OiO.lk Blog PHP PHP sends curl to submit a login request, it receives code 302, and the automatic jump will return Code 411
PHP

PHP sends curl to submit a login request, it receives code 302, and the automatic jump will return Code 411

  • By admin
  • October 20, 2024
  • 0 Comments
  • 2 minutes read
  • 2 Views
  • 3 days ago


All tests can be completed in postman, and the Location page after login is displayed correctly.

However, when the postman output as php-curl:

<?php
include('php/simple_html_dom.php');
$username="username";
$password = 'password';
$curl = curl_init();
curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://somesite.com/',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_TIMEOUT => 10,
  CURLOPT_ENCODING => '',
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_CUSTOMREQUEST => 'GET',
  CURLOPT_HEADER => false,
  CURLOPT_NOBODY => false,
  // CURLOPT_COOKIE => '',
  CURLOPT_COOKIEJAR => dirname(__FILE__) .'/cookie.txt',
  CURLOPT_COOKIEFILE => dirname(__FILE__) .'/cookie.txt',
  CURLOPT_USERAGENT=> 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36',
  // CURLOPT_HTTPHEADER => array('Transfer-Encoding: chunked')
));

$response = curl_exec($curl);
// echo $response;
// exit();
$html = str_get_html($response);
$htmlFormData= [];
foreach($html->find('input') as $input) {
    $htmlFormData[$input->name]=$input->value;
}
foreach($html->find('#header h3') as $h3) {
    if($h3->plaintext === 'Login'){//when page title is Login
        $htmlFormData['DES_Group'] = 'LOGIN';
        $htmlFormData['DES_JSE'] = '1';
        $htmlFormData['ctl00$ctl00$plcMain$contentMain$ucLogin$ctlAccountNumber$txtText'] = $username;
        $htmlFormData['ctl00$ctl00$plcMain$contentMain$ucLogin$ctlAuthorisationCode$txtText'] = $password;
        curl_setopt_array($curl, array(
          CURLOPT_URL => 'https://somesite.com/',
          CURLOPT_RETURNTRANSFER => true,
          CURLOPT_CUSTOMREQUEST => 'POST',
          CURLOPT_HEADER => true,
          CURLOPT_NOBODY => false,
          // CURLOPT_POSTREDIR => 0,
          CURLOPT_ENCODING => '',
          CURLOPT_MAXREDIRS => 10,
          CURLOPT_TIMEOUT => 0,
          CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
          CURLOPT_FOLLOWLOCATION => true,
          CURLOPT_COOKIEJAR => dirname(__FILE__) .'/cookie.txt',
          CURLOPT_COOKIEFILE => dirname(__FILE__) .'/cookie.txt',
          CURLOPT_POSTFIELDS => http_build_query($htmlFormData),
          CURLOPT_HTTPHEADER => array('Content-Type: application/x-www-form-urlencoded')
        ));
        $response = curl_exec($curl);
        $httpCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);

        $effectiveUrl = curl_getinfo($curl, CURLINFO_EFFECTIVE_URL);

        echo "HTTP Code: ".$httpCode."<br>";
        echo "Effective URL: ".$effectiveUrl."<br>";
        echo $response;
    }else{
      echo "Logged!. cookie.txt already contains .ASPXFORMSAUTH";
    }
}

the following response header is returned:

HTTP Code: 411
Effective URL: https://somesite.com/booking/
HTTP/1.1 302 Found
Date: Sun, 20 Oct 2024 00:00:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 126
Connection: keep-alive
Set-Cookie: AWSALB=xMfAME0xDTNJ17NWiuA4syXcTE0CUWzRqUO63dFLazoxuBPtYZfVAYsolxrmOUMgzRADJXDq; Expires=Sun, 27 Oct 2024 00:00:40 GMT; Path=/
Set-Cookie: AWSALBCORS=xMMUBtfAMA4syXcTE0CUWDiPktKmavB8VuIhLM2eLGPw+tEzoxuBPsolxrmOUMgzRX1P2QKADJXDq; Expires=Sun, 27 Oct 2024 00:00:40 GMT; Path=/; SameSite=None; Secure
Cache-Control: private, no-store, must-revalidate
Location: /booking/
X-FRAME-OPTIONS: SAMEORIGIN
Set-Cookie: CMSPreferredUICulture=en-nz; expires=Mon, 20-Oct-2025 00:00:43 GMT; path=/
Set-Cookie: .ASPXFORMSAUTH=AD600CA697E4A07EB134CF9F12813F736914DC94F2164A4A9A19BC42ABF845597F0231A83917EA97B399; path=/; HttpOnly
Set-Cookie: TS01c9af0a=0117e34adee26391d0af81086688506aff9d5cec88ee47f19d31f9cdd4e2d070d876c3689d8d9; Path=/; Secure; HTTPOnly

HTTP/1.1 411 Length Required
Date: Sun, 20 Oct 2024 00:00:44 GMT
Content-Type: text/html; charset=us-ascii
Content-Length: 344
Connection: keep-alive
Set-Cookie: AWSALB=oTIj1ThOZyA7Bz8OBtcjVdgcb6+oGq3Annmnng9+XCFsipA1vSVA24NPMiWOT4D3v25UvuE+XtHHd; Expires=Sun, 27 Oct 2024 00:00:43 GMT; Path=/
Set-Cookie: AWSALBCORS=oTIj1ThOZyA7Bz8DAIQB/8OHS8U60WjnmloGq3Annmnng9+XCFsipA1vST/i9yr9NPMiWOT4D3v25UI4JFFdvuE+XtHHd; Expires=Sun, 27 Oct 2024 00:00:43 GMT; Path=/; SameSite=None; Secure
Set-Cookie: TS01c9af0a=0117e34adee263913af8108668cec892bd9209d31f9cdd4e2dec5070d876c3689d8d9; Path=/; Secure; HTTPOnly

If you set "CURLOPT_FOLLOWLOCATION = false" and then manually request the URL(‘https://somesite.com/’) again, I can correctly jump to the page after login.



You need to sign in to view this answers

Leave a Comment

Related Post

GPL

Free GPL Cost Calculator for WordPress

October 22, 2024
javascript

javsacript react pagination when 5 columns data in a

October 22, 2024
security

How do I disable OPTIONS Method in IIS?

October 22, 2024
SQL

INFORMATION_SCHEMA > COLUMNS shows outdated information

October 22, 2024
CSS

Toggle Animation CSS

October 22, 2024
jQuery

Django + jQuery: No Image Provided Error with 400

October 22, 2024
Exit mobile version