Logging In With CURL and PHP

This is an example of how you can use CURL to “log in” and retrieve some protected info. I’ve showed the somewhat extreme case where you need to maintain cookies, spoof HTTP referer and use SSL. The example page used here is ClickBank – one of the largest digital product retailers. I’ve tried to comment the source as much as possible to make it easier to understand. See the end of this post for more information on CURL. You can also leave a comment if you have further questions.

/*********************************
**Set up your variables**
**********************************/
$cookiefile = tempnam("/tmp", "cookies"); 
/* Create a temporary file to store cookies.
   This should work on most systems and is more
   flexible than specifying path explicitly */

$login_url='https://www.clickbank.com/login.htm';
/* The page that displays the login form. */

$login_post_url='https://www.clickbank.com/account/login';
/* The "action" value of the login form. This is not always
    equal to $login_url. */

$username = "username";
$password = "passw0rd";

$agent="Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)";

/*********************************
**Load the "login" page and get some cookies**
**********************************/
	
$ch = curl_init(); 
curl_setopt($ch, CURLOPT_URL,$login_url); 
/* The URL of the page to retrieve */

curl_setopt($ch, CURLOPT_USERAGENT, $agent);
/* Disguise self as a browser app. Some servers 
might need a different value here. Some servers 
might try to check if the page is visited by a 
real human being using this value. */

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
/* Don't output the results - 
   return them as a string instead */

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
/* Follow redirects. 
This isn't actually necessary here :P */

curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiefile);
/* Read cookies from this file */

curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile);
/* Save cookies to the same file too */

/* SSL stuff - remove if not needed */
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,  2);
/* Check the existence of a common name and also 
verify that it matches the hostname provided. Not 
strictly necessary in most cases. Use 0 to disable. */

/* SSL stuff - remove if not needed */
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
/* Turn off SSL peer certificate verification. This prevents  
the "SSL certificate problem, verify that the CA cert is OK." 
error. If you really need this set to "true", 
see this link for a solution - 
http://lu.php.net/manual/en/ref.curl.php#71326
*/

$result = curl_exec ($ch);
/* Perform the query, retrieve the page. */

curl_close ($ch);
/*************************************
Actually log in with the proper referer and cookies
**************************************/

/* The fields of the login form. These will probably be 
  different for every particular page. */
$postfields = array(
		'nick'	=> $username,
		'pass' => $password,
		//'rememberMe' => 'false',
		'j_username' => $username,
		'j_password' => $password,
	);
	
$reffer = $login_url;
/* If the server checks the referer we need to spoof it */

$ch = curl_init(); 

curl_setopt($ch, CURLOPT_URL,$login_post_url);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_POST, 1); 
curl_setopt($ch, CURLOPT_POSTFIELDS,
       http_build_query($postfields)); 
/* http_build_query() will properly escape the fields and 
  build a query string. */

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
/* Follow redirects. This is probably necessary here. */
curl_setopt($ch, CURLOPT_REFERER, $reffer);
/* spoof the HTTP referer */

curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiefile);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile);
/* Note that this is the same file as before */

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,  2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

$result = curl_exec ($ch);
/* Now we've got the contents of the page you see after 
  logging in saved in $result */

curl_close ($ch); 

/*****************************************
**If you need to get another page....**
This is similar to the above examples, just use the same 
cookie file and maybe spoof the referer if needed
******************************************/

$data_url='https://www.clickbank.com/account/showTransactions.htm';
$reffer = $login_post_url;

$ch = curl_init(); 

curl_setopt($ch, CURLOPT_URL,$data_url);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_REFERER, $reffer);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiefile);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,  2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

$result = curl_exec ($ch);
curl_close ($ch); 

echo $result;

/******************************************
**All done. Kill the cookie file once it's not needed anymore**
*******************************************/
unlink($cookiefile);

More information
PHP Manual – http://lu.php.net/curl
cUrl/PHP Examples : http://curl.haxx.se/libcurl/php/examples/

Related posts :

23 Responses to “Logging In With CURL and PHP”

  1. phpnew says:

    Hi,

    I’m trying the above code, but when I run the it, it just returns a blank page.

    How do I publsih the results? I have given echo stmt.

  2. jesse says:

    no longer works unfortunately, but thank you for the effort. They have some Javascript snippets in there which are injecting some values into the form I think

Leave a Reply