hi all

I am new to php and curl.How can we create cookies using curl.What is the advantage of creating cookies this way,instead of creating from php's normal way (Setcookie());

Thanks to all

Hi,

CURL is used by your PHP server to make a Request to another Web Server.
Here your websever is acting as the HTTP Client (like your browser) initiating the HTTP Request to the remote server.

Setcookie() is a request to set a cookie sent from your web server to the HTTP Client (usually a browser) that made the initial HTTP Request.How Setcookie() works:

To understand this you need to understand how cookies are implemented.

Since HTTP is stateless, Cookies were described in the HTTP Specifications as a way to save data between 2 HTTP Requests.

An example HTTP GET Request looks like this:

GET / HTTP/1.0
Host: www.example.com

This is a request for the index page on the domain: www.example.com

Lets say you have the PHP Script below on the index.php page on www.example.com .

<html><head><title>Example</title></head>
<body>
<?php

setCookie('test', 'Test Cookie');
echo 'Test: '.$COOKIE['test'];

?>
</body>
</html>

The HTTP Response can be something like:

HTTP/1.0 200 OK
LOCATION: www.example.com
Set-Cookie: test=Test Cookie
Connection: close

<html><head><title>Example</title></head>
<body>
Test: 
</body>
</html>

Note the HTTP Header:Set-Cookie: test=Test Cookie
This was generated by your webserver when it executed the function setCookie('test', 'Test Cookie');

Now when the web browser receives the HTTP Response from your server, it will save the cookie to its cookies file/folder.
Every time it sends a HTTP Request to the domain www.example.com in the future, it will also send it the cookie.

Example:

GET / HTTP/1.0
Host: www.example.com
Cookie: test=Test Cookie

Now The response from the index.php page on example.com will be:

HTTP/1.0 200 OK
LOCATION: www.example.com
Set-Cookie: test=Test Cookie
Connection: close

<html><head><title>Example</title></head>
<body>
Test: Test Cookie
</body>
</html>

Notice that $COOKIE['test'] now exists in the server as "Test Cookie". You can see this in the HTTP Response Body.How CURL Works:

Now in the above example, the HTTP Session was between a Browser and the Web Server at the domain www.example.com

Now say you have a PHP web server at www.myexample.com .
CURL allows your PHP server at www.myexample.com to create a HTTP Request to www.example.com as if it were a web browser. This is what server to server communication is and is the purpose of CURL. It allows your PHP server to act as an HTTP Client.

Say you have the php code below on www.myexample.com:

<?php

$ch = curl_init("http://www.example.com/");

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$HTTP_Response = curl_exec($ch);
curl_close($ch);
?>

This will make CURL send a HTTP Request such as the one below to www.example.com:

GET / HTTP/1.0
Host: www.example.com

Notice this is just like the HTTP Request the browser made.
Now this is the same request for index.php so example.com will respond with the same HTTP Response as it did to the browser. To the server at www.example.com , the HTTP Request is from just another HTTP Client.

HTTP/1.0 200 OK
LOCATION: www.example.com
Set-Cookie: test=Test Cookie
Connection: close

<html><head><title>Example</title></head>
<body>
Test: 
</body>
</html>

This HTTP Response will be saved to $HTTP_Response in our script as we specified in the line:

$HTTP_Response = curl_exec($ch);

If you notice, in the HTTP Response, the server at www.example.com requested that we set a cookie:

Set-Cookie: test=Test Cookie

Now if you want this cookie saved so that you can send it in the next request, you have to instruct CURL to save cookies to a file using:

curl_setopt($ch, CURLOPT_COOKIEJAR, $file_path);

where $file_path is a path to a file on your server. Usually you want this file under the web root so it can't be accessed from HTTP Clients. :)

Then when you make a subsequent HTTP Request to the same domain, you need to specify the file where cookies is saved to CURL.

curl_setopt($ch, CURLOPT_COOKIEFILE, $file_path);

where $file_path is the path to the file used to save cookies to in the last request, or containing any cookies you want to use in netscape cookies format or raw HTTP Cookie Header format.

So on www.myexample.com you can have the PHP Code:

<?php

// file to save cookies to
$file_path = '/tmp/cookies.txt';

$ch = curl_init("http://www.example.com/");

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $file_path);

$HTTP_Response1 = curl_exec($ch);
curl_close($ch);


$ch = curl_init("http://www.example.com/");

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, $file_path);

$HTTP_Response2 = curl_exec($ch);


?>

Now the second HTTP REquest to www.example.com will send the cookie set in the first HTTP Request.

Example: (second HTTP Request)

GET / HTTP/1.0
Host: www.example.com
Cookie: test=Test Cookie

For practical implementations, you can use CURLs ability to save cookies to have your webserver log into remote sites and do tasks for you just as if you were doing it from the browser.

PHP also has inbuilt support for creating Socket Based or TCP connections that are the underlying protocol HTTP is built on, and thus make HTTP Requests.
See: fsockopen()

Thanks

could you please suggest me some good tutorial to learn php-curl section.I am not able to find a good one from google and yahoo.

A good place to start is PHP documentation on CURL. http://www.php.net/curl

Also look at curl_setopt() function for different settings of the HTTP request you're making. http://www.php.net/manual/en/function.curl-setopt.php

Heres the examples page on the CURL author's site:
http://curl.haxx.se/libcurl/php/examples/

Hi digital-ether,

I have found your nice and detailed reply to aniltc while looking for infos
on php-curl.

I have tried to follow your instructions, but had a little success.

It seems to me that I have to take two further steps in order to get
anything from the site I'm interested in.
If I want that the output of curl_exec contains anything at all, I have to
"disguise as a real browser" and ask for header information...

$agent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13';
curl_setopt ($ch, CURLOPT_USERAGENT, $agent);
curl_setopt ($ch, CURLOPT_HEADER, 1);

Unfortunately I'm still missing something. The point is probably that the information I'm trying to retrieve are a bit hard to get. What I'm doing is completely legal, though.
I have the rules for forming the url where the information I'm looking for is stored.
However, this url simply contains a redirection to a different url, and requires cookies, like
this

HTTP/1.1 302 Moved Temporarily
Set-Cookie: BIGipServerlink_pool=764805386.20480.0000; path=/
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 03 Nov 2008 13:03:23 GMT
Location: NEWURL
X-Powered-By: Servlet/2.5 JSP/2.1
Transfer-encoding: chunked

I follow your instructions, and point to the cookie file when opening the second url NEWURL.
However nothing happens... HTTP_response2 seems to be completely empty.
I mean, nothing appears if I print it, so I conclude it is empty. Or, else, could it have a more complex structure preventing printing?

Could my problem be a permissions problem? I mean, perhaps naively I expect that
the instruction

curl_setopt($ch, CURLOPT_COOKIEJAR, $file_path);

actually creates a file. But there is no such file where I expect it to be (and nowhere else),
despite the output of the above instruction is 1 (successful?).
The absence of the file means that the instruction failed despite the "true" output?

I hope you can give me some precious hint

Thanks a lot

Francesco

Hi digital-ether,

I have found your nice and detailed reply to aniltc while looking for infos on php-curl.

I have tried to follow your instructions, but had a little success.

It seems to me that I have to take two further steps in order to get anything from the site I'm interested in. If I want that the output of curl_exec contains anything at all, I have to "disguise as a real browser" and ask for header information...

$agent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13';
curl_setopt ($ch, CURLOPT_USERAGENT, $agent);
curl_setopt ($ch, CURLOPT_HEADER, 1);

Unfortunately I'm still missing something. The point is probably that the information I'm trying to retrieve are a bit hard to get. What I'm doing is completely legal, though. I have the rules for forming the url where the information I'm looking for is stored. However, this url simply contains a redirection to a different url, and requires cookies, like this

HTTP/1.1 302 Moved Temporarily
Set-Cookie: BIGipServerlink_pool=764805386.20480.0000; path=/
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 03 Nov 2008 13:03:23 GMT
Location: NEWURL
X-Powered-By: Servlet/2.5 JSP/2.1
Transfer-encoding: chunked

I follow your instructions, and point to the cookie file when opening the second url NEWURL. However nothing happens... HTTP_response2 seems to be completely empty. I mean, nothing appears if I print it, so I conclude it is empty. Or, else, could it have a more complex structure preventing printing?

Could my problem be a permissions problem? I mean, perhaps naively I expect that the instruction

curl_setopt($ch, CURLOPT_COOKIEJAR, $file_path);

actually creates a file. But there is no such file where I expect it to be (and nowhere else), despite the output of the above instruction is 1 (successful?). The absence of the file means that the instruction failed despite the "true" output?

I hope you can give me some precious hint

Thanks a lot

Francesco

Hi,

You need to instruct CURL to follow any redirects.

see: http://www.php.net/manual/en/function.curl-setopt.php

and the option CURLOPT_FOLLOWLOCATION
and CURLOPT_MAXREDIRS

eg:

curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt ($ch, CURLOPT_MAXREDIRS, 1);

Also make sure the cookie file is writable, and the directory exists.

Hi,

You need to instruct CURL to follow any redirects.

see:

http://www.php.net/manual/en/function.curl-setopt.php

and the option CURLOPT_FOLLOWLOCATION and CURLOPT_MAXREDIRS

eg:

curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt ($ch, CURLOPT_MAXREDIRS, 1);

Also make sure the cookie file is writable, and the directory exists.

Digital-ether, your explanation is very clear!!! I have difficulty understanding cUrl. Your explanation has really provide a clear picture of the flow. I guess now I really understanding this concept.

To extend this question, say if mybrowser -> myserver -> "another webserver", how do I request mybrowser to set the cookies that myserver received from "another webserver" using curl?

Many thanks

What is mybrowser? Is this your web browser? cURL in this context is running on the PHP server and has nothing to do with your browser.

You cannot have curl control your browser - in other words.

@digital-ether thanks so much for telling it in a way a (forty)six-year-old can understand.

I think I get where @curl12 is coming from. He wants to use the cookie (think of cookies that hold login username and password)
that 'myserver' had obtained from 'another web server' and somehow embed that cookie into his 'mybrowser', so that 'mybrowser' can also then access
'another web server' without having to 're-login'.

I am trying to do the same. I don't know about @curl12, but in my case 'myserver' and 'mybrowser' are behind a single router (dynamic IP).
Why would I want to do that? I run a computer lab for grade schoolers (3-14 y.o.)
I'd like to create a desktop/dashboard page consisting of a number of iframes, each pointing at a different website
(for which we have created individual accounts for each child); and when a kid logs in (to the dashboard) my script will log her in to a number of
different websites, so she does not have to.

First thing I thought of was to use CURL to login to an external website, which was successful.
The success was shortlived when I realized CURL logs 'myserver' in but not 'mybrowser'; needless to say is useless.

That's why I thought of capturing the cookies from 'myserver' and set it into 'mybrowser' so that 'mybrowser' can now browse (within the iframe)
as a logged in user. After all, we (all the 'mybrowsers') are behind the same router as 'myserver', thus same IP address.
So in other words, we only need 'myserver' to log a user in to several website all at once ,and once done pass the control over back to individual users.

Can this be done?