1,105,633 Community Members

curl returns Unauthorized Error 401

Member Avatar
ganesh641
Newbie Poster
19 posts since Mar 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I am using curl function to login my web site using the Gmail username and password. Its working fine in my local environment but once i moving that file into my client server it returns the response "HTTP/1.1 401 Unauthorized". provied some solution

here is my curl function code for accessing gmail authentication...

$curl = curl_init('https://mail.google.com/mail/feed/atom');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); 
curl_setopt ($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_USERPWD, 'example@gmail.com:password');
$result = curl_exec($curl);
$code = curl_getinfo ($curl, CURLINFO_HTTP_CODE);

$code returns 200 Ok in my local environment but its return 401 Unauthorized in my client environment.

Member Avatar
pritaeas
mod_pritaeas
11,314 posts since Jul 2006
Reputation Points: 1,420 [?]
Q&As Helped to Solve: 1,835 [?]
Skill Endorsements: 155 [?]
Moderator
Featured
Sponsor
 
1
 

I am not sure GMail allows this, but you can try to save the cookies. It's likely GMail sets cookie on login, and after redirect it can't find them.

Besides that, if you are just trying to get to your email, you can enable POP or IMAP in GMail and use the corresponding PHP functions for it.

Member Avatar
veedeoo
Veteran Poster
1,016 posts since Oct 2011
Reputation Points: 314 [?]
Q&As Helped to Solve: 166 [?]
Skill Endorsements: 17 [?]
 
1
 

If the site is requiring you to have cookies, then we can create a directory named tmp, this should be adjacent to your curl script.

    ## first we define a directory where to temporarilty store it

    $cookieDump = tempnam("tmp/", "cookies");

Now, add these to your cURL codes

curl_setopt($ch, CURLOPT_POST, 0); // Set this to 1 is it is a POST method
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieDump);
## is the target server host uses SSL layer?
## turn these to true or false and false is 0
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

If it does not work, try looking into the post data cURL function.

PHP code reference http://php.net/manual/en/function.tempnam.php

Member Avatar
veedeoo
Veteran Poster
1,016 posts since Oct 2011
Reputation Points: 314 [?]
Q&As Helped to Solve: 166 [?]
Skill Endorsements: 17 [?]
 
1
 

ok, this is what I found out. This is what my brother Michael told me, and hes is working for the big G. What he told me "when there is a remote application accessing the atom, from unknown IP address, google will throw 401."

If you are getting this 401, all need to do is log-in to your gmail account. Look on top of the page for the red bar notification. The notification will say "Someone is trying to access your account from ....", What you could do at this point is to click on the red bar, and then if you recoginized the IP address to your server's IP in which the application is located, you have an option to allow it. This is just like a twitter OATH class.

Now, the dreaded security issues. Make sure no ONE BUT YOU have the access to your cURL script. The reason is that your password is exposed in plain text. I will not do this in shared hostings, unless I am pretty much aware of who are the other people currently hosted in the same very server, where the cURL script is running.

Member Avatar
ganesh641
Newbie Poster
19 posts since Mar 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Thanks veedeoo, I am trying to save the cookies using your code, the cookie file is created in the "tmp" folder but no cookies value are saved in that cookie file. Is any method for saving the cookies?....

Member Avatar
veedeoo
Veteran Poster
1,016 posts since Oct 2011
Reputation Points: 314 [?]
Q&As Helped to Solve: 166 [?]
Skill Endorsements: 17 [?]
 
0
 

Hi,

You need to dig into your desktop to see how the gmail plant the cookie pattern, and then create a regex for it to be able for you to parsed. Once you have done that, you can try adding codes below, before you close the cURL processes.

I know the regex for the gmail cookies, BUT I don't want to become responsible for any anomalies that may arise. This you must find it for yourself, and once you found out, do not share it...( It is felthy and not acceptable by any standards), because there is a great security risk involved here, not only on the GMAIL account, but also with other mail services that allows OATH login and integration.

Codes below if assembled will print cookie on your browser.. PLEASE READ MY DISCLAIMER.

    $cookieJar = array();
    preg_match_all('## put the pattern Here for the cookie ##', $result, $cookieJar);
    print_r($cookieJar['cookie']); 

Below is an exmaple of a yahoo cookie printed by the above codes.. It's a regular visit and nothing is manipulated for any purpose. This cookies has been derived for educational purposes only.

    Array ( [0] => B=3o5kdi58d3s73&b=3&s=bj; expires=Sat, 20-Dec-2014 16:52:51 GMT; path=/; domain=.yahoo.com ) Array ( [0] => Array ( [0] => Set-Cookie: B=3o5kdi58d3s73&b=3&s=bj; expires=Sat, 20-Dec-2014 16:52:51 GMT; path=/; domain=.yahoo.com ) [name] => Array ( [0] => B ) [1] => Array ( [0] => B ) [value] => Array ( [0] => 3o5kdi58d3s73&b=3&s=bj ) [2] => Array ( [0] => 3o5kdi58d3s73&b=3&s=bj ) [expires] => Array ( [0] => Sat, 20-Dec-2014 16:52:51 GMT ) [3] => Array ( [0] => Sat, 20-Dec-2014 16:52:51 GMT ) [path] => Array ( [0] => / ) [4] => Array ( [0] => / ) [domain] => Array ( [0] => .yahoo.com ) [5] => Array ( [0] => .yahoo.com ) ) 

DISCLAIMER:
Again, as I always said I am not responsible for any consequences for whatever this script is used.

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: