Social networking websites often ask you to see if any of your email contacts are already using the service. They ask for your email and password and then connect to your email account and read through your contacts. In this post, I’ll provide the code that you can use to connect and log in via a login form. This isn’t going to be on the logging into gmail caliber though, it’s a simple demonstration of cURL and PHP.
===============================================
// login.php
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xml:lang="en-US">
<head>
</head>
<body>
<?php
if ( !empty($_POST["username"]) && !empty($_POST["password"]) && $_POST["username"] == "bob" && sha1($_POST["password"]) == sha1("letmein") ) {
$_SESSION["loggedin"] = "yes";
$_SESSION["username"] = "bob";
?>
Hey there! You logged in!<br />
<a href="loggedinonly.php">Check this out.</a>
<?php } else { ?>
<p>Please login!</p>
<form method="post" action="<?php echo($_SERVER["PHP_SELF"]); ?>">
<label>username:</label><input type="text" name="username" /><br />
<label>password:</label><input type="password" name="password" /><br />
<input type="submit" value="Login" />
</form>
<?php } ?>
</body>
</html>
Above, we have the login.php file, this is what we’ll be sending out POST request to later on. For demonstration purposes only, you can note that the username and password is hard coded as bob and letmein. We do use a hash just because that’s good practice, of course. Next, we have loggedinonly.php, which as the name suggests, you must be logged in to view.
=====================================================
// loggedinonly.php
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xml:lang="en-US">
<head>
</head>
<body>
<?php
if ( isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] == "yes" ) {
?>
Only you can see this content plus only you can prevent forest fires.
<br />
<a href="logout.php">Logout</a> so you can fight forest fires.
<?php } else { ?>
Uh, I'm sorry, but, uh, you'll have to, uh, <a href=".php">log in</a>, uh, to continue, um, yeah.
<?php } ?>
</body>
</html>
And finally we have logout.php which destroys our session and allows for easy and quick testing without us being forced to clear our cookies.It just redirects to login.php.
<?php
// logout.php
session_start();
session_destroy();
header("Location: login.php");
?>
See? I told you that it was a really basic login form! In the real world of course, it would use a database and be needless to say, more complex. Moving on though, let’s take a look at the examples. We’re first going to start out with an example that won’t do as intended, it won’t log you in. ($location in the follow examples builds the path to the current directory because that’s where all the files are. The show function is just a echo wrapped in pre tags.)
// In example1 branch of examples.php
echo("Using regular CURL.");
$c = new CURL();
$c->set(CURLOPT_URL, $location . "/login.php");
$c->set(CURLOPT_RETURNTRANSFER, 1);
$contents = $c->execute();
show($contents);
The explanation for this is straightforward. We make a new curl object, we set it to go to login.php, we tell it return whatever it finds there, and then we tell it to go and get it and show us. As you’ll notice, it doesn’t do much. Now, example too.
// In example2 branch of examples.php
echo("Using multi-stage log-in CURL.");
$c = new CURL();
$c->set(CURLOPT_URL, $location . "/login.php");
$c->set(CURLOPT_POST, 1);
$c->set(CURLOPT_MAXREDIRS, 5); // Good leeway for redirections.
$c->set(CURLOPT_FOLLOWLOCATION, 1); // Many login forms redirect at least once.
/*
Look at the code for the form.php, you'll notice the two form fields, username, password, and you'll see them being sent here too.
*/
$c->set(CURLOPT_POSTFIELDS, "username=bob&password=letmein");
$c->set(CURLOPT_COOKIEJAR, "cookie.txt");
$c->set(CURLOPT_RETURNTRANSFER, 1);
// Here we `think` that it worked, so continue.
$c->execute();
// This page can _ONLY_ be accessed when the _SESSION_ cookie is sent back to the server and the user is logged in.
$c->set(CURLOPT_URL, $location . "/loggedinonly.php");
// We want to keep this one.
$contents = $c->execute();
show($contents);
===============================================
// login.php
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xml:lang="en-US">
<head>
</head>
<body>
<?php
if ( !empty($_POST["username"]) && !empty($_POST["password"]) && $_POST["username"] == "bob" && sha1($_POST["password"]) == sha1("letmein") ) {
$_SESSION["loggedin"] = "yes";
$_SESSION["username"] = "bob";
?>
Hey there! You logged in!<br />
<a href="loggedinonly.php">Check this out.</a>
<?php } else { ?>
<p>Please login!</p>
<form method="post" action="<?php echo($_SERVER["PHP_SELF"]); ?>">
<label>username:</label><input type="text" name="username" /><br />
<label>password:</label><input type="password" name="password" /><br />
<input type="submit" value="Login" />
</form>
<?php } ?>
</body>
</html>
Above, we have the login.php file, this is what we’ll be sending out POST request to later on. For demonstration purposes only, you can note that the username and password is hard coded as bob and letmein. We do use a hash just because that’s good practice, of course. Next, we have loggedinonly.php, which as the name suggests, you must be logged in to view.
=====================================================
// loggedinonly.php
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xml:lang="en-US">
<head>
</head>
<body>
<?php
if ( isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] == "yes" ) {
?>
Only you can see this content plus only you can prevent forest fires.
<br />
<a href="logout.php">Logout</a> so you can fight forest fires.
<?php } else { ?>
Uh, I'm sorry, but, uh, you'll have to, uh, <a href=".php">log in</a>, uh, to continue, um, yeah.
<?php } ?>
</body>
</html>
And finally we have logout.php which destroys our session and allows for easy and quick testing without us being forced to clear our cookies.It just redirects to login.php.
<?php
// logout.php
session_start();
session_destroy();
header("Location: login.php");
?>
See? I told you that it was a really basic login form! In the real world of course, it would use a database and be needless to say, more complex. Moving on though, let’s take a look at the examples. We’re first going to start out with an example that won’t do as intended, it won’t log you in. ($location in the follow examples builds the path to the current directory because that’s where all the files are. The show function is just a echo wrapped in pre tags.)
// In example1 branch of examples.php
echo("Using regular CURL.");
$c = new CURL();
$c->set(CURLOPT_URL, $location . "/login.php");
$c->set(CURLOPT_RETURNTRANSFER, 1);
$contents = $c->execute();
show($contents);
The explanation for this is straightforward. We make a new curl object, we set it to go to login.php, we tell it return whatever it finds there, and then we tell it to go and get it and show us. As you’ll notice, it doesn’t do much. Now, example too.
// In example2 branch of examples.php
echo("Using multi-stage log-in CURL.");
$c = new CURL();
$c->set(CURLOPT_URL, $location . "/login.php");
$c->set(CURLOPT_POST, 1);
$c->set(CURLOPT_MAXREDIRS, 5); // Good leeway for redirections.
$c->set(CURLOPT_FOLLOWLOCATION, 1); // Many login forms redirect at least once.
/*
Look at the code for the form.php, you'll notice the two form fields, username, password, and you'll see them being sent here too.
*/
$c->set(CURLOPT_POSTFIELDS, "username=bob&password=letmein");
$c->set(CURLOPT_COOKIEJAR, "cookie.txt");
$c->set(CURLOPT_RETURNTRANSFER, 1);
// Here we `think` that it worked, so continue.
$c->execute();
// This page can _ONLY_ be accessed when the _SESSION_ cookie is sent back to the server and the user is logged in.
$c->set(CURLOPT_URL, $location . "/loggedinonly.php");
// We want to keep this one.
$contents = $c->execute();
show($contents);
No comments:
Post a Comment