PHP Curl And Cookies
Solutions which are described above, even with unique CookieFile names, can cause a lot of problems on scale.
We had to serve a lot of authentications with this solution and our server went down because of high file read write actions.
The solution for this was to use Apache Reverse Proxy and omit CURL requests at all.
Details how to use Proxy on Apache can be found here:
https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
PHP CURL saves cookie into cookiejar but doesn't use it
The first you must make sure __DIR__
have write permission.
The second when you run code. You can check cookie.txt
file had been create or not.
The third you must use ONE cookie for all session. So the victim know you logged in.
And try my source
$cookies = tempnam('/tmp','cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
How can I send cookies using PHP curl in addition to CURLOPT_COOKIEFILE?
If the cookie is generated from script, then you can send the cookie manually along with the cookie from the file(using cookie-file option). For example:
# sending manually set cookie
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Cookie: test=cookie"));
# sending cookies from file
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile);
In this case curl will send your defined cookie along with the cookies from the file.
If the cookie is generated through javascrript, then you have to trace it out how its generated and then you can send it using the above method(through http-header).
The utma utmc, utmz
are seen when cookies are sent from Mozilla. You shouldn't bet worry about these things anymore.
Finally, the way you are doing is alright. Just make sure you are using absolute path for the file names(i.e. /var/dir/cookie.txt
) instead of relative one.
Always enable the verbose mode when working with curl. It will help you a lot on tracing the requests. Also it will save lot of your times.
curl_setopt($ch, CURLOPT_VERBOSE, true);
Use Browser cookies in PHP Curl to log-in to a website
To verify the format of a cookie file: You can set
curl_setopt($ch, CURLOPT_COOKIEJAR, "path_to_the_cookie_file")
next run a CURL request to any website that sets cookies, then check the format of the set cookie file.
To send your cookies: Then build your cookie file with the desired cookies and use the setting
curl_setopt($ch, CURLOPT_COOKIEFILE, "path_to_the_cookie_file")
to make your CURL request send the cookies.
Edit #1: From the official PHP documentation (http://php.net/manual/en/function.curl-setopt.php):
The cookie file can be in Netscape format, or just plain HTTP-style
headers dumped into a file.
Edit #2: this is an example of a cookie file generated by CURL (source):
# Netscape HTTP Cookie File
# This file was generated by libcurl! Edit at your own risk.
.auto.com TRUE / FALSE 1452087781 ___suid 2ecfe4287cbeacd8399eaf98bec9ce0b.59089b9d033bc7c6dce8ea2fca139920
.auto.com TRUE / FALSE 1452865380 all7_user_region_confirmed 1
.auto.com TRUE / FALSE 1452865380 geo_location a%3A3%3A%7Bs%3A7%3A%22city_id%22%3Ba%3A0%3A%7B%7Ds%3A9%3A%22region_id%22%3Ba%3A1%3A%7Bi%3A0%3Bi%3A89%3B%7Ds%3A10%3A%22country_id%22%3Ba%3A0%3A%7B%7D%7D
.auto.com TRUE / FALSE 1423921380 autoru_sid ee094d60fa32eada_daf2da69dc79a59b7c8702a29554abbc
.auth.auto.com TRUE / FALSE 1421329026 autoru_sid
.auth.auto.com TRUE / FALSE 1421329026 autoru_sid_key
.auto.com TRUE / FALSE 1421329026 cc6882cb6b6f0c912cf9589734fcc1e6
.auto.com TRUE / FALSE 1452865027 user_name igor.savinkin5%40gmail.com
.auto.com TRUE / FALSE 1452865027 username igor.savinkin5%40gmail.com
Edit #3: What are all those entries in my cookies.txt file? (http://www.cookiecentral.com/faq/#3.5)
From left-to-right, here is what each field represents:
domain - The domain that created AND that can read the variable.
flag - A TRUE/FALSE value indicating if all machines within a given
domain can access the variable. This value is set automatically by the
browser, depending on the value you set for domain.path - The path within the domain that the variable is valid for.
secure - A TRUE/FALSE value indicating if a secure connection with the
domain is needed to access the variable.expiration - The UNIX time that the variable will expire on. UNIX time
is defined as the number of seconds since Jan 1, 1970 00:00:00 GMT.name - The name of the variable.
value - The value of the variable.
Getting and setting Cookies in PHP Curl Serverside
Curl manages cookies autonomously, you don't need to parse and set them:
<?php
$ch = curl_init('https://www.test.com/getcookie');
$cookiesFile = "cookies.txt"; // <--- cookies are stored here
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, false); // <---
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiesFile ); // <---
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiesFile ); // <---
$result = curl_exec($ch);
curl_close($ch);
if( $result === false ) {
// failure
}
Then
<?php
$cookiesFile = "cookies.txt"; // <--- cookies are retrieved here
$curl = curl_init( 'https://test.com/api' );
curl_setopt( $curl, CURLOPT_HTTPHEADER, array( 'Authorization: Bearer ' . $token ) );
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt( $curl, CURLOPT_COOKIEFILE, $cookiesFile ); // <---
curl_setopt( $curl, CURLOPT_COOKIEJAR, $cookiesFile ); // <---
$getbalance = curl_exec( $curl );
curl_close($curl);
You can specify a file where curl stores and reads cookies as in the example above.
Upon subsequent curl calls the cookies file is updated.
The cookies file doesn't need to exist prior of first call but of course PHP must have read/write access.
get cookies from curl
I used this and worked for me:
curl_setopt($ch, CURLOPT_HEADER, 1);
//Return everything
$res = curl_exec($ch);
//Split into lines
$lines = explode("\n", $res);
$headers = array();
$body = "";
foreach($lines as $num => $line){
$l = str_replace("\r", "", $line);
//Empty line indicates the start of the message body and end of headers
if(trim($l) == ""){
$headers = array_slice($lines, 0, $num);
$body = $lines[$num + 1];
//Pull only cookies out of the headers
$cookies = preg_grep('/^Set-Cookie:/', $headers);
break;
}
}
Related Topics
PHP Pdoexception: "Sqlstate[Hy093]: Invalid Parameter Number"
Where to Put Password_Verify in Login Script
How to Write SQL For a Table That Shares the Same Name as a Protected Keyword in MySQL
Laravel Eloquent Query Using Where With or and Or
Why Is Require_Once So Bad to Use
PHPmailer - Smtp Error: Password Command Failed When Send Mail from My Server
Curl Error 60, Ssl Certificate Issue: Self Signed Certificate in Certificate Chain
Curl and PHP - How to Pass a Json Through Curl by Put,Post,Get
What Is the "-≫" PHP Operator Called
PHP Json_Encode Encoding Numbers as Strings
Encrypting/Decrypting File With Mcrypt
Codeigniter: How to Connect to Your Database Server Using the Provided Settings Error Message
PHPexcel Runs Out of 256, 512 and Also 1024Mb of Ram
PHP Mail Not Working For Some Reason
How to Use a JavaScript Variable as a PHP Variable
Get PHP to Stop Replacing '.' Characters in $_Get or $_Post Arrays
Why Is the Hash Part of the Url Not Available on the Server Side