S. Di Cioccio S. Di Cioccio - 2 months ago 15x
PHP Question

CURL PHP (Wamp) follows Javascript windows.location redirection?

My problem is related to curl in a php file that follows the Javascript windows.location returns by the server and I cannot succeed to bypass that behavior

In fact I have written a script that connect to a website with a form for user authentication. The script works perfectly in its globality :

  • 1st Request : Get Request to obtain a PHP Session in a Cookie

  • 2nd Request : Post Request with cookie and Post Data containing user/password

Problem : I am always redirected by a javascript function in the server answer by a windows.location=XXXX

For Information I use WampServer Version 2.5 / PHP 5.5.12

My script is called via a web-browser with this : http://localhost/glpiv2/rechercheDerniersSuivisV2.php

First Time I create a cookie

function createCookie (){

global $proxy;
global $proxyauth;
global $cookies_file;
global $timeout;

$ch = curl_init();

// Proxy Authentication, keep cool with security
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, true);
curl_setopt($ch, CURLOPT_PROXY, $proxy);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyauth);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_POST , false);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch,CURLOPT_HTTPHEADER,array('User-Agent: Mozilla/6.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko','DNT: 1','Connection: Keep-Alive'));

curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies_file);

curl_setopt ($ch, CURLOPT_COOKIESESSION, true);

$file_contents = curl_exec($ch);

// If Error
// Le message d'erreur correspondant est affiché
echo "ERREUR curl_exec : ".curl_error($ch);


Server response Header of the first Request

Server: Apache
Set-Cookie: PHPSESSID=3c5939450c6811b8df981f83c9539f64; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, precheck=0
Pragma: no-cache
Content-Length: 253
Connection: close
Content-Type: text/html

Cookie is being created with PHPSESSID : OK

Second time I do a POST request with the newly created cookie to authenticate with a real user / password

function authenticateSession(){

echo "Lancement de authenticateSession";
global $proxy;
global $proxyauth;
global $cookies_file;
global $timeout;
global $authenticationGLPIPost;


$ch1 = curl_init();

// Proxy SSL and other stuff
curl_setopt($ch1, CURLOPT_PROXY, $proxy);
curl_setopt($ch1, CURLOPT_PROXYUSERPWD, $proxyauth);
curl_setopt($ch1, CURLOPT_SSL_VERIFYHOST, 0);

// Post preparation
curl_setopt ($ch1, CURLOPT_URL, $url);
curl_setopt($ch1, CURLOPT_HEADER, FALSE);
curl_setopt($ch1, CURLOPT_POST , TRUE);

// POST DATA with variable containing user / password
curl_setopt($ch1, CURLOPT_POSTFIELDS, $authenticationGLPIPost);
curl_setopt($ch1, CURLOPT_COOKIEFILE, $cookies_file);
curl_setopt ($ch1, CURLOPT_CONNECTTIMEOUT, $timeout);

$file_contents = curl_exec($ch1);

Server Response header of the 2nd Request

Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, precheck=0
Pragma: no-cache
Content-Length: 269
Connection: close
Content-Type: text/html

<script language=javascript>
NomNav = navigator.appName;
if (NomNav=='Konqueror'){
} else {

=> Problem with javascript windows.location redirection here in the response, that redirect me to http://localhost/glpi/front/central.php

Server response is displayed in the webbrowser.

I suspect that the web browser does execute the Javascript returned and redirect me
I verify that with a proxy interceptor and altering the server response I mean when I supress the Javascript bloc Or if I change the parameter of windows.location the redirect modify its behaviour

I try not being redirected with no success each of these options but no one works

curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 0);
curl_setopt ($ch, CURLOPT_MAXREDIRS, 0);

That mean for the first time I run the script and these 2 functions are called I am always redirected on the website page of authentication success that mean with the relative path /glpi/front/central.php.


How Strange that It could be everything work fine when I set

 curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);