How to set a session after curl request

Question

I am trying to set a session from the response of a curl header. And then execute a new curl with the previous session set. But it seems that I still do not get logged in.

The firl cURL execute looks like this:

$url = "https://www.tyre24.com//nl/nl/user/login/userid/MYUSERID/password/MYPASSWORD/page/L2V4cG9ydC9kb3dubG9hZC90L01nPT0vYy9NVFE9Lw==";


$ch = curl_init(str_replace(" ","%20",$url));
curl_setopt($ch, CURLOPT_TIMEOUT, 50);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);

$response = curl_exec($ch); 

// Then, after your curl_exec call:
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$header = substr($response, 0, $header_size);
$body = substr($response, $header_size);
$redirect_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);

curl_close($ch);

Then to retrieve the PHPSESSID from the header response I use the following code:

$arrResult = explode("PHPSESSID=", $header);
$arrResult = explode(";", $arrResult[1]);

session_id("$arrResult[0]");
session_start();

So far is everything going alright, when I execute the code I get the value of the PHPSESSID in the variable.

But when I set the session with the 2 lines on the bottom, it seems like there is noting set or something. Atleast after the session is started I tried to print the all sessions. But it prints an empty array.

So it could be that I did something wrong here.

But there needs to be a second request after the first request, because the url from the first request will link me to a new URL to download a file.

So the second request looks like this:

$second_url = "https://www.tyre24.com/nl/nl/export/download/t/Mg==/c/MTQ=/";

$fp = fopen ('result.zip', 'w+');

$ch = curl_init(str_replace(" ","%20",$second_url));
curl_setopt($ch, CURLOPT_TIMEOUT, 50);

curl_setopt($ch, CURLOPT_FILE, $fp); 
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);

$response = curl_exec($ch); 

// Then, after your curl_exec call:
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$header = substr($response, 0, $header_size);
$body = substr($response, $header_size);
$redirect_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);

curl_close($ch);
fclose($fp);

Can anyone see what I am doing wrong ? Or can I do everything in one cURL call ?

I keep getting the message that I am not logged in.

Answer 1

PHPSESSID is a cookie so you can store this cookie and all the others from the first curl GET request and use them the second request.

Before the first reqest define a temorary storeage file for the cookie info

$cookiestore=tempnam( sys_get_temp_dir(), '_cookiejar_' );

In the first request capture and save the cookies

curl_setopt( $ch, CURLOPT_COOKIEFILE, $cookiestore );
curl_setopt( $ch, CURLOPT_COOKIEJAR, $cookiestore );

In subsequent curl requests send the cookie along with the other bits and pieces of the request.

curl_setopt( $ch, CURLOPT_COOKIE, $cookiestore );

hope this might help

Had a little go at putting together a script that might achieve the cookie capture and subsequent login and file download. It's is not tested as I have no credentials - perhaps it will be of use?

<?php
    $baseurl='https://www.tyre24.com/nl/nl/user/login/page/L25sL25sL3VzZXIv';
    /* download cacert from curl.haxx.se and edit path */
    $cacert=realpath( 'c:/wwwroot/cacert.pem' );
    /* temporary cookie file */
    $cookiestore=tempnam( sys_get_temp_dir(), '_cookiejar_' );

    $zipfile='result.zip';

    /* login details */
    $params=array(
        'userid'    =>  '123abc',
        'password'  =>  'xyz999'
    );

    $headers=array();


    /* stage 1: get the page, store cookies - mmm-cookies */
    $curl=curl_init( $baseurl );
    /* set some base options used for all requests */
    $baseoptions=array(
        CURLOPT_SSL_VERIFYPEER  =>  false,
        CURLOPT_SSL_VERIFYHOST  =>  2,
        CURLOPT_CAINFO          =>  $cacert,
        CURLOPT_AUTOREFERER     =>  true,
        CURLOPT_FOLLOWLOCATION  =>  true,
        CURLOPT_FORBID_REUSE    =>  false,
        CURLOPT_FAILONERROR     =>  false,
        CURLOPT_HEADER          =>  false,
        CURLOPT_RETURNTRANSFER  =>  true,
        CURLOPT_CONNECTTIMEOUT  =>  15,
        CURLOPT_TIMEOUT         =>  90,
        CURLOPT_USERAGENT       =>  $_SERVER['HTTP_USER_AGENT'],
        CURLINFO_HEADER_OUT     =>  false,
        CURLOPT_VERBOSE         =>  true
    );

    /* specific options for initial request where you need to capture cookies */
    $options=array_merge( $baseoptions, array(
        CURLOPT_COOKIEFILE      =>  $cookiestore,
        CURLOPT_COOKIEJAR       =>  $cookiestore    
    ));

    /* set the options */
    curl_setopt_array( $curl, $options );
        $result=curl_exec( $curl );
        $info=(object)curl_getinfo( $curl );



    if( $info->http_status==200 ){
        /* stage 2: send login parameters via POST */
        $params=http_build_query( $params );

        $fp = fopen( $zipfile, 'w+');

        $headers[]='Content-Length: '.strlen( $params );

        $options=array_merge( $baseoptions, array(
            CURLOPT_FILE            =>  $fp,
            CURLOPT_COOKIE          =>  $cookiestore,
            CURLOPT_FRESH_CONNECT   =>  false,
            CURLOPT_POST            =>  true,
            CURLOPT_POSTFIELDS      =>  $params,
            CURLOPT_HTTPHEADER      =>  $headers
        ));

        curl_setopt_array( $curl, $options );
            $result=curl_exec( $curl );
            $info=(object)curl_getinfo( $curl );

            if( $info->http_status==200 ){
                /* do other stuff */
            }



        @fclose( $fp );
    } else {
        print_r( $info );
    }


    curl_close( $curl );
    $curl = $result = $info =$baseurl = $params = null;

    echo 'done';
?>