I have auto-login link on one domain - this domain is used for authorization:
https://example.com/api/login/{key}/{username}
After following this link, user is redirected into control panel:
https://example.com
If something is wrong - user redirected to
https://example.com/login page.
In another domain example2.com users have billing panel and link https://example.com/api/login/{key}/{username} is placed in it.
So i need to do check from example2.com to example.com like this:
$url = https://example.com/api/login/{key}/{username};
if function-to-check-autologin($url) == "true" {
//do something
}
My searching result is curl, but i cant configurate request by myself.
How could I do it? curl or another way?
You haven't explained what 'auto-login' is, or how it works. All your domains are 'example.com' so they're all the same domain. Surely you don't make it easy for people to understand your question. I will try to state how I understand it.
You've got a user logged in on one internet domain and you want to redirect them to a second domain where they should remain logged in.
There are many ways you can do this, but they all depend on certain conditions.
If you use the standard http login method you could redirect to second domain with:
Since you indicate you're using a SSL certificate on both sites that would be reasonable safe. This will work even if you don't share a database.
If both domains are using the same database, you could handover an encrypted link to the logged in session of the user. This is how I do it normally. I keep sessions in my database, and each session has an ID. I encrypt that, any good method will do, and send it over to the second domain where I decrypt it like this:
https://example.com?key=DgGyC28Sw3eQFvY9hz2dBkfmCa5zMgV6nN4Jj8VeD76chf7
Of course the session itself should tell you whether the user is logged in. Make sure your encryption method is safe.
In both cases, if the URL gets into the wrong hands, a login could be faked. That's why the use of SSL is important, but some risks remain.
Although your question is vague, I would give you some clues.
First of all, you have to set CURLOPT_SSL_VERIFYPEER option to false unless you're going to deal with peer's certificate.
Also you have to tell CURL to handle redirects. This assume that you set CURLOPT_FOLLOWLOCATION option as well as CURLOPT_MAXREDIRS and CURLOPT_AUTOREFERER.
In order to send POST data with request you have to set CURLOPT_POST option to true and CURLOPT_POSTFIELDS to array of POST data or url-encoded string.
Once CURL request is done you can learn all information about it by curl_getinfo function. Calling it with CURLINFO_REDIRECT_COUNT as 2nd parameter will give number of redirects, and CURLINFO_EFFECTIVE_URL - last effective URL.
So the code might look like this:
$ch = curl_init();
curl_setopt_array($ch, array(
CURLOPT_URL => $url,
CURLOPT_NOBODY => false,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_MAXREDIRS => 1,
CURLOPT_AUTOREFERER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $data_array,
));
$response = curl_exec($ch);
if (curl_getinfo($ch, CURLINFO_REDIRECT_COUNT) == 1 && curl_getinfo($ch, CURLINFO_EFFECTIVE_URL) == $sample_redirect_url)
echo 'OK';