By Ryan at ifupdown.com:
Social networking websites often ask you to see if any of your email contacts are already using the service. They ask for your email and password and then connect to your email account and read through your contacts. In this post, I’ll provide the code that you can use to connect and log in via a login form. This isn’t going to be on the logging into gmail caliber though, it’s a simple demonstration of cURL and PHP.
A couple notes before we start though. I’ve always hated the non-object oriented methods that cURL used to set options. So I wrote a little wrapper class for cURL and will be in along with the code file. It should be fairly easy to follow along. To begin with, we need a really simple login form. I mean, dead simple.
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
<?php
// login.php
session_start();
?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd“>
<html xmlns=”http://www.w3.org/1999/xhtml” dir=”ltr” lang=”en-US” xml:lang=”en-US”>
<head>
</head>
<body>
<?php
if ( !empty($_POST[“username”]) && !empty($_POST[“password”]) && $_POST[“username”] == “bob” && sha1($_POST[“password”]) == sha1(“letmein”) ) {
$_SESSION[“loggedin”] = “yes”;
$_SESSION[“username”] = “bob”;
?>
Hey there! You logged in!<br />
<a href=”loggedinonly.php”>Check this out.</a>
<?php } else { ?>
<p>Please login!</p>
<form method=”post” action=”<?php echo($_SERVER[“PHP_SELF”]); ?>”>
<label>username:</label><input type=”text” name=”username” /><br />
<label>password:</label><input type=”password” name=”password” /><br />
<input type=”submit” value=”Login” />
</form>
<?php } ?>
</body>
</html>
|
Above, we have the login.php file, this is what we’ll be sending out POST request to later on. For demonstration purposes only, you can note that the username and password is hard coded as bob and letmein. We do use a hash just because that’s good practice, of course. Next, we have loggedinonly.php, which as the name suggests, you must be logged in to view.
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
<?php
// loggedinonly.php
session_start();
?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd“>
<html xmlns=”http://www.w3.org/1999/xhtml” dir=”ltr” lang=”en-US” xml:lang=”en-US”>
<head>
</head>
<body>
<?php
if ( isset($_SESSION[“loggedin”]) && $_SESSION[“loggedin”] == “yes” ) {
?>
Only you can see this content plus only you can prevent forest fires.
<br />
<a href=”logout.php”>Logout</a> so you can fight forest fires.
<?php } else { ?>
Uh, I’m sorry, but, uh, you’ll have to, uh, <a href=”.php”>log in</a>, uh, to continue, um, yeah.
<?php } ?>
</body>
</html>
|
And finally we have logout.php which destroys our session and allows for easy and quick testing without us being forced to clear our cookies.It just redirects to login.php.
|
1
2
3
4
5
6
7
8
|
<?php
// logout.php
session_start();
session_destroy();
header(“Location: login.php”);
?>
|
See? I told you that it was a really basic login form! In the real world of course, it would use a database and be needless to say, more complex. Moving on though, let’s take a look at the examples. We’re first going to start out with an example that won’t do as intended, it won’t log you in. ($location in the follow examples builds the path to the current directory because that’s where all the files are. The show function is just a echo wrapped in pre tags.)
|
1
2
3
4
5
6
7
|
// In example1 branch of examples.php
echo(“Using regular CURL.”);
$c = new CURL();
$c->set(CURLOPT_URL, $location . “/login.php”);
$c->set(CURLOPT_RETURNTRANSFER, 1);
$contents = $c->execute();
show($contents);
|
The explanation for this is straightforward. We make a new curl object, we set it to go to login.php, we tell it return whatever it finds there, and then we tell it to go and get it and show us. As you’ll notice, it doesn’t do much. Now, example too.
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
// In example2 branch of examples.php
echo(“Using multi-stage log-in CURL.”);
$c = new CURL();
$c->set(CURLOPT_URL, $location . “/login.php”);
$c->set(CURLOPT_POST, 1);
$c->set(CURLOPT_MAXREDIRS, 5); // Good leeway for redirections.
$c->set(CURLOPT_FOLLOWLOCATION, 1); // Many login forms redirect at least once.
/*
Look at the code for the form.php, you’ll notice the two form fields, username, password, and you’ll see them being sent here too.
*/
$c->set(CURLOPT_POSTFIELDS, “username=bob&password=letmein”);
$c->set(CURLOPT_COOKIEJAR, “cookie.txt”);
$c->set(CURLOPT_RETURNTRANSFER, 1);
// Here we `think` that it worked, so continue.
$c->execute();
// This page can _ONLY_ be accessed when the _SESSION_ cookie is sent back to the server and the user is logged in.
$c->set(CURLOPT_URL, $location . “/loggedinonly.php”);
// We want to keep this one.
$contents = $c->execute();
show($contents);
|
This calls for a list.
- We make a new curl object.
- We set the url to login.php.
- We tell curl to use post.
- We set curl to allow 5 redirects before throwing an error.
- We set the data that we’re sending via post, the username (bob) and the password (letmein).
- We establish a file for our cookie jar, we’re our session cookie will be stored.
- We tell curl to return what it finds.
- We run CURL with the above options. We assume it got in correctly and we hope that the session cookie is in the cookie jar.
- We re-set the url to loggedinonly.php.
- We run curl again and show what it finds. You should get a nice message about preventing forest fires.
That’s that.
There are ethical concerns though. If you want your users to trust you, you better not mess with their account or use their contacts for spam and advertising. Use this for good, not for evil.
As promised, here are all the files from above. The examples presented above have a cute little interface you can use also, just go to examples.php to test this out. I suggest you play around with the little login system before hand though, so you know what to look for.
