Getting PHP to login somewhere (POST username and password) and then get the cookies

**Atli** · Nov 10 '07, 11:50 AM

Hi.

Check out the cUrl Functions. They should be capable of this.

**kad123** · Nov 10 '07, 07:12 PM

Thanks for the advice. I have done what should be done and i've run into problems

Basically, the MS Server is giving HTTP 400 error:

Code:

print_r(curl_getinfo($ch));  :
(
    [ url] => https://example.com/exchweb/bin/auth/owaauth.dll
    [http_code] => 400
    [header_size] => 157
    [request_size] => 276
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.478037
    [namelookup_time] => 0.010321
    [connect_time] => 0.099033
    [pretransfer_time] => 0.2999
    [size_upload] => 807
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 1688
    [download_content_length] => 0
    [upload_content_length] => 807
    [starttransfer_time] => 0.388619
    [redirect_time] => 0
)

To test the post variables, i copied the same array being used as the post data input, and put it into a script that generates a form from the array with the action to https://example.com/exchweb/bin/auth/owaauth.dll and it logins me in fine. As for the SSL, I tried posting data with curl to another SSL website and I get the cookies.txt file (i have set cookies.txt as cookiejar) so it works, however here, i dont get any output and no cookies.txt file is created

I'm thinking the server has placed some kind of security so no one does what i am doing so I have tried putting a referrer and a user-agent like so:
[code=PHP]<?
curl_setopt($ch , CURLOPT_REFERER , "https://example.com/exchange/");
curl_setopt ($ch, CURLOPT_USERAGE NT, "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)");
?>[/code]

Anything else I could do that will stop the exchange from filtering my request as a "Bad Request" (error 400)?

**Atli** · Nov 10 '07, 07:37 PM

It is possible that the website is protected against this sort of thing.

Error 400 is usually sent when a request is badly formatted or corrupted. Could it be that you are missing some header or that your request is incomplete in some other way?

Could you perhaps show us the code?

P.S. Please edit out any real URL's. It is best all around not to post live URL's in public forums, and it is in fact forbidden by our Posting Guidelines.

**kad123** · Nov 10 '07, 08:07 PM

Sorry about the URLS and here is the php code:

[CODE=PHP]
<?php

$post['username']="mailbox@examp le.com";
$post['password']="passformailbo x";
$post['destination']="https://example/exchange/";
$post['flag']="0";
$post['forcedownlevel ']=0;
$post['trusted']="4";
$post['isUtf8']="1";
$url="https://example.com/exchweb/bin/auth/owaauth.dll";

/*
To test, I tried this as $post instead of the things above and it worked giving cookies.txt:

$post['op']="login";
$post['submit']="submit";
$post['username']="myuname@examp le.com";
$post['password']="pass";
$url="https://example.com/";
*/

//Below is to generate a form from the $post array. When the ms exchange variables are selected, the form logs me in successfully

if($_GET['form']){ ?>
<form action="<?=$url ;?>" method="POST">
<? foreach($post as $key=>$value){
echo "<input type=hidden name=\"$key\" value=\"$value\ " />"; }
?><input type=submit name=subbut value="Submit"> </form>
<?exit; }

// create a new cURL resource
$ch = curl_init();

// set URL and other appropriate options
curl_setopt($ch , CURLOPT_URL, $url);
curl_setopt($ch , CURLOPT_POST, true);
curl_setopt($ch , CURLOPT_REFERER , "https://example.com/");
curl_setopt($ch , CURLOPT_POSTFIE LDS, $post);
curl_setopt ($ch, CURLOPT_USERAGE NT, "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)");
curl_setopt($ch , CURLOPT_COOKIEJ AR, "cookies.tx t");

// grab URL and pass it to the browser
curl_exec($ch);

// close cURL resource, and free up system resources
echo file_get_conten ts("cookies.txt ")."<br>"; //Tells me it doesnt exist
print_r(curl_ge tinfo($ch)); // HTTP error 400
curl_close($ch) ;
?>
[/CODE]

Thanks guys n girls

**Atli** · Nov 10 '07, 11:10 PM

I see nothing wrong there, but I am unable to test any of this because I don't have a secure server to test it on. (And I'm not in the mood to set one up :P).

I did find this post in the User Comments in the curl_setopt section of the manual.
Try what this post and maybe the next post after that suggest.

**kad123** · Nov 11 '07, 11:06 AM

Ok this is what I have:
[CODE=PHP]<?php

// Settings
$post['username']="mailbox@examp le.com";
$post['password']="pass";
$post['destination']="https://example.com/exchange/";
$post['flag']="0";
$post['forcedownlevel ']=0;
$post['trusted']="4";
$post['isUtf8']="1";
$url="https://example.com/exchweb/bin/auth/owaauth.dll";
$preurl="https://example.com/exchweb/bin/auth/owalogon.asp?ur l=https://example.com/exchange/&reason=0&repla ceCurrent=1";

// Form mode, for testing the settings above as a web form
if($_GET['form']){ ?>
<form action="<?=$url ;?>" method="POST">
<? foreach($post as $key=>$value){
echo "<input type=hidden name=\"$key\" value=\"$value\ " />"; }
?><input type=submit name=B1 value="Submit"> </form>
<?exit; }

// create a new cURL resource
$ch = curl_init();

//START PRE-REQUEST of form page (preurl)
// set URL and other appropriate options
curl_setopt($ch , CURLOPT_URL, $preurl);
curl_setopt($ch , CURLOPT_RETURNT RANSFER, true);
curl_setopt($ch , CURLOPT_USERAGE NT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($ch , CURLOPT_FOLLOWL OCATION, true);
curl_setopt($ch , CURLOPT_SSL_VER IFYPEER, FALSE);
curl_setopt($ch , CURLOPT_POST, true);
curl_setopt($ch , CURLOPT_COOKIEJ AR, "/home/integral/public_html/maps/cookies.txt");
// grab preURL and send to browser
curl_exec($ch);
print_r(curl_ge tinfo($ch));

// Change URL and other appropriate options for real
curl_setopt($ch , CURLOPT_URL, $url);
curl_setopt($ch , CURLOPT_POST, true);
curl_setopt($ch , CURLOPT_REFERER , $preurl);
curl_setopt($ch , CURLOPT_POSTFIE LDS, $post);
curl_setopt($ch , CURLOPT_COOKIEF ILE, "/home/integral/public_html/maps/cookies.txt");

// grab URL and pass it to the browser
curl_exec($ch);

// see the cookies and the status and then close cURL resource
echo file_get_conten ts("cookies.txt ")."<br>";
print_r(curl_ge tinfo($ch));
curl_close($ch) ;
?> [/CODE]

And this is the output:

Code:

Array
(
    [url] => https://example.com/exchweb/bin/auth/owalogon.asp?url=https://exchangeurl/exchange/&reason=0&replaceCurrent=1
    [content_type] => text/html; charset=utf-8
    [http_code] => 200
    [header_size] => 279
    [request_size] => 323
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.473363
    [namelookup_time] => 0.010777
    [connect_time] => 0.099504
    [pretransfer_time] => 0.293109
    [size_upload] => 0
    [size_download] => 7937
    [speed_download] => 16767
    [speed_upload] => 0
    [download_content_length] => 7937
    [upload_content_length] => -1
    [starttransfer_time] => 0.473088
    [redirect_time] => 0
)
<br />
<b>Warning</b>:  file_get_contents(cookies.txt) [<a href='function.file-get-contents'>function.file-get-contents</a>]: failed to open stream: No such file or directory in <b>/home/integral/public_html/maps/curl.php</b> on line <b>53</b><br />
<br>Array
(
    [url] => https://example.com/exchweb/bin/auth/owaauth.dll
    [http_code] => 400
    [header_size] => 157
    [request_size] => 435
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.178483
    [namelookup_time] => 5.3E-05
    [connect_time] => 6.2E-05
    [pretransfer_time] => 0.000266
    [size_upload] => 807
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 4521
    [download_content_length] => 7937
    [upload_content_length] => 807
    [starttransfer_time] => 0.089288
    [redirect_time] => 0
)

**kad123** · Nov 11 '07, 12:13 PM

I've now also added
[CODE=PHP]
$header['Connection']="keep-alive";
$header['Accept-Charset']="ISO-8859-1,utf-8;q=0.7,*;q=0.7 ";
$header['Accept']="text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,ima ge/png,*/*;q=0.5";
$header['Content-Type']="applicatio n/x-www-form-urlencoded";
[/CODE]
and [CODE=PHP]curl_setopt($ch , CURLOPT_HTTPHEA DER, $header);[/CODE]

**gabygabo** · Sep 1 '09, 02:08 PM

Does it works ?

Did you find a solution to your problem ?

**Atli** · Sep 2 '09, 12:30 AM

Hey, gabygabo.
And welcome to Bytes!

This is a pretty old thread, so I wouldn't bet on kad responding to it.

Looking at this thread now, it looks to me like kad's cookie file wasn't being created properly in the first request, which caused the second request to fail.
Perhaps there was a permission problem, or maybe he just needed to manually create it before trying to use it.

In any case, if you have a similar problem you would like assistance with, it would be best if you created a new thread for it. It is much better all around.

**gabygabo** · Sep 2 '09, 09:41 AM

[resolved]

I solved my problem then I think that it's not a good idea to create a new thread.

Code:

<?php
        $owa = new OWA('<username>', '<password>');
 
        class OWA
        {
                public $username;
                public $password;
                public $url = "<outlook web access URL>";
                public $domain = "<the part after the @ in your email address>";

                private $tmpfile;

                public function __construct($un, $pw)
                {
                        $this->tmpfile = tempnam("C:/tmp", "owacookie");
                        $this->username = $un;
                        $this->password = $pw;
                        $this->login();
                }

                // Create a new curl session and login to OWA.
                public function login()
                {
                        @unlink($this->tmpfile);
                        $ch = curl_init();
                        curl_setopt($ch, CURLOPT_URL, $this->url . "/exchange/");
                        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
                        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
                        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
                        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
                        curl_setopt($ch, CURLOPT_COOKIEJAR, $this->tmpfile);
                        curl_setopt($ch, CURLOPT_COOKIEFILE, $this->tmpfile);
                        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1) Gecko/20061024 BonEcho/2.0");
                        curl_setopt($ch, CURLOPT_REFERER, $this->url . "/exchweb/bin/auth/owalogon.asp?url={$this->url}/exchange&reason=0");

                        $headers = array();
                        $headers[] = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
                        $headers[] = "Accept-Language: en-us,en;q=0.5";
                        $headers[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
                        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

                        $html = curl_exec($ch);
                        curl_close($ch);

                        $ch = curl_init();
                        curl_setopt($ch, CURLOPT_URL, $this->url . "/exchweb/bin/auth/owaauth.dll");
                        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
                        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
                        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
                        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
                        curl_setopt($ch, CURLOPT_COOKIEJAR, $this->tmpfile);
                        curl_setopt($ch, CURLOPT_COOKIEFILE, $this->tmpfile);
                        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1) Gecko/20061024 BonEcho/2.0");
                        curl_setopt($ch, CURLOPT_REFERER, $this->url . "/exchweb/bin/auth/owalogon.asp?url={$this->url}/exchange&reason=0");

                        $headers = array();
                        $headers[] = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
                        $headers[] = "Accept-Language: en-us,en;q=0.5";
                        $headers[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
                        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

                        curl_setopt($ch, CURLOPT_POST, true);
                        curl_setopt($ch, CURLOPT_POSTFIELDS, "destination=" . urlencode($this->url) . "%2Fexchange&flags=0&username=" . urlencode($this->username) . "&password=" . urlencode($this->password) . "&SubmitCreds=Log+On&trusted=0");

                        $html = curl_exec($ch);

                        curl_close($ch);
                }

                // After logging in, grab the contents of an OWA URL.
                function get($url)
                {
                        $ch = curl_init();
                        curl_setopt($ch, CURLOPT_URL, $this->url . $url);
                        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
                        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
                        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
                        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
                        curl_setopt($ch, CURLOPT_COOKIEJAR, $this->tmpfile);
                        curl_setopt($ch, CURLOPT_COOKIEFILE, $this->tmpfile);
                        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1) Gecko/20061024 BonEcho/2.0");
                        curl_setopt($ch, CURLOPT_REFERER, $this->url . "/exchweb/bin/auth/owalogon.asp?url={$this->url}/exchange&reason=0");

                        $headers = array();
                        $headers[] = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
                        $headers[] = "Accept-Language: en-us,en;q=0.5";
                        $headers[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
                        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

                        $html = curl_exec($ch);
                        curl_close($ch);
                        return $html;
                }

?>

If you're using php4, change the words "public" and "private" by "var"

Thank you Atli for your help.