PHP cURL: Authentication
|
PHP cURL : Introduction | Basics | Authentication | SSL | GET & POST | GET POST SSL AUTH | CLI Set-up | CLI DtDNS Updater 1 | CLI DtDNS Updater 2
|
|
|
|
UniServer 5-Nano PHP cURL. |
Validation Servrs
While testing; knocking on a server’s door that performs validation is not a good idea. After a few failed attempts you are bound to trigger some defense mechanism. This can take the form of a timed delay to next login or awaken the draconian dragon, which will ban your IP address.
With the above in mind it is best to simulate before committing to a real server.
Note: Always first check to see if a test server is provided for example most financial gateways do. Hence you can hammer these to your hearts content without awaking that draconian dragon.
Authentication Test Server
Our test server curl_2 is easily converted into a authentication server you don't even have to restart it.
Edit file C:\curl_2\UniServer\www\.htaccess
Change these four lines:
#AuthName "Uniform Server - Server Access" #AuthType Basic #AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd #Require valid-user
To:
AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd Require valid-user
Quick test:
Type http://localhost:82/ into your browser, when challenged for a name and password press cancel.
A page is displayed with something like Authorization Required, this confirms authentication is enabled.
Example 5 - Download and display a page
Create a new text file in folder C:\curl_1\UniServer\www and name it test5.php add the following content
<?php $ch=curl_init(); curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php'); curl_exec($ch); curl_close($ch); ?> |
Test:
- Run both servers
- Type http://localhost/test5.php into your browser
- Result: Page displayed as follows
Authorization Required This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
The above proves our servers are set-up and working correctly.
Add Name and Password response
The above fails because we have not informed Curl how to respond when challenged for a name and password.
In reality all that is requied is to pass Curl a name and password it knows how ro respond to a challenge.
A name and password is passed to Curl using the following function:
- curl_setopt($ch, CURLOPT_USERPWD, "myusername:mypassword")
Our test server curl_2 uses Uniform Server's defaults name=root password=root
Modify file C:\curl_1\UniServer\www\test5.php
<?php $ch=curl_init(); curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php'); curl_setopt($ch, CURLOPT_USERPWD, "root:root"); curl_exec($ch); curl_close($ch); ?> |
Test:
- Run both servers
- Type http://localhost/test5.php into your browser
- Result: Your IP is 127.0.0.1 - displayed
Note:
When a Curl session is closed communication to a remote server is also closed.
What that means every time a script is run a remote server will always issue a name/password challenge.
Example 6 - Download and save page to a variable
I have taken example 4 and added the above line.
Create a new text file in folder C:\curl_1\UniServer\www and name it test6.php add the following content
<?php
$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php');
curl_setopt($ch, CURLOPT_USERPWD, "root:root");
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
$buffer = curl_exec($ch);
curl_close($ch);
if (empty($buffer)){
print "Need to recover from this!<br />";
}
else{
print "There was data returned using curl.<br />";
print "Buffer content = ".$buffer."<br />";
// Extract IP address
if(preg_match("/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/", $buffer, $ipmatch)){
$ip = $ipmatch[0]; // Save IP to variable
print $ip;
}
}
?>
|
Test:
- Run servers
- Type http://localhost/test6.php into your browser
- Result:
There was data returned using curl. Buffer content = Your IP is 127.0.0.1 127.0.0.1
Summary
Well returning a name and password when challenged was not difficult requiring only a single function.
Very few providers allow name/passwords over an unencrypted connection.
The next page covers connecting to a server using https (SSL)