I am looking to figure out how to establish a session with our billing software (WHMCS) from PHP so that I can make a call to a URL that is only available to logged in admins. I don't believe I can pass both the login data and the parameters to the URL, so I believe a session must first be made and then the URL called.
The actual php in the system are encoded, but from viewing the source it appears to look as follows...
<form action="dologin.php" method="post" name="frmlogin" id="frmlogin">
<table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td width="30%" align="right" valign="middle"><strong>Username</strong></td>
<td align="left" valign="middle"><input type="text" name="username" size="30" class="login_inputs" /></td>
</tr>
<tr>
<td width="30%" align="right" valign="middle"><strong>Password</strong></td>
<td align="left" valign="middle"><input type="password" name="password" size="30" class="login_inputs" /></td>
</tr>
<tr>
<td width="30%" align="right" valign="middle"><input type="checkbox" name="rememberme" id="rememberme" /></td>
<td align="left" valign="middle"><label for="rememberme" style="cursor:hand">Remember me until I logout.</label></td>
</tr>
<tr>
<td width="30%" align="right" valign="middle"> </td>
<td align="left" valign="middle"><table width="100%" cellpadding="0" cellspacing="0"><tr><td><input type="submit" value="Login" class="button" /></td><td align="right">Language: <select name="language" class="login_inputs"><option value="">Default</option><option value="czech">Czech</option><option value="english">English</option><option value="french">French</option><option value="portugues">Portugues</option></select></td></tr></table></td>
</tr>
</table>
</form>
Should I be able to just do a CURL call like the following and then call the URL?
$url = "https://clients.website.com/admincp/dologin.php";
$username = "admin";
$password = "239asd90";
$postfields = array();
$postfields["username"] = $username;
$postfields["password"] = md5($password);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_exec($ch);
if (curl_error($ch)) die("Connection Error: ".curl_errno($ch).' - '.curl_error($ch));
curl_close($ch);
Session implementations generally use a unique hash stored within a cookie. That cookie is then sent on each subsequent request to identify the user's session.
What you need to do is capture that cookie and its value when you execute the login process. Then on requests for pages within the logged in area, you will also need to add your session cookie to the curl call.