PHP cURL: Authentication

From The Uniform Server Wiki
Revision as of 01:16, 24 November 2010 by Upazixorys (talk | contribs)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page

 

MPG UniCenter

UniServer 5-Nano
PHP cURL.

Validation Servrs

While testing; knocking on a server’s door that performs validation is not a good idea. After a few failed attempts you are bound to trigger some defense mechanism. This can take the form of a timed delay to next login or awaken the draconian dragon, which will ban your IP address.

With the above in mind it is best to simulate before committing to a real server.

Note: Always first check to see if a test server is provided for example most financial gateways do. Hence you can hammer these to your hearts content without awaking that draconian dragon.

Authentication Test Server

Our test server curl_2 is easily converted into a authentication server you don't even have to restart it.

Edit file C:\curl_2\UniServer\www\.htaccess

Change these four lines: <pre>

  1. AuthName "Uniform Server - Server Access"
  2. AuthType Basic
  3. AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd
  4. Require valid-user

</pre> To: <pre> AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile C:/curl_2/UniServer/htpasswd/www/.htpasswd Require valid-user </pre> Quick test:

Type <nowiki>http</nowiki>://localhost:82/ into your browser, when challenged for a name and password press cancel.

A page is displayed with something like Authorization Required, this confirms authentication is enabled.

Top

Example 5 - Download and display a page

Create a new text file in folder C:\curl_1\UniServer\www and name it test5.php add the following content

<pre> <?php

$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php');
curl_exec($ch);
curl_close($ch);

?> </pre>

Test:

  • Run both servers
  • Type <nowiki>http:</nowiki>//localhost/test5.php into your browser
  • Result: Page displayed as follows

<pre> Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. </pre> The above proves our servers are set-up and working correctly.

Top

Add Name and Password response

The above fails because we have not informed Curl how to respond when challenged for a name and password.

In reality all that is requied is to pass Curl a name and password it knows how ro respond to a challenge.

A name and password is passed to Curl using the following function:

  • curl_setopt($ch, CURLOPT_USERPWD, "myusername:mypassword")

Our test server curl_2 uses Uniform Server's defaults name=root password=root

Modify file C:\curl_1\UniServer\www\test5.php

<pre> <?php

$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php');

curl_setopt($ch, CURLOPT_USERPWD, "root:root");

curl_exec($ch);
curl_close($ch);

?> </pre>

Test:

  • Run both servers
  • Type <nowiki>http:</nowiki>//localhost/test5.php into your browser
  • Result: Your IP is 127.0.0.1 - displayed

Note:

When a Curl session is closed communication to a remote server is also closed.

What that means every time a script is run a remote server will always issue a name/password challenge.

Top

Example 6 - Download and save page to a variable

I have taken example 4 and added the above line.

Create a new text file in folder C:\curl_1\UniServer\www and name it test6.php add the following content

<pre> <?php $ch=curl_init(); curl_setopt($ch,CURLOPT_URL,'http://localhost:82/remote_page.php'); curl_setopt($ch, CURLOPT_USERPWD, "root:root"); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); $buffer = curl_exec($ch); curl_close($ch);

if (empty($buffer)){

 print "Need to recover from this!<br />";

}

else{

 print "There was data returned using curl.<br />";
 print "Buffer content = ".$buffer."<br />";
 // Extract IP address 
if(preg_match("/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/", $buffer, $ipmatch)){  
   $ip = $ipmatch[0]; // Save IP to variable
   print $ip;                                 
}

} ?> </pre>

Test:

  • Run servers
  • Type <nowiki>http:</nowiki>//localhost/test6.php into your browser
  • Result:

<pre> There was data returned using curl. Buffer content = Your IP is 127.0.0.1 127.0.0.1 </pre>

Top

Summary

Well returning a name and password when challenged was not difficult requiring only a single function.

Very few providers allow name/passwords over an unencrypted connection.

The next page covers connecting to a server using https (SSL)

Top