Retrieving login cookie with php curl or c#

Question

I need to programmatically log into a remote site, get the login cookie, go to another site that has an iframe that checks for that cookie, which will then display a dashboard.

From what I gather, the process appears to be.

Go to login page, retrieve login cookie (Zend Form)
POST username and password to PHP form
Retrieve login cookie (PHPSESSID)
Store the cookie in the web browser file location or open with a c# view. Preferably safari
Go to a hosted dashboard with the iframe, which checks for the cookie.

I followed this guide and was able to login successfully to the first site and output the html of the page behind the form.

Login to website, via C#

I tried modifying the script to use the cookie container to open another request to a test server I have with the iframe, and open it in a web browser. Which does not appear to work.

I believe that PHP curl would be a better way of achieving this as it interacts directly with the web browser. I am guessing this would make storing the cookie easier.

Here is my c# script, which is able to login. I made a quick bash command that inserts the sites url into relative src and href references to see if the page would load from the "test.html" file. It does not work

        System.Net.CookieCollection cookies = new System.Net.CookieCollection();
        System.Net.HttpWebRequest request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create("http://surepathprofile.spower.com/entry"); 
        request.CookieContainer = new System.Net.CookieContainer();
        request.CookieContainer.Add(cookies);
        //Get the response from the server and save the cookies from the first request..
        System.Net.HttpWebResponse response = (System.Net.HttpWebResponse)request.GetResponse();
        cookies = response.Cookies;

        string getUrl = "http://surepathprofile.spower.com/entry/login";
        string postData = String.Format("username={0}&password={1}&submit={2}", "###USERNAME###", "####PASSWORD####", "Submit");
        System.Net.HttpWebRequest getRequest = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(getUrl);
        getRequest.CookieContainer = new System.Net.CookieContainer();
        getRequest.CookieContainer.Add(cookies); //recover cookies First request
        getRequest.Method = System.Net.WebRequestMethods.Http.Post;
        getRequest.UserAgent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36";
        getRequest.AllowWriteStreamBuffering = true;
        getRequest.ProtocolVersion = System.Net.HttpVersion.Version11;
        getRequest.AllowAutoRedirect = true;
        getRequest.ContentType = "application/x-www-form-urlencoded";

        byte[] byteArray = System.Text.Encoding.ASCII.GetBytes(postData);
        getRequest.ContentLength = byteArray.Length;   

        System.IO.Stream newStream = getRequest.GetRequestStream(); //open connection
        newStream.Write(byteArray, 0, byteArray.Length); // Send the data.
        newStream.Close();

        System.Net.HttpWebResponse getResponse = (System.Net.HttpWebResponse)getRequest.GetResponse();
        cookies = response.Cookies;

        getUrl = "http://104.131.149.136/"; //TEST SERVER WITH IFRAME
        getRequest = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(getUrl);
        getRequest.CookieContainer = new System.Net.CookieContainer();
        getRequest.CookieContainer.Add(cookies); //recover cookies First request

        getResponse = (System.Net.HttpWebResponse)getRequest.GetResponse();

        string sourceCode = "";
        System.IO.Stream recieveStream = getResponse.GetResponseStream();
        using (System.IO.StreamReader sr = new System.IO.StreamReader(recieveStream))
        {

            sourceCode = sr.ReadToEnd();               
        } 
        System.Console.Write (sourceCode);

        System.IO.File.WriteAllText("test.html", sourceCode);


        System.Windows.Forms.WebBrowser webBrowser = new System.Windows.Forms.WebBrowser();
        webBrowser.DocumentStream = recieveStream;

EDIT:

I made the script using PHP curl, still doesn't work. It appears to be creating a PHPSID which is one step closer. I think since the domain is wrong (my server) instead of theirs it does not work.

session_start();    
    echo session_id();




    $username = 'asd';
    $password = 'asd';
    $loginUrl = 'http://surepathprofile.spower.com/entry/login';
    $loginForm = 'http://surepathprofile.spower.com/entry/';

    //init curl
    $ch = curl_init();



    //curl_setopt($ch,CURLOPT_COOKIEJAR, "cookie.txt");
    //curl_setopt($ch,CURLOPT_COOKIEFILE, "cookie.txt") 

    //$store = curl_exec($ch);

    curl_setopt($ch, CURLOPT_URL, $loginUrl);

    // ENABLE HTTP POST
    curl_setopt($ch, CURLOPT_POST, 1);

    //Set the post parameters
    curl_setopt($ch, CURLOPT_POSTFIELDS, 'user='.$username.'&pass='.$password.'&submit=Submit');

    //Handle cookies for the login
    curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');



    curl_setopt($ch,CURLOPT_USERAGENT, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36");
    curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch,CURLOPT_COOKIEJAR, "cookie.txt");
    curl_setopt($ch,CURLOPT_COOKIEFILE, "cookie.txt");



    //Setting CURLOPT_RETURNTRANSFER variable to 1 will force cURL
    //not to print out the results of its query.
    //Instead, it will return the results as a string return value
    //from curl_exec() instead of the usual true/false.
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

    //execute the request (the login)
    $store = curl_exec($ch);

    //the login is now done and you can continue to get the
    //protected content.

    //set the URL to the protected file
    //curl_setopt($ch, CURLOPT_URL, 'http://104.131.149.136/');

    //execute the request
    //$content = curl_exec($ch);

    print_r(curl_error($ch));
    print_r(curl_getinfo($ch));
    print_r(curl_errno($ch));

Without having a user name and password there is nothing I can do to help. — Misunderstood, Apr 09 '15 at 21:32
This can be done via curl in PHP, I'm just not sure what you're asking here. Are you trying to set the Cookie in your browser or in the curl cookie retainer for future curl calls to this remote site? — Twisty, Apr 09 '15 at 22:02
Maybe start here: http://stackoverflow.com/questions/2138527/php-curl-http-post-sample-code — Twisty, Apr 09 '15 at 22:04

Misunderstood · Answer 1 · 2015-04-10T22:54:16.570

Without username and password I could not test. But here is what you need.

To get the cookies, you do not need, and possibly never will need:

curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);

If POST fields are done like this, it may need to be url encoded with urlencode()

   curl_setopt($ch, CURLOPT_POSTFIELDS, 'user='.$username.'&pass='.$password.'&submit=Submit');

When the post data is in an array, encode is not needed because curl will change the content type from encoded:

Content-Type: application/x-www-form-urlencoded

to

 Content-Type: multipart/form-data

You can try the cookie jar, it often will work:

 curl_setopt($ch,CURLOPT_COOKIEFILE, "cookie.txt")

But I have my own routine to handle the cookies. I am not going to explain when you NEED to use my routine as it gets very involved. It does not hurt to use my routine all the time, I do.

This PHP code should do exactly what you want. (Untested)
The header on first line is just for the stuff that is echoed at end of script
Request Headers ($request) are to make the HTTP Request look exactly like a Browser request, they are not needed. Some sites require the login to be made from a Browser.

It is important below that FOLLOWLOCATION is TRUE

When a site purposely tries to fool curl programmers, you have to set:

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);

Put the code in a loop, and follow the request (after curl_exec()) with:

$status = intval(curl_getinfo($ch,CURLINFO_HTTP_CODE));
if ($status > 299 && $status < 400){
  $location = curl_getinfo($ch,CURLINFO_REDIRECT_URL );
}

Then repeat all the code over again because there will be redirects. Keep repeating the code until there are no more requests. (e.g. HTTP Code: 200

COOKIESESSION is only used on the first request to clear curl cookies.

curl_setopt($ch, CURLOPT_COOKIESESSION , true );

I broke the curl_setopt into 4 sections.
RETURNTRANSFER, FOLLOWLOCATION are always used
POST, POSTFIELDS, and HTTPHEADER depend on the type of Request
ENCODING is not needed, especially here, because I used Accept-Encoding: gzip, deflate in HTTPHEADER, but is a good thing to have when you don't want the result gzipped.
CONNECTTIMEOUT, TIMEOUT and FAILONERROR are highly recommended but not required.

Untested PHP

(untested because I did not have password)

<?php  header('Content-Type: text/plain; charset=utf-8');


$user = "";
$pass = "";

$post = array('username'=>$user,'password'=>$pass,'Submit'=>'Submit');


$request = array();
$request[] = 'Host: surepathprofile.spower.com';
$request[] = 'Connection: keep-alive';
$request[] = 'Pragma: no-cache';
$request[] = 'Cache-Control: no-cache';
$request[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8';
$request[] = 'User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36';
$request[] = 'DNT: 1';
$request[] = 'Origin: http://surepathprofile.spower.com';
$request[] = 'Referer: http://surepathprofile.spower.com/entry/login';
$request[] = 'Accept-Encoding: gzip, deflate';
$request[] = 'Accept-Language: en-US,en;q=0.8';


$url = 'http://surepathprofile.spower.com/entry/login';
$ch = curl_init($url);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_HTTPHEADER, $request);
curl_setopt($ch, CURLOPT_ENCODING,"");

curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 100);
curl_setopt($ch, CURLOPT_TIMEOUT,100);
curl_setopt($ch, CURLOPT_FAILONERROR,true);
curl_setopt($ch, CURLOPT_ENCODING,"");

curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $request);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_HEADER, true);


$data = curl_exec($ch);
if (curl_errno($ch)){
    $data .= 'Retreive Base Page Error: ' . curl_error($ch);
}
else {
  $info = rawurldecode(var_export(curl_getinfo($ch),true));

 // Get the cookies:

  $skip = intval(curl_getinfo($ch, CURLINFO_HEADER_SIZE)); 
  $requestHeader= substr($data,0,$skip);
  $e = 0;
  while(true){
    $s = strpos($requestHeader,'Set-Cookie: ',$e);
    if (!$s){break;}
    $s += 12;
    $e = strpos($head,';',$s);
    $cookie = substr($requestHeader,$s,$e-$s) ;
    $s = strpos($cookie,'=');
    $key = substr($cookie,0,$s);
    $value = substr($cookie,$s);
    $cookies[$key] = $value;
  }

// Create cookie for subsequent Requests:

 $cookie = '';
 $show = '';
 $head = '';
 $delim = '';
 foreach ($cookies as $k => $v){
   $cookie .= "$delim$k$v";
   $delim = '; ';
 }

echo <<<EOT
Use $cookies like this:

curl_setopt($ch, CURLOPT_COOKIESESSION , true );
curl_setopt($ch, CURLOPT_COOKIE, $cookie );


Header: 
$requestHeader

Cookie: 
$cookie 

Info:
$info

Data  : 
$data 


EOT;

Retrieving login cookie with php curl or c#

1 Answers1

Untested PHP