CODEWITHSUNDEEP
curlphp
Tienus McVinger
Tienus McVinger

Reputation: 477

cURL followlocation not working correctly

I am currently working on a script where the user has to fill in a username and a password. Then, when the user logs in, the script checks if his/her username is registered in my database. If that is the case, the user logs in on my external website (using cURL), and if not, the user logs in on a different website of which I do not have access to the database. 

if($count==1){
    $curl = curl_init('http://www.myownwebsite.com/');
    curl_setopt ($curl, CURLOPT_POSTFIELDS, "gebruikersnaam=$myusername&wachtwoord=$mypassword");
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
    curl_exec($curl);
}
else {
    $curl = curl_init('http://www.differentwebsite.com/');
    curl_setopt ($curl, CURLOPT_POSTFIELDS, "username=$myusername&password=$mypassword");
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
    curl_exec($curl);
}

as you can see, my script stores the row count in a count variable, and if the query results 1 row, it logs in on my site, and if not it logs in on the other site. The username and password checking is done on the actual websites the user logs in to.

Now my problem is, that I want it to "follow the location", or so to speak. The script, as it is right now, redirects(?) to e.g. http://www.myownwebsite.com/checklogin.php (checklogin.php being the script I'm using cURL in).

I tried solving this by using the followlocation cURL function, but doing that gives me a warning:

Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in -----

I checked my php.ini by using the phpinfo(); function and safemode is turned off, open_basedir has no value, so I don't think this is the problem. I looked up some other possible solutions, but nothing so far helped me solve this issue.

If anything is unclear, feel free to ask.

Upvotes: 0

Views: 1331

Answers (1)

Ranty
Ranty

Reputation: 3362

You can't log in user by sending POST request to login page with your server. What happens is you get your server logged in, not the user.

Also, you can't redirect the user with POST data with PHP. All you can do is you can make a form with method="POST" and action="http://www.differentwebsite.com/" with hidden fields username and password, which will be submitted via JavaScript on page load. Here's simple example of the page you could output.

<html>
<head>
<script type="text/javascript">
function submit_form()
{
    document.myform.submit();
}
</script>
</head>
<body onload="submit_form();">
    <form method="POST" name="myform" action="http://www.google.com/">
        <input type="hidden" name="username" value="someusername"/>
        <input type="hidden" name="password" value="somepassword"/>
    </form>
</body>
</html>

As for why you get user redirected, it is due to the fact that you skipped:

curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

so the output gets sent to the user directly.

Upvotes: 2

Related Questions