I try to login with curl to a SSL secured website but somehow I don't get it right.
The first curl connection retrieves the login form. An SSL issue in the beginning is resolved now. The fields used for authentication and all hidden fields are identified and used for the following POST. The cookie file is defined and the jar to read from as well. The cookie file is accessible and gets updated with each login attempt. A session cookie is successfully set by curl. The HTTPHEADER is removed to stop the request from hitting the 100 Continue wall. Curl is configured to follow up and to send a referer. However, I still cannot find where the script gets stuck. Neither Curl nor PHP issue any error messages or warnings.
Here is the shortened script:
$ch = curl_init(); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1); curl_setopt($ch, CURLOPT_AUTOREFERER, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:')); // remove Expect header to avoid 100 Continue situations curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla [abbreviated]'); curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__).'/cacert.pem'); curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__).'/cookie.hq.txt'); // write cookies curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__).'/cookie.hq.txt'); // read cookies curl_setopt($ch, CURLOPT_COOKIESESSION, 1); curl_setopt($ch, CURLOPT_URL, 'https://the_url.jsp'); $data = curl_exec($ch); $error= curl_error($ch); if(!empty($error)) echo '<p>'.$error.'</p>'; else echo '<p>ok</p>';
Now the script reads the form, fills in the credentials and POSTs it back using the same curl_init handle:
curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $options); $data = curl_exec($ch); $error=curl_error($ch);
But all I get back is the same form again and the same session cookie or a new one depending on the CURLOPT_COOKIESESSION setting.
Solved: Finally the issue was due to an encoding issue in the POST. Initially the POST data was created from an array with http_build_query(). Now the POST data is simply concatenated and both keys and values are urlencoded separately: