Please login or register.

Login with username, password and session length
Advanced search  

News:

Get quality web hosting, virtual private servers, reseller web hosting, and dedicated servers from www.webhostfreaks.com or www.serverpowered.com!

Author Topic: Using cURL to start remote site session  (Read 130 times)

Active users: brick (2), rhodesa (2), neil.johnson (1)
0 Members and 1 Guest are viewing this topic.

brick

  • Irregular
  • Offline Offline
  • Posts: 3
    • View Profile
Using cURL to start remote site session
« on: November 10, 2008, 07:40:54 AM »
Hi All,

The title may not make very clear what I am trying to achieve, so I'll try and explain it better now.

I have 2 sites.  I want to call the login service on site 2 from site 1 using cURL; the URI for site 2 looks like this (and is called via cURL on site 1):

http://secondsitedomain.com/remote?username=admin&password=admin

This, I was hoping, would log the user into site 2 from site 1 - then show site 2 in an iFrame inside of site 1.

However, it doesn't appear to create the logged in session on site 2 when I call that URI via cURL.

So, my question is, does a call like the URI above not create the session locally when called via cURL?  Of course it works as expected if the URI is put directly into the browser address bar!  Just not when called via cURL.

Any pointers muchly appreciated,
Brick...
Logged

neil.johnson

  • Devotee
  • Offline Offline
  • Posts: 1,444
    • View Profile
Re: Using cURL to start remote site session
« Reply #1 on: November 10, 2008, 09:38:19 AM »
Do you have the following options set:

Code: [Select]
curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookie.txt');   
curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/cookie.txt');
Logged

rhodesa

  • Guru
  • Fanatic
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 4,697
  • Bold and nosy. I'm famous for that.
    • View Profile
    • WWW
Re: Using cURL to start remote site session
« Reply #2 on: November 10, 2008, 09:40:04 AM »
No, using CURL starts a session for the server calling it, not the users browser
Logged
Aaron Rhodes
Lead Developer

rhodesa

  • Guru
  • Fanatic
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 4,697
  • Bold and nosy. I'm famous for that.
    • View Profile
    • WWW
Re: Using cURL to start remote site session
« Reply #3 on: November 10, 2008, 09:57:37 AM »
if you have control over the second sites authentication methods, you could try this:

Use cURL to access
http://secondsitedomain.com/remote?username=admin&password=admin
and have that (if successful) generate a unique key, using something like:
md5(rand())
store that value on the second server, and then return print it on the page (so the first server gets it as the return value of the cURL request). then, forward the user to the second server like this:
http://secondsitedomain.com/auth.php?key=<put the key from above here>
have the second server look up the key, and allow the person in if it matches.

On the second server, make sure this unique key expires shortly after creation (10 seconds should be plenty...30 seconds if you want to be safe)
Logged
Aaron Rhodes
Lead Developer

brick

  • Irregular
  • Offline Offline
  • Posts: 3
    • View Profile
Re: Using cURL to start remote site session
« Reply #4 on: November 17, 2008, 05:47:52 AM »
Thanks rhodesa,

I took the unique key that expires route and it works a treat.

I guess the more thorough approach would be the replication of session between the server making the cURL call and the client.  Maybe I can investigate this if we have time later down the road.

Thanks again for your feedback.

Brick...
Logged

PHP Freaks Forums

 
 
 

Page created in 0.055 seconds with 19 queries.