[Pro] PHP, cURL and Cookies

JDW · July 8, 2015, 9:51am

I can read and then display some web pages using PHP and cURL, but some web pages I cannot do this. For example, the following PHP code works great to display example.com in-browser (running my PHP code from an APACHE server):

<?php
    $curl = curl_init();
    curl_setopt ($curl, CURLOPT_URL, "http://www.example.com");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    $result = curl_exec ($curl);
    curl_close ($curl);
    print $result; 
?>

But the URL I really want to access is the login page of my FileMaker database, running on a shared server via IWP (Instant Web Publishing). Here is the code I am using which results in a blank browser page:

<?php
    $curl = curl_init();
    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    $result = curl_exec ($curl);
    curl_close ($curl);
    print $result; 
?>

That page on macusa.net uses a cookie, so perhaps that is causing the blank browser page. When I manually type the above macusa URL into the Safari address bar and hit return, the Console shows me the following:

Set-Cookie     fmi-cookie=fmi-cookie; Path=/; Version=1

Assuming it is the cookie causing trouble, what approach should I take to solve it?

[NOTE]:
I am still learning PHP, so for now I simply want to display the desired page contents in the browser, to show me that at least I can access the page content via my PHP code. My ultimate goal, however, will be to quietly access the login page via PHP, then present the user with the same page but translated into Japanese, from which they should be able to enter their ID/PSW, submit the form, and access the database. And if the login attempt throws an error, I would grab that with PHP and then return a translated page for the user. The reason is because the shared server that hosts my FileMaker database is set to an English UI, and I wish to translate the login page (and any errors) into Japanese.

dynamo mailing list
email@hidden
Update your subscriptions at:

waltd · July 8, 2015, 10:57am

My guess here is that the page is possibly setting a cookie, and may also be redirecting you. There’s a great Firefox extension called (I think) Tamper Session, which lets you slow down these sorts of processes, and interrupt them like a debugger. Instead of just redirecting quickly and quietly, TS lets you pause and see what is going on. That would be my first debugging step. Then look at all these many options for cURL: http://php.net/manual/en/curl.constants.php (that’s just the tip of what you can do). Many of these refer to cookies and redirection. Have a google around that subject, once you figure out what exactly the page is doing. Also, don’t take that white page literally. View source on it and see what exactly is in there. Also, put the following in the very top of your script – you may have a syntax error somewhere; a white screen is a perfectly valid outcome of that.

ini_set('display_errors', true);
error_reporting(E_ALL);

Walter

On Jul 8, 2015, at 5:51 AM, JDW email@hidden wrote:

I can read and then display some web pages using PHP and cURL, but some web pages I cannot do this. For example, the following PHP code works great to display example.com in-browser (running my PHP code from an APACHE server):
<?php
>    $curl = curl_init();
>    curl_setopt ($curl, CURLOPT_URL, "http://www.example.com");
>    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
>    $result = curl_exec ($curl);
>    curl_close ($curl);
>    print $result; 
> ?>
But the URL I really want to access is the login page of my FileMaker database, running on a shared server via IWP (Instant Web Publishing). Here is the code I am using which results in a blank browser page:
<?php
>    $curl = curl_init();
>    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
>    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
>    $result = curl_exec ($curl);
>    curl_close ($curl);
>    print $result; 
> ?>
That page on macusa.net uses a cookie, so perhaps that is causing the blank browser page. When I manually type the above macusa URL into the Safari address bar and hit return, the Console shows me the following:
Set-Cookie     fmi-cookie=fmi-cookie; Path=/; Version=1
Assuming it is the cookie causing trouble, what approach should I take to solve it?

[NOTE]:
I am still learning PHP, so for now I simply want to display the desired page contents in the browser, to show me that at least I can access the page content via my PHP code. My ultimate goal, however, will be to quietly access the login page via PHP, then present the user with the same page but translated into Japanese, from which they should be able to enter their ID/PSW, submit the form, and access the database. And if the login attempt throws an error, I would grab that with PHP and then return a translated page for the user. The reason is because the shared server that hosts my FileMaker database is set to an English UI, and I wish to translate the login page (and any errors) into Japanese.

dynamo mailing list
email@hidden
Update your subscriptions at:
Information for existing FreewayTalk / Groups.io users - Site Feedback - Softpress Talk

dynamo mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

JDW · July 9, 2015, 7:28am

I spent the last 30 minutes typing in my post into this field, and upon clicking the blue SEND button it took me to the front page and said, “WELCOME BACK.” My post was never sent, and clicking the back button on the browser would not return the text I typed.

Grrrrrrrr!!!

Now I need to type it all again.

Drat.

dynamo mailing list
email@hidden
Update your subscriptions at:

JDW · July 9, 2015, 7:48am

Walter,

I still get a blank page even after adding the error reporting code to my PHP script as follows:

<?php
    $curl = curl_init();
    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    ini_set('display_errors', true);
	error_reporting(E_ALL);
    $result = curl_exec ($curl);
    curl_close ($curl);
    print $result; 
?>

But when I substitute “example.com” for the above “hartford.macusa.net” URL, the page content displays fine. But example.com doesn’t use sessions or cookies. So I guess that shows the MacUSA page is blank due to non-existent handling of the cookie it assigns.

I couldn’t find a FireFox extension named “Tamper Session” but I installed one called “Tamper Data”. Even so, that extension doesn’t really do much that I can see. When I open its window and then load the MacUSA Login page, here’s a screenshot of what I see:

http://cl.ly/image/200a1P3R252v/Image%202015-07-09%20at%203.49.33%20PM.png

No mention of a Cookie in sight. So I guess you remembered the name of the FF extension wrong.

I do have FireBug in FireFox. It works pretty much like the Console in Safari though. If I open the MacUSA Login page in Safari with the Console open to show Cookies, this is what I see:

http://cl.ly/image/291u0Q2A2x0y/Image%202015-07-09%20at%204.17.56%20PM.png

As you can see in that screenshot the cookie seems to be named “fmi-cookie”. But the strange thing is, when I review the JavaScript on that MacUSA Login page, it seems to say the cookie name is “check”:

<script type="text/javascript" language="JavaScript1.4">
<!--
	function setCookie(cookieName,value)
	{
			var today=new Date();
			today.setDate(today.getDate()+ 1);
			document.cookie=cookieName+ "=" +escape(value)+ ";expires="+today;
	}

	function getCookie(name)
	{
		var start = document.cookie.indexOf( name + "=" );
		if (start == -1) return null;
		var nameLength = start + name.length + 1;
		var end = document.cookie.indexOf( ';', nameLength );
		if (end == -1) end = document.cookie.length;
		return unescape(document.cookie.substring( nameLength, end ));
	}

	function checkCookie(){
		setCookie('check','check');
		testCookie = getCookie('check');
		
		if(testCookie == null){
			return false;
		}else{
			document.cookie = 'check' + '=' +';expires=Thu, 01-Jan-1970 00:00:01 GMT';
			return true;
		}
	}
			
	function getSid()
	{
		var url = window.top.location.href;
		var result = "";
		if ( url != null )
		{
			var sid = null;
			var index = null;
			if(checkCookie() == true){
				index = url.indexOf( "JSESSIONID=" );
			}else{
				index = url.indexOf( ";jsessionid=" );
			}
			if ( index != -1 )
			{
				var end = url.indexOf ( "&", index );
				if ( end != -1 )
				{
					result = url.substring ( index, end );
				}
				else
				{
					result = url.substr ( index );
				}
			}
		}
		return result;
	}

	var sid = getSid();
	if ( sid.length > 0 ){
		document.write ( '<script type="text/javascript" language="JavaScript1.4" src="/fmi/iwp/cgi' + sid+ '?-authinfo' + '"><' + '/script>' );
	}else{
		document.write ( '<script type="text/javascript" language="JavaScript1.4" src="/fmi/iwp/cgi?-authinfo' + '"><' + '/script>' );
	}
		

-->
</script>

So I am rather confused at how to proceed at this stage.

–James W.

(Saving the entire text of this post prior to clicking SEND this time! Ack!)

dynamo mailing list
email@hidden
Update your subscriptions at:

Roger_Holloway · July 9, 2015, 8:21am

Dear James,
A Very interesting, obscure and totally incomprehensible mail, James. My suggestion is that, once you have chosen the target address in the top window, go to the bottom window and type your message clearly. Coherence, simplicity, and sticking to the point are GOOD.
Roger

Sent from my iPad

On 9 Jul 2015, at 08:28, JDW email@hidden wrote:

I spent the last 30 minutes typing in my post into this field, and upon clicking the blue SEND button it took me to the front page and said, “WELCOME BACK.” My post was never sent, and clicking the back button on the browser would not return the text I typed.

Grrrrrrrr!!!

Now I need to type it all again.

Drat.

dynamo mailing list
email@hidden
Update your subscriptions at:
Information for existing FreewayTalk / Groups.io users - Site Feedback - Softpress Talk

dynamo mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

JDW · July 9, 2015, 8:48am

Roger, I’m not sure what you mean. I always come to freewaytalk.softpress.com, scroll to the bottom of the web page, type in my message, and then click SEND. This is the first time FreewayTalk has eaten my message!

But it would be nice if after click SEND, if there is a problem, I could click the browser’s BACK button to see the text of my post still sitting there unsent. That is how a lot of true forums work, although I fully understand that FreewayTalk is more of a “web interface for an email list” than a true forum.

It’s not a big deal. PHP and Cookies… Well, that’s the big deal. Therefore, if you have specific comments on my previous post, I’m all ears!

–James W.

dynamo mailing list
email@hidden
Update your subscriptions at:

waltd · July 9, 2015, 11:23pm

True, it is a front end on a mailing list, but it is also built (was build many years ago) with some serious attempts toward avoiding automated spam and form submissions. The form is injected into the page with JavaScript, and it is very deliberately built to avoid being reloaded as you would like it to be. Sorry about that. On the plus side, there hasn’t been much of a spam problem here either (touch wood).

Walter

On Jul 9, 2015, at 4:48 AM, JDW email@hidden wrote:

But it would be nice if after click SEND, if there is a problem, I could click the browser’s BACK button to see the text of my post still sitting there unsent. That is how a lot of true forums work, although I fully understand that FreewayTalk is more of a “web interface for an email list” than a true forum.

dynamo mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

waltd · July 9, 2015, 11:24pm

Please try putting the error reporting stuff at the very top of the page, right after the opening <?php.

Walter

On Jul 9, 2015, at 3:48 AM, JDW email@hidden wrote:

I still get a blank page even after adding the error reporting code to my PHP script as follows:

dynamo mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

JDW · July 9, 2015, 11:50pm

Hi Walter,

Moving those 2 lines of code to the top would yield this script:

<?php
    ini_set('display_errors', true);
    error_reporting(E_ALL);
    $curl = curl_init();
    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    $result = curl_exec ($curl);
    curl_close ($curl);
    print $result; 
?>

I still get a blank page.

The script can be executed from off my server via the following URL:

http://kiramek.com/curl_FMDB-LoginPage_test.php

Note that I also have the following lines within my .htaccess file on the server:

php_flag display_errors 1
php_value error_reporting 30719

Best,

James W.

dynamo mailing list
email@hidden
Update your subscriptions at:

waltd · July 9, 2015, 11:58pm

What happens if you try to curl a different page using this same script? Does it work on “normal” non-cookies pages? What about redirects?

Walter

On Jul 9, 2015, at 7:50 PM, JDW email@hidden wrote:

Hi Walter,

Moving those 2 lines of code to the top would yield this script:
<?php
>    ini_set('display_errors', true);
>    error_reporting(E_ALL);
>    $curl = curl_init();
>    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
>    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
>    $result = curl_exec ($curl);
>    curl_close ($curl);
>    print $result; 
> ?>
I still get a blank page.

The script can be executed from off my server via the following URL:

Error 404: Not Found

Note that I also have the following lines within my .htaccess file on the server:
php_flag display_errors 1
> php_value error_reporting 30719
Best,

James W.

dynamo mailing list
email@hidden
Update your subscriptions at:
Information for existing FreewayTalk / Groups.io users - Site Feedback - Softpress Talk

dynamo mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

JDW · July 10, 2015, 12:10am

As I said in my previous posts, when I use “example.com” in place of the “macusa” URL, it works as expected (displays the website “example.com” perfectly). I also tried other URLs too. It displays those sans graphics, and sometimes the layout is crazy, but it works.

So something is special about the FileMaker DB Login page, which is here:

http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession

Curling that page yields a blank page.

–James W.

dynamo mailing list
email@hidden
Update your subscriptions at:

Tim3 · July 10, 2015, 8:33am

Hi James,
I’ve done nothing more than Google this for you but this Stack Overflow thread may be of some use to you;

Regards,
Tim.

On 10 Jul 2015, at 01:10, JDW wrote:

So something is special about the FileMaker DB Login page, which is here:

http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession

FreewayActions.com - Freeware and commercial Actions for Freeway Express & Pro - http://www.freewayactions.com

dynamo mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

JDW · July 13, 2015, 8:22am

Thanks for the link, Tim, but I don’t understand what those -b, -c, -d switches do. (They are mentioned in the code presented on the StackOverflow link you provided.)

So I Googled and tried some other code, but without success:

<?php
    ini_set('display_errors', true);
    error_reporting(E_ALL);
	
    session_start(); 
    $strCookie = 'JSESSIONID=' . $_COOKIE['fmi-cookie'] . '; path=/'; 
    session_write_close(); 
	
    $curl = curl_init();

    curl_setopt($curl, CURLOPT_COOKIE, $strCookie );     
    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

    $result = curl_exec ($curl);
    curl_close ($curl);
    print $result; 
?>

The above code results in the following error:

Notice: Undefined index: fmi-cookie in /home/jdwages/domains/kiramek.com/public_html/curl_FMDB-LoginPage_test.php on line 6

I then tried this code:

<?php
    ini_set('display_errors', true);
    error_reporting(E_ALL);
    $curl = curl_init();
    
    curl_setopt($curl, CURLOPT_COOKIEJAR, "fmi-cookie");  // Initiates cookie file if needed 
    curl_setopt($curl, CURLOPT_COOKIEFILE, "fmi-cookie");  // Uses cookies from previous session if exists 
    curl_setopt($curl, CURLOPT_VERBOSE, 1); 
    curl_setopt($curl, CURLOPT_HEADER, 1); 
    
    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    
    $result = curl_exec ($curl);
    curl_close ($curl);
    print $result; 
?>

But that yields this error:

HTTP/1.1 302 Moved Temporarily 
Date: Mon, 13 Jul 2015 08:10:44 GMT 
Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET 
Date: Mon, 13 Jul 2015 08:10:44 GMT 
Server: hartford.macusa.net Cache-control: no-cache="set-cookie" Cache-control: must-revalidate 
Set-Cookie: JSESSIONID=054FC374C75DA594156C9FC8.wpc1; 
Path=/fmi/iwp; Version=1 Set-Cookie: fmi-cookie=fmi-cookie; Path=/; 
Version=1 Content-Type: text/html; charset=utf-8 
Location: http://hartford.macusa.net/fmi/iwp/res/iwp_auth.html;jsessionid=054FC374C75DA594156C9FC8.wpc1 
Content-Length: 0 
Expires: Tue, 03 May 1988 14:40:00 GMT

Casting PHP aside and opening the URL directly in Safari shows the following in Safari’s Console:

http://cl.ly/image/2S2P192w3C1V

URL:
http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession

I’m about as lost as I can be!

–James W.

dynamo mailing list
email@hidden
Update your subscriptions at:

waltd · July 13, 2015, 10:17am

I tried using cURL from the terminal to access your page, and I could either get the content of an error page (without specifying a cookie jar) or an empty page with no error (when I did). I didn’t have time to dig further into it, but I suspect that there may be a redirect in there that I’m not seeing. Attacking it with Tamper Session in Firefox would be my next step. I know there are flags in cURL that allow it to follow redirects and maintain the session using cookies as it does.

Walter

On Jul 13, 2015, at 4:22 AM, JDW email@hidden wrote:

Thanks for the link, Tim, but I don’t understand what those -b, -c, -d switches do. (They are mentioned in the code presented on the StackOverflow link you provided.)

So I Googled and tried some other code, but without success:

<?php
>    ini_set('display_errors', true);
>    error_reporting(E_ALL);
> 	
>    session_start(); 
>    $strCookie = 'JSESSIONID=' . $_COOKIE['fmi-cookie'] . '; path=/'; 
>    session_write_close(); 
> 	
>    $curl = curl_init();
> 
>    curl_setopt($curl, CURLOPT_COOKIE, $strCookie );     
>    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
>    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
> 
>    $result = curl_exec ($curl);
>    curl_close ($curl);
>    print $result; 
> ?>

The above code results in the following error:

Notice: Undefined index: fmi-cookie in /home/jdwages/domains/kiramek.com/public_html/curl_FMDB-LoginPage_test.php on line 6

I then tried this code:

<?php
>    ini_set('display_errors', true);
>    error_reporting(E_ALL);
>    $curl = curl_init();
> 
>    curl_setopt($curl, CURLOPT_COOKIEJAR, "fmi-cookie");  // Initiates cookie file if needed 
>    curl_setopt($curl, CURLOPT_COOKIEFILE, "fmi-cookie");  // Uses cookies from previous session if exists 
>    curl_setopt($curl, CURLOPT_VERBOSE, 1); 
>    curl_setopt($curl, CURLOPT_HEADER, 1); 
> 
>    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
>    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
> 
>    $result = curl_exec ($curl);
>    curl_close ($curl);
>    print $result; 
> ?>

But that yields this error:

HTTP/1.1 302 Moved Temporarily 
> Date: Mon, 13 Jul 2015 08:10:44 GMT 
> Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET 
> Date: Mon, 13 Jul 2015 08:10:44 GMT 
> Server: hartford.macusa.net Cache-control: no-cache="set-cookie" Cache-control: must-revalidate 
> Set-Cookie: JSESSIONID=054FC374C75DA594156C9FC8.wpc1; 
> Path=/fmi/iwp; Version=1 Set-Cookie: fmi-cookie=fmi-cookie; Path=/; 
> Version=1 Content-Type: text/html; charset=utf-8 
> Location: http://hartford.macusa.net/fmi/iwp/res/iwp_auth.html;jsessionid=054FC374C75DA594156C9FC8.wpc1 
> Content-Length: 0 
> Expires: Tue, 03 May 1988 14:40:00 GMT

Casting PHP aside and opening the URL directly in Safari shows the following in Safari’s Console:

http://cl.ly/image/2S2P192w3C1V

URL:
http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession

I’m about as lost as I can be!

–James W.

dynamo mailing list
email@hidden
Update your subscriptions at:
Information for existing FreewayTalk / Groups.io users - Site Feedback - Softpress Talk

dynamo mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

JDW · July 16, 2015, 7:13am

As mentioned in my previous posts here, I see “JSESSIONID” appearing in Safari’s Console, Cookies section, when I view that MacUSA Login page directly (outside my PHP script). JSESSIONID corresponds to the J2EE (Java 2 platform Enterprise Edition, 1999-2003) web app development framework, not PHP. So is special handling required in a PHP script for this?

Not knowing the answer to the above question, I continue to experiment. I gleaned some tips from Stack Overflow and wrote this script:

<?php
    ini_set('display_errors', true);
    error_reporting(E_ALL);
	
    $useragent = $_SERVER['HTTP_USER_AGENT'];
    $strCookie = 'JSESSIONID=' . $_COOKIE['JSESSIONID'] . '; path=/';
    session_write_close(); // end current session and store session data
	
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_VERBOSE, true);
    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML) Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36');
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    //curl_setopt($curl, CURLOPT_HEADER, true); //displays the header info
    curl_setopt($curl, CURLOPT_COOKIESESSION, true);
    curl_setopt($curl, CURLOPT_COOKIEJAR, 'fmi-cookie');
    curl_setopt($curl, CURLOPT_COOKIEFILE, 'fmi-cookie');
    $result = curl_exec ($curl);
    
    curl_close ($curl);
    print $result; 
?>

And to ensure the cookie handling works, I placed the above script inside a folder named “php” on my web server and gave that folder 777 permissions. Even so, the above script results in the following browser error:

Notice: Undefined index: JSESSIONID in /home/jdwages/domains/kiramek.com/public_html/php/test.php on line 6

The offending “line 6” is this:

$strCookie = 'JSESSIONID=' . $_COOKIE['JSESSIONID'] . '; path=/';

Thoughts?

dynamo mailing list
email@hidden
Update your subscriptions at:

JDW · July 16, 2015, 7:37am

Addendum to my previous post…

After executing the PHP script shown in my previous post from the /php/ directory on my web server, which has 777 permissions, I see the following file was created:

fmi-cookie

Contents of that file:

# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

hartford.macusa.net	FALSE	/fmi/iwp	FALSE	0	JSESSIONID	054FC37BD6AB0358156C9EFD.wpc1
hartford.macusa.net	FALSE	/	FALSE	0	fmi-cookie	fmi-cookie

dynamo mailing list
email@hidden
Update your subscriptions at:

waltd · July 20, 2015, 2:49pm

One thing for you to look into here – I don’t think it matters at all what name you give the cookie file, as long as each request references the same file. Earlier in this thread, you mentioned creating a cookie file named for the cookie that you expected to store within it. Those two concepts are not related, as far as I know.

The folder where you create the cookie file needs to exist, and needs to allow whatever user (usually nobody or www-user or something like that) to write into it. A shortcut to this is to give the folder 777 permissions, but this is really something that should not be true for long. (It’s perfectly okay for testing, but leaving a folder at 777 allows anyone else on the same server to read/write that folder, which is bad. )

Once you get the cookie created, look at the folder in Terminal with ls -l, and see which user the file was created with. Then you can chmod the folder to 770, chgroup it to your user’s group, and chown it to that user the Web server runs as. That allows you to change the folder if you need to, and allows the Web server to do the same, but keeps anyone else from accessing it at all.

Walter

dynamo mailing list
email@hidden
Update your subscriptions at:

JDW · July 21, 2015, 4:49am

Walter Davis wrote: …look at the folder in Terminal with ls -l, and see which user the file was created with. Then you can chmod the folder to 770, chgroup it to your user’s group, and chown it to that user the Web server runs as. That allows you to change the folder if you need to, and allows the Web server to do the same, but keeps anyone else from accessing it at all.

But the server on which I have that folder and cookie stored is my off-site web server — a shared server hosted on ServerLogistics. As such, I cannot use the Terminal to alter permissions as you suggest. I merely used Transmit (the FTP client) to GET INFO on a new folder I created on that server, and I then easily changed the permissions to 777.

Please advise in light of this.

Thanks,

James W.

dynamo mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

JDW · July 21, 2015, 8:21am

Walter, instead of saving the cookie inside a sub-folder of /public_html/ and using 777 permissions on that sub-folder (as I have been doing), I could opt to save the cookie within “/tmp/” which is in the root directory my server and already has 777 permissions. That should be secure enough, shouldn’t it?

The relevant section of the PHP code would then become something like this:

    curl_setopt($curl, CURLOPT_COOKIEJAR, 'root/tmp/fmi-cookie'); //copies cookie to my server
    curl_setopt($curl, CURLOPT_COOKIEFILE, 'root/tmp/fmi-cookie');

Regardless, I still don’t understand how to properly deal with JSESSIONID, as described in my earlier post.

–James W.

dynamo mailing list
email@hidden
Update your subscriptions at:

JDW · July 21, 2015, 8:52am

I was advised by someone off-list to rewrite the HEADER in an attempt to deal with JSESSIONID. I save the HEADER and COOKIE into the root/tmp/ directory, which has 777 permissions. Here’s the code:

<?php
    ini_set('display_errors', true);
    error_reporting(E_ALL);
    $headerfile = 'root/tmp/headers.txt';
    $cookiefile = 'root/tmp/fmi-cookie.txt';
    $useragent = $_SERVER['HTTP_USER_AGENT'];
    $cookies = $_SERVER['HTTP_COOKIE'];
 
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_VERBOSE, true);
    curl_setopt($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_COOKIE, $cookies);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_WRITEHEADER, fopen($headerfile, 'w+'));
    $result = curl_exec ($curl);
 
    curl_close ($curl);
 
    $headers = file($headerfile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
    foreach($headers as $header){
        header($header);
    }
    print $result;
?>

I fully understand that I don’t need to name my cookie the same as what is used by FM IWP, but there’s no harm in it and it helps my brain know better what it is. The content of “fmi-cookie.txt” saved into root/tmp/ when I execute the above script is as follows:

# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

hartford.macusa.net	FALSE	/fmi/iwp	FALSE	0	JSESSIONID	0573C320F091469D15509EA4.wpc1
hartford.macusa.net	FALSE	/	FALSE	0	fmi-cookie	fmi-cookie

And the content of “headers.txt” saved into root/tmp/ when I execute the above script is as follows:

HTTP/1.1 302 Moved Temporarily
Date: Tue, 21 Jul 2015 08:28:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 21 Jul 2015 08:28:01 GMT
Server: hartford.macusa.net
Cache-control: no-cache="set-cookie"
Cache-control: must-revalidate
Set-Cookie: JSESSIONID=0573C323F0A0574D15509EA7.wpc1; Path=/fmi/iwp; Version=1
Set-Cookie: fmi-cookie=fmi-cookie; Path=/; Version=1
Content-Type: text/html; charset=utf-8
Location: http://hartford.macusa.net/fmi/iwp/res/iwp_auth.html;jsessionid=0573C323F0A0574D15509EA7.wpc1
Content-Length: 0
Expires: Tue, 03 May 1988 14:40:00 GMT

Executing the PHP script in-browser displays the “You have logged out.” page at /iwp_home.html on my FileMaker server, rather than displaying the Login page (I want the Login page). I was told that I would need to “write a proxy in PHP” to resolve the problem.

What are your thoughts on this?

Thanks,

James W.

dynamo mailing list
email@hidden
Update your subscriptions at: