PHP cURL: Authentication: Difference between revisions
(New page: {{Nav PHP cURL}} '''Validation Servrs''' While testing; knocking on a server’s door that performs validation is not a good idea. After a few failed attempts you are bound to trigger som...) |
Upazixorys (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
=[http://awibuky.co.cc This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page]= | |||
{{Nav PHP cURL}} | {{Nav PHP cURL}} | ||
'''Validation Servrs''' | '''Validation Servrs''' | ||
| Line 14: | Line 15: | ||
Change these four lines: | Change these four lines: | ||
<pre> | |||
#AuthName | #AuthName "Uniform Server - Server Access" | ||
#AuthType Basic | #AuthType Basic | ||
#AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd | #AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd | ||
#Require valid-user | #Require valid-user | ||
</pre> | |||
To: | To: | ||
<pre> | |||
AuthName | AuthName "Uniform Server - Server Access" | ||
AuthType Basic | AuthType Basic | ||
AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd | AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd | ||
Require valid-user | Require valid-user | ||
</pre> | |||
'''''Quick test'':''' | '''''Quick test'':''' | ||
Type ''' | Type '''<nowiki>http</nowiki>://localhost:82/''' into your browser, when challenged for a name and password press '''cancel'''. | ||
A page is displayed with something like Authorization Required, this confirms authentication is enabled. | A page is displayed with something like Authorization Required, this confirms authentication is enabled. | ||
| Line 37: | Line 38: | ||
== Example 5 - Download and display a page == | == Example 5 - Download and display a page == | ||
Create a new text file in folder C:\curl_1\UniServer\'''www''' and name it '''test5.php''' add the following content | Create a new text file in folder C:\curl_1\UniServer\'''www''' and name it '''test5.php''' add the following content | ||
{|cellspacing= | {|cellspacing="6" | ||
|- | |- | ||
| | | | ||
<pre> | |||
<?php | |||
$ch=curl_init(); | $ch=curl_init(); | ||
curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php'); | curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php'); | ||
curl_exec($ch); | curl_exec($ch); | ||
curl_close($ch); | curl_close($ch); | ||
? | ?> | ||
</pre> | |||
|} | |} | ||
'''''Test'':''' | '''''Test'':''' | ||
* Run both servers | * Run both servers | ||
* Type ''' | * Type '''<nowiki>http:</nowiki>//localhost/test5.php''' into your browser | ||
* Result: Page displayed as follows | * Result: Page displayed as follows | ||
<pre> | |||
Authorization Required | Authorization Required | ||
| Line 60: | Line 61: | ||
(e.g., bad password), or your browser doesn't understand how to | (e.g., bad password), or your browser doesn't understand how to | ||
supply the credentials required. | supply the credentials required. | ||
</pre> | |||
The above proves our servers are set-up and working correctly. | The above proves our servers are set-up and working correctly. | ||
| Line 71: | Line 72: | ||
A name and password is passed to Curl using the following function: | A name and password is passed to Curl using the following function: | ||
* '''curl_setopt($ch, CURLOPT_USERPWD, | * '''curl_setopt($ch, CURLOPT_USERPWD, "myusername:mypassword")''' | ||
Our test server curl_2 uses Uniform Server's defaults name='''root''' password='''root ''' | Our test server curl_2 uses Uniform Server's defaults name='''root''' password='''root ''' | ||
Modify file C:\curl_1\UniServer\www\'''test5.php''' | Modify file C:\curl_1\UniServer\www\'''test5.php''' | ||
{|cellspacing= | {|cellspacing="6" | ||
|- | |- | ||
| | | | ||
<pre> | |||
<?php | |||
$ch=curl_init(); | $ch=curl_init(); | ||
curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php'); | curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php'); | ||
curl_setopt($ch, CURLOPT_USERPWD, | curl_setopt($ch, CURLOPT_USERPWD, "root:root"); | ||
curl_exec($ch); | curl_exec($ch); | ||
curl_close($ch); | curl_close($ch); | ||
? | ?> | ||
</pre> | |||
|} | |} | ||
'''''Test'':''' | '''''Test'':''' | ||
* Run both servers | * Run both servers | ||
* Type ''' | * Type '''<nowiki>http:</nowiki>//localhost/test5.php''' into your browser | ||
* Result: '''Your IP is 127.0.0.1''' - displayed | * Result: '''Your IP is 127.0.0.1''' - displayed | ||
| Line 106: | Line 107: | ||
Create a new text file in folder C:\curl_1\UniServer\'''www''' and name it '''test6.php''' add the following content | Create a new text file in folder C:\curl_1\UniServer\'''www''' and name it '''test6.php''' add the following content | ||
{|cellspacing= | {|cellspacing="6" | ||
|- | |- | ||
| | | | ||
<pre> | |||
<?php | |||
$ch=curl_init(); | $ch=curl_init(); | ||
curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php'); | curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php'); | ||
curl_setopt($ch, CURLOPT_USERPWD, | curl_setopt($ch, CURLOPT_USERPWD, "root:root"); | ||
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5); | curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5); | ||
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); | curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); | ||
| Line 120: | Line 121: | ||
if (empty($buffer)){ | if (empty($buffer)){ | ||
print | print "Need to recover from this!<br />"; | ||
} | } | ||
else{ | else{ | ||
print | print "There was data returned using curl.<br />"; | ||
print | print "Buffer content = ".$buffer."<br />"; | ||
// Extract IP address | // Extract IP address | ||
if(preg_match( | if(preg_match("/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/", $buffer, $ipmatch)){ | ||
$ip = $ipmatch[0]; // Save IP to variable | $ip = $ipmatch[0]; // Save IP to variable | ||
print $ip; | print $ip; | ||
} | } | ||
} | } | ||
? | ?> | ||
</pre> | |||
|} | |} | ||
'''''Test'':''' | '''''Test'':''' | ||
* Run servers | * Run servers | ||
* Type ''' | * Type '''<nowiki>http:</nowiki>//localhost/test6.php''' into your browser | ||
* Result: | * Result: | ||
<pre> | |||
There was data returned using curl. | There was data returned using curl. | ||
Buffer content = Your IP is 127.0.0.1 | Buffer content = Your IP is 127.0.0.1 | ||
127.0.0.1 | 127.0.0.1 | ||
</pre> | |||
'''''[[#top | Top]]''''' | '''''[[#top | Top]]''''' | ||
Revision as of 01:16, 24 November 2010
This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page
|
PHP cURL : Introduction | Basics | Authentication | SSL | GET & POST | GET POST SSL AUTH | CLI Set-up | CLI DtDNS Updater 1 | CLI DtDNS Updater 2
|
|
|
|
UniServer 5-Nano PHP cURL. |
Validation Servrs
While testing; knocking on a server’s door that performs validation is not a good idea. After a few failed attempts you are bound to trigger some defense mechanism. This can take the form of a timed delay to next login or awaken the draconian dragon, which will ban your IP address.
With the above in mind it is best to simulate before committing to a real server.
Note: Always first check to see if a test server is provided for example most financial gateways do. Hence you can hammer these to your hearts content without awaking that draconian dragon.
Authentication Test Server
Our test server curl_2 is easily converted into a authentication server you don't even have to restart it.
Edit file C:\curl_2\UniServer\www\.htaccess
Change these four lines: <pre>
- AuthName "Uniform Server - Server Access"
- AuthType Basic
- AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd
- Require valid-user
</pre> To: <pre> AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd Require valid-user </pre> Quick test:
Type <nowiki>http</nowiki>://localhost:82/ into your browser, when challenged for a name and password press cancel.
A page is displayed with something like Authorization Required, this confirms authentication is enabled.
Example 5 - Download and display a page
Create a new text file in folder C:\curl_1\UniServer\www and name it test5.php add the following content
|
<pre> <?php $ch=curl_init(); curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php'); curl_exec($ch); curl_close($ch); ?> </pre> |
Test:
- Run both servers
- Type <nowiki>http:</nowiki>//localhost/test5.php into your browser
- Result: Page displayed as follows
<pre> Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. </pre> The above proves our servers are set-up and working correctly.
Add Name and Password response
The above fails because we have not informed Curl how to respond when challenged for a name and password.
In reality all that is requied is to pass Curl a name and password it knows how ro respond to a challenge.
A name and password is passed to Curl using the following function:
- curl_setopt($ch, CURLOPT_USERPWD, "myusername:mypassword")
Our test server curl_2 uses Uniform Server's defaults name=root password=root
Modify file C:\curl_1\UniServer\www\test5.php
|
<pre> <?php $ch=curl_init(); curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php'); curl_setopt($ch, CURLOPT_USERPWD, "root:root"); curl_exec($ch); curl_close($ch); ?> </pre> |
Test:
- Run both servers
- Type <nowiki>http:</nowiki>//localhost/test5.php into your browser
- Result: Your IP is 127.0.0.1 - displayed
Note:
When a Curl session is closed communication to a remote server is also closed.
What that means every time a script is run a remote server will always issue a name/password challenge.
Example 6 - Download and save page to a variable
I have taken example 4 and added the above line.
Create a new text file in folder C:\curl_1\UniServer\www and name it test6.php add the following content
|
<pre> <?php $ch=curl_init(); curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php'); curl_setopt($ch, CURLOPT_USERPWD, "root:root"); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); $buffer = curl_exec($ch); curl_close($ch); if (empty($buffer)){ print "Need to recover from this!<br />"; } else{ print "There was data returned using curl.<br />"; print "Buffer content = ".$buffer."<br />"; // Extract IP address
if(preg_match("/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/", $buffer, $ipmatch)){
$ip = $ipmatch[0]; // Save IP to variable
print $ip;
}
} ?> </pre> |
Test:
- Run servers
- Type <nowiki>http:</nowiki>//localhost/test6.php into your browser
- Result:
<pre> There was data returned using curl. Buffer content = Your IP is 127.0.0.1 127.0.0.1 </pre>
Summary
Well returning a name and password when challenged was not difficult requiring only a single function.
Very few providers allow name/passwords over an unencrypted connection.
The next page covers connecting to a server using https (SSL)