1.11M Members

curl returns Unauthorized Error 401


I am using curl function to login my web site using the Gmail username and password. Its working fine in my local environment but once i moving that file into my client server it returns the response "HTTP/1.1 401 Unauthorized". provied some solution

here is my curl function code for accessing gmail authentication...

$curl = curl_init('https://mail.google.com/mail/feed/atom');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); 
curl_setopt ($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_USERPWD, 'example@gmail.com:password');
$result = curl_exec($curl);
$code = curl_getinfo ($curl, CURLINFO_HTTP_CODE);

$code returns 200 Ok in my local environment but its return 401 Unauthorized in my client environment.


I am not sure GMail allows this, but you can try to save the cookies. It's likely GMail sets cookie on login, and after redirect it can't find them.

Besides that, if you are just trying to get to your email, you can enable POP or IMAP in GMail and use the corresponding PHP functions for it.


If the site is requiring you to have cookies, then we can create a directory named tmp, this should be adjacent to your curl script.

    ## first we define a directory where to temporarilty store it

    $cookieDump = tempnam("tmp/", "cookies");

Now, add these to your cURL codes

curl_setopt($ch, CURLOPT_POST, 0); // Set this to 1 is it is a POST method
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieDump);
## is the target server host uses SSL layer?
## turn these to true or false and false is 0
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

If it does not work, try looking into the post data cURL function.

PHP code reference http://php.net/manual/en/function.tempnam.php


ok, this is what I found out. This is what my brother Michael told me, and hes is working for the big G. What he told me "when there is a remote application accessing the atom, from unknown IP address, google will throw 401."

If you are getting this 401, all need to do is log-in to your gmail account. Look on top of the page for the red bar notification. The notification will say "Someone is trying to access your account from ....", What you could do at this point is to click on the red bar, and then if you recoginized the IP address to your server's IP in which the application is located, you have an option to allow it. This is just like a twitter OATH class.

Now, the dreaded security issues. Make sure no ONE BUT YOU have the access to your cURL script. The reason is that your password is exposed in plain text. I will not do this in shared hostings, unless I am pretty much aware of who are the other people currently hosted in the same very server, where the cURL script is running.


Thanks veedeoo, I am trying to save the cookies using your code, the cookie file is created in the "tmp" folder but no cookies value are saved in that cookie file. Is any method for saving the cookies?....



You need to dig into your desktop to see how the gmail plant the cookie pattern, and then create a regex for it to be able for you to parsed. Once you have done that, you can try adding codes below, before you close the cURL processes.

I know the regex for the gmail cookies, BUT I don't want to become responsible for any anomalies that may arise. This you must find it for yourself, and once you found out, do not share it...( It is felthy and not acceptable by any standards), because there is a great security risk involved here, not only on the GMAIL account, but also with other mail services that allows OATH login and integration.

Codes below if assembled will print cookie on your browser.. PLEASE READ MY DISCLAIMER.

    $cookieJar = array();
    preg_match_all('## put the pattern Here for the cookie ##', $result, $cookieJar);

Below is an exmaple of a yahoo cookie printed by the above codes.. It's a regular visit and nothing is manipulated for any purpose. This cookies has been derived for educational purposes only.

    Array ( [0] => B=3o5kdi58d3s73&b=3&s=bj; expires=Sat, 20-Dec-2014 16:52:51 GMT; path=/; domain=.yahoo.com ) Array ( [0] => Array ( [0] => Set-Cookie: B=3o5kdi58d3s73&b=3&s=bj; expires=Sat, 20-Dec-2014 16:52:51 GMT; path=/; domain=.yahoo.com ) [name] => Array ( [0] => B ) [1] => Array ( [0] => B ) [value] => Array ( [0] => 3o5kdi58d3s73&b=3&s=bj ) [2] => Array ( [0] => 3o5kdi58d3s73&b=3&s=bj ) [expires] => Array ( [0] => Sat, 20-Dec-2014 16:52:51 GMT ) [3] => Array ( [0] => Sat, 20-Dec-2014 16:52:51 GMT ) [path] => Array ( [0] => / ) [4] => Array ( [0] => / ) [domain] => Array ( [0] => .yahoo.com ) [5] => Array ( [0] => .yahoo.com ) ) 

Again, as I always said I am not responsible for any consequences for whatever this script is used.

This article has been dead for over six months: Start a new discussion instead
Start New Discussion
View similar articles that have also been tagged: