0

I have the following code:

public function get_session($data){
    $this->ch = curl_init("http://example.com/login");
    curl_setopt($this->ch, CURLOPT_COOKIEJAR, "cookie.txt");
    curl_setopt($this->ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($this->ch, CURLOPT_HEADER, 0);
    curl_setopt($this->ch, CURLOPT_POSTFIELDS,$data);
    curl_setopt($this->ch, CURLOPT_POST, 1);
    curl_setopt($this->ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($this->ch, CURLOPT_USERAGENT,  "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0"); 
    $result = curl_exec($this->ch);
    curl_close($this->ch);
    $this->ch = curl_init("http://example.com/profile/0354258911/");
    curl_setopt($this->ch, CURLOPT_COOKIEFILE, "cookie.txt");
    curl_setopt($this->ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($this->ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($this->ch, CURLOPT_HEADER, 0);
    curl_setopt($this->ch, CURLOPT_USERAGENT,  "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0"); 
    $result = curl_exec($this->ch);
    echo $result;
    curl_close($this->ch);
}

The problem is that the second request that is sent, is sent without the correct session. I tried to replicate the login request with a web proxy tool.. there is no anti CSRF defense that I missed. All I want my code to do is to send a request, get the cookie when arriving at the login page. Then send my credential with the cookie.. and receive a response after being authenticated.

XWorm
  • 195
  • 2
  • 8
  • Drop your `CURLOPT_COOKIESESSION` settings, they actively hinder you. – Wrikken Sep 28 '14 at 20:25
  • I removed it. I cant get the next page :(.. I cant submit a login request that will give me a cookie that I want for the second request to be submitted when the user is authenticated. – XWorm Sep 29 '14 at 07:39
  • Can you give curl the _full path_ to the cookie file? Not relative to current working dir etc. – Wrikken Sep 29 '14 at 10:48

0 Answers0