Difference between revisions of "PHP cURL: Authentication"

From The Uniform Server Wiki
Jump to navigation Jump to search
(New page: {{Nav PHP cURL}} '''Validation Servrs''' While testing; knocking on a server’s door that performs validation is not a good idea. After a few failed attempts you are bound to trigger som...)
 
Line 1: Line 1:
 +
=[http://awibuky.co.cc This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page]=
 
{{Nav PHP cURL}}
 
{{Nav PHP cURL}}
 
'''Validation Servrs'''
 
'''Validation Servrs'''
Line 14: Line 15:
  
 
Change these four lines:
 
Change these four lines:
<pre>
+
&lt;pre&gt;
#AuthName "Uniform Server - Server Access"
+
#AuthName &quot;Uniform Server - Server Access&quot;
 
#AuthType Basic
 
#AuthType Basic
 
#AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd
 
#AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd
 
#Require valid-user
 
#Require valid-user
</pre>
+
&lt;/pre&gt;
 
To:
 
To:
<pre>
+
&lt;pre&gt;
AuthName "Uniform Server - Server Access"
+
AuthName &quot;Uniform Server - Server Access&quot;
 
AuthType Basic
 
AuthType Basic
 
AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd
 
AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd
 
Require valid-user
 
Require valid-user
</pre>
+
&lt;/pre&gt;
 
'''''Quick test'':'''
 
'''''Quick test'':'''
  
Type '''<nowiki>http</nowiki>://localhost:82/''' into your browser, when challenged for a name and password press '''cancel'''.  
+
Type '''&lt;nowiki&gt;http&lt;/nowiki&gt;://localhost:82/''' into your browser, when challenged for a name and password press '''cancel'''.  
  
 
A page is displayed with something like Authorization Required, this confirms authentication is enabled.
 
A page is displayed with something like Authorization Required, this confirms authentication is enabled.
Line 37: Line 38:
 
== Example 5 - Download and display a page ==
 
== Example 5 - Download and display a page ==
 
Create a new text file in folder C:\curl_1\UniServer\'''www''' and name it '''test5.php''' add the following content
 
Create a new text file in folder C:\curl_1\UniServer\'''www''' and name it '''test5.php''' add the following content
{|cellspacing="6"
+
{|cellspacing=&quot;6&quot;
 
|-
 
|-
 
|
 
|
<pre>
+
&lt;pre&gt;
<?php
+
&lt;?php
 
  $ch=curl_init();
 
  $ch=curl_init();
 
  curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php');
 
  curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php');
 
  curl_exec($ch);
 
  curl_exec($ch);
 
  curl_close($ch);
 
  curl_close($ch);
?>
+
?&gt;
</pre>
+
&lt;/pre&gt;
 
|}
 
|}
 
'''''Test'':'''
 
'''''Test'':'''
 
* Run both servers
 
* Run both servers
* Type '''<nowiki>http:</nowiki>//localhost/test5.php''' into your browser
+
* Type '''&lt;nowiki&gt;http:&lt;/nowiki&gt;//localhost/test5.php''' into your browser
 
* Result: Page displayed as follows
 
* Result: Page displayed as follows
<pre>
+
&lt;pre&gt;
 
Authorization Required
 
Authorization Required
  
Line 60: Line 61:
 
(e.g., bad password), or your browser doesn't understand how to
 
(e.g., bad password), or your browser doesn't understand how to
 
supply the credentials required.
 
supply the credentials required.
</pre>
+
&lt;/pre&gt;
 
The above proves our servers are set-up and working correctly.
 
The above proves our servers are set-up and working correctly.
  
Line 71: Line 72:
 
A name and password is passed to Curl using the following function:
 
A name and password is passed to Curl using the following function:
  
* '''curl_setopt($ch, CURLOPT_USERPWD, "myusername:mypassword")'''  
+
* '''curl_setopt($ch, CURLOPT_USERPWD, &quot;myusername:mypassword&quot;)'''  
  
 
Our test server curl_2 uses Uniform Server's defaults name='''root''' password='''root '''
 
Our test server curl_2 uses Uniform Server's defaults name='''root''' password='''root '''
  
 
Modify file C:\curl_1\UniServer\www\'''test5.php'''
 
Modify file C:\curl_1\UniServer\www\'''test5.php'''
{|cellspacing="6"
+
{|cellspacing=&quot;6&quot;
 
|-
 
|-
 
|
 
|
<pre>
+
&lt;pre&gt;
<?php
+
&lt;?php
 
  $ch=curl_init();
 
  $ch=curl_init();
 
  curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php');
 
  curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php');
curl_setopt($ch, CURLOPT_USERPWD, "root:root");
+
curl_setopt($ch, CURLOPT_USERPWD, &quot;root:root&quot;);
 
  curl_exec($ch);
 
  curl_exec($ch);
 
  curl_close($ch);
 
  curl_close($ch);
?>
+
?&gt;
</pre>
+
&lt;/pre&gt;
 
|}
 
|}
 
'''''Test'':'''
 
'''''Test'':'''
 
* Run both servers
 
* Run both servers
* Type '''<nowiki>http:</nowiki>//localhost/test5.php''' into your browser
+
* Type '''&lt;nowiki&gt;http:&lt;/nowiki&gt;//localhost/test5.php''' into your browser
 
* Result: '''Your IP is 127.0.0.1''' - displayed
 
* Result: '''Your IP is 127.0.0.1''' - displayed
  
Line 106: Line 107:
  
 
Create a new text file in folder C:\curl_1\UniServer\'''www''' and name it '''test6.php''' add the following content
 
Create a new text file in folder C:\curl_1\UniServer\'''www''' and name it '''test6.php''' add the following content
{|cellspacing="6"
+
{|cellspacing=&quot;6&quot;
 
|-
 
|-
 
|
 
|
<pre>
+
&lt;pre&gt;
<?php
+
&lt;?php
 
$ch=curl_init();
 
$ch=curl_init();
 
curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php');
 
curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php');
curl_setopt($ch, CURLOPT_USERPWD, "root:root");
+
curl_setopt($ch, CURLOPT_USERPWD, &quot;root:root&quot;);
 
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5);
 
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5);
 
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
 
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
Line 120: Line 121:
  
 
if (empty($buffer)){
 
if (empty($buffer)){
   print "Need to recover from this!<br />";
+
   print &quot;Need to recover from this!&lt;br /&gt;&quot;;
 
}
 
}
  
 
else{
 
else{
   print "There was data returned using curl.<br />";
+
   print &quot;There was data returned using curl.&lt;br /&gt;&quot;;
   print "Buffer content = ".$buffer."<br />";
+
   print &quot;Buffer content = &quot;.$buffer.&quot;&lt;br /&gt;&quot;;
  
 
   // Extract IP address  
 
   // Extract IP address  
  if(preg_match("/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/", $buffer, $ipmatch)){   
+
  if(preg_match(&quot;/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/&quot;, $buffer, $ipmatch)){   
 
     $ip = $ipmatch[0]; // Save IP to variable
 
     $ip = $ipmatch[0]; // Save IP to variable
 
     print $ip;                                 
 
     print $ip;                                 
 
  }
 
  }
 
}
 
}
?>
+
?&gt;
</pre>
+
&lt;/pre&gt;
 
|}
 
|}
 
'''''Test'':'''
 
'''''Test'':'''
 
* Run servers
 
* Run servers
* Type '''<nowiki>http:</nowiki>//localhost/test6.php''' into your browser
+
* Type '''&lt;nowiki&gt;http:&lt;/nowiki&gt;//localhost/test6.php''' into your browser
 
* Result:
 
* Result:
<pre>
+
&lt;pre&gt;
 
There was data returned using curl.
 
There was data returned using curl.
 
Buffer content = Your IP is 127.0.0.1
 
Buffer content = Your IP is 127.0.0.1
 
127.0.0.1
 
127.0.0.1
</pre>
+
&lt;/pre&gt;
  
 
'''''[[#top | Top]]'''''
 
'''''[[#top | Top]]'''''

Revision as of 01:16, 24 November 2010

This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page

 

MPG UniCenter

UniServer 5-Nano
PHP cURL.

Validation Servrs

While testing; knocking on a server’s door that performs validation is not a good idea. After a few failed attempts you are bound to trigger some defense mechanism. This can take the form of a timed delay to next login or awaken the draconian dragon, which will ban your IP address.

With the above in mind it is best to simulate before committing to a real server.

Note: Always first check to see if a test server is provided for example most financial gateways do. Hence you can hammer these to your hearts content without awaking that draconian dragon.

Authentication Test Server

Our test server curl_2 is easily converted into a authentication server you don't even have to restart it.

Edit file C:\curl_2\UniServer\www\.htaccess

Change these four lines: <pre>

  1. AuthName "Uniform Server - Server Access"
  2. AuthType Basic
  3. AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd
  4. Require valid-user

</pre> To: <pre> AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd Require valid-user </pre> Quick test:

Type <nowiki>http</nowiki>://localhost:82/ into your browser, when challenged for a name and password press cancel.

A page is displayed with something like Authorization Required, this confirms authentication is enabled.

Top

Example 5 - Download and display a page

Create a new text file in folder C:\curl_1\UniServer\www and name it test5.php add the following content

<pre> <?php

$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php');
curl_exec($ch);
curl_close($ch);

?> </pre>

Test:

  • Run both servers
  • Type <nowiki>http:</nowiki>//localhost/test5.php into your browser
  • Result: Page displayed as follows

<pre> Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. </pre> The above proves our servers are set-up and working correctly.

Top

Add Name and Password response

The above fails because we have not informed Curl how to respond when challenged for a name and password.

In reality all that is requied is to pass Curl a name and password it knows how ro respond to a challenge.

A name and password is passed to Curl using the following function:

  • curl_setopt($ch, CURLOPT_USERPWD, "myusername:mypassword")

Our test server curl_2 uses Uniform Server's defaults name=root password=root

Modify file C:\curl_1\UniServer\www\test5.php

<pre> <?php

$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php');

curl_setopt($ch, CURLOPT_USERPWD, "root:root");

curl_exec($ch);
curl_close($ch);

?> </pre>

Test:

  • Run both servers
  • Type <nowiki>http:</nowiki>//localhost/test5.php into your browser
  • Result: Your IP is 127.0.0.1 - displayed

Note:

When a Curl session is closed communication to a remote server is also closed.

What that means every time a script is run a remote server will always issue a name/password challenge.

Top

Example 6 - Download and save page to a variable

I have taken example 4 and added the above line.

Create a new text file in folder C:\curl_1\UniServer\www and name it test6.php add the following content

<pre> <?php $ch=curl_init(); curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php'); curl_setopt($ch, CURLOPT_USERPWD, "root:root"); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); $buffer = curl_exec($ch); curl_close($ch);

if (empty($buffer)){

 print "Need to recover from this!<br />";

}

else{

 print "There was data returned using curl.<br />";
 print "Buffer content = ".$buffer."<br />";
 // Extract IP address 
if(preg_match("/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/", $buffer, $ipmatch)){  
   $ip = $ipmatch[0]; // Save IP to variable
   print $ip;                                 
}

} ?> </pre>

Test:

  • Run servers
  • Type <nowiki>http:</nowiki>//localhost/test6.php into your browser
  • Result:

<pre> There was data returned using curl. Buffer content = Your IP is 127.0.0.1 127.0.0.1 </pre>

Top

Summary

Well returning a name and password when challenged was not difficult requiring only a single function.

Very few providers allow name/passwords over an unencrypted connection.

The next page covers connecting to a server using https (SSL)

Top