use curl for accessing SSL pages. For non-SSL pages I
just use TCP socket connections.

Anyway, even when I use curl, I use this HTTP client class that compose
the request headers and bodies itself instead of relying on curl
abilities to compose the kind of posts that I want and that works
wonders supporting certain types of things that I am not sure curl supports.

You may also want to try this HTTP client yourself and let me know if
you still have any difficulties. It is also capable of collecting
cookies and handling redirection which is something you also need. It
comes with examples to show that:

http://www.phpclasses.org/httpclient

--

Regards,
Manuel Lemos

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/

Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
Jul 17 '05 #7

P: n/a
> "Dave Martin" <da*********@mindspring.com> wrote in message
news:MP************************@news-out.barditch.com...

<snip>
The things I've tried so far without luck are:

* Hit the main site page to pick up the session cookie then go
to one of the "member" only pages
How, did you do that? Did you instruct cURL to follow cookie like
this <http://curl.haxx.se/libcurl/php/examples/?ex=cookiejar.php>?

<snip> What isn't clear from the CURL documentation with PHP is whether
or not the CURLOPT_POSTFIELDS get passed to pages after a redirect
takes place. I suspect they are but the fact that login.php
refers back to itself seems to be the real problem.
Perhaps, the site does some REFERER check--but you didn't send it??
If anyone has any ideas on how to convince CURL to get me past
login.php or any other suggestions on things I could try I would
very much appreciate it.


There are lot of cURL variables <http://in.php.net/curl> You may
want to set CURLOPT_FOLLOWLOCATION

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/
Jul 17 '05 #8

P: n/a
In article <ab**************************@posting.google.com >,
ng**********@rediffmail.com says...
How, did you do that? Did you instruct cURL to follow cookie like
this <http://curl.haxx.se/libcurl/php/examples/?ex=cookiejar.php>?
Nope and that was exactly my problem. I had been trying to grab the one
cookie I knew I needed but apparently that wasn't working (at least not
correctly as I know I was getting cookie data). Wished I'd found that
page a LOT sooner :)
There are lot of cURL variables <http://in.php.net/curl> You may
want to set CURLOPT_FOLLOWLOCATION


Already had it enabled and I was actually following the redirects. That
much I could see in the CURL trace.

Dave
Jul 17 '05 #9

P: n/a
dear sir,

not entierly sure of what the solution is, but i had a similar experience
with google. i tried to connect to google manually using http connection to
preform a search. i however could not get to the second page. the reason
being that there was a param 'ie=UTF' also required along with other
variables. i searched the original form, i could not find the variable 'ie'.
but i saw a javascript within the form. google has slyly include the extra
param within the form.

my suggestion,
1. search for extra param, if any
2. check if your script preforms a SSL connection correctly.

i hope this helps.

sumeet shroff
"Dave Martin" <da*********@mindspring.com> wrote in message
news:MP************************@news-out.barditch.com...
I've successfully used CURL to maneuver around and through sites
but a new site I've been trying to work with has got me stumped.

The action tag in the form is "/login.php" and nothing I've tried
has been successful in getting CURL to actually submit the data
and get me logged in. Not surprising really since you'd normally
point CURL to the action target to pass form data.
If anyone has any ideas on how to convince CURL to get me past
login.php or any other suggestions on things I could try I would
very much appreciate it.

Thanks,
Dave Martin

Jul 17 '05 #10

This discussion thread is closed

Replies have been disabled for this discussion.