YumYumYum YumYumYum - 5 months ago 19
PHP Question

PHP - with curl, how to send username password in a popup of htpasswd?

I have to submit POST method using curl, but while opening $URL it has a popup window with username/password to submit (like with htpasswd).

For some reason the following code is not working i get from server

HTTP/1.1 401 Unauthorized and HTTP/1.1 404 Not Found
( https://www.httpwatch.com/httpgallery/authentication/ )

// For Debug server response details
$curlOptions = array(
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_FOLLOWLOCATION => TRUE,
CURLOPT_VERBOSE => TRUE,
CURLOPT_STDERR => $verbose = fopen('php://temp', 'rw+'),
CURLOPT_FILETIME => TRUE,
);

// Real meat
$ch = curl_init();
curl_setopt_array($ch, $curlOptions);
curl_setopt($ch, CURLOPT_URL,$URL);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);

// is this the right way here in POST method???
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");// is this correct way to enter username/password in the popup?

$status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$result=curl_exec ($ch);

// Pretty print the debug logs
echo '<pre>',
!rewind($verbose),
stream_get_contents($verbose),
"\n",
'</pre>';

curl_close ($ch);
echo $result;


How can i make sure my POST method submission is really submitting the username/password? (debug log i do not see if i have submitted correctly, server is also not maintained by me, as its third-party service providers API)

EDIT:

TRY1: FAILED

// For Debug server response details
$curlOptions = array(
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_FOLLOWLOCATION => TRUE,
CURLOPT_VERBOSE => TRUE,
CURLOPT_STDERR => $verbose = fopen('php://temp', 'rw+'),
CURLOPT_FILETIME => TRUE,
);

// Real meat
$ch = curl_init();
curl_setopt_array($ch, $curlOptions);


//
//
//
//
// STACK-OVERFLOW EXPERT SAID UPDATE THE $URL WITH USER:PASS@ THIS
//
//
//
//

$URL = "http://$username:$password@site.com/postblabla";
curl_setopt($ch, CURLOPT_URL, $URL);



curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);


//
//
//
//
// STACK-OVERFLOW EXPERT SAID REMOVE THIS
//
//
//
//
//curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");

$status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$result=curl_exec ($ch);

// Pretty print the debug logs
echo '<pre>',
!rewind($verbose),
stream_get_contents($verbose),
"\n",
'</pre>';

curl_close ($ch);
echo $result;

Answer

With HTTP Auth, you send a username and a password as a part of the URL:

<schema>://<username>:<password>@<url>

Also see this SO question and answer.

However, the CURLOPT_USERPWD should have worked as well as both methods only set HTTP Authorization header. as mentioned here. This is also safer as your credentials will not be transferred as plaintext in URL and with potential use of SSL/TLS they will not be visible out in the open.

Also, setting HTTP Basic auth may help.

curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);