CURL - Post Form Isssue ( sequel )

Applications Web Development
1

Hi,

I write a new thread to discuss about my closed topic with new information ( /280990-curl-post-form-issue.html )
The previous post was closed because of missing informations, I didn't have access yet to server logs.

----------------------------------------------------------------------

I'm having an issue with curl post form, I dont' understand what I'm mising. I would like to send a post command with login and password to a form.

Url of the form : (http)<MYWEBSITE>/login

Source Code of the form :

<form action="/login_check" method="post">    
<input type="text" id="username" name="_username" value=""/>      
<input type="password" id="password" name="_password" />      
<button type="submit">Connexion</button></form>

Http Header from Firefox for the submit of the form with a correct authentification

<MYWEBSITE>/login_check
Host: fedex.gidn.recouv
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: <MYWEBSITE>/login
Content-Type: application/x-www-form-urlencoded
Content-Length: 42
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=461c5aa04837e9adb6235b51dbdc60c1
Upgrade-Insecure-Requests: 1
_username=GOODLOGIN&_password=GOODPWD
POST: HTTP/1.1 302 Found
Date: Mon, 04 Feb 2019 13:22:15 GMT
Server: Apache
X-Powered-By: PHP/5.4.37
Set-Cookie: PHPSESSID=87cb0cfadd8a6e95cc129f94c2951f60; path=/
location: <MYWEBSITE>
Content-Length: 389
Content-Type: text/html; charset=UTF-8
Age: 0
Connection: close
Cache-Control: no-cache
Via: 1.1 akamai (ACE 5.8.2/5.8.2)


<MYWEBSITE>
Host: <MYWEBSITE>
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: <MYWEBSITE>/login
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=87cb0cfadd8a6e95cc129f94c2951f60
Upgrade-Insecure-Requests: 1
POST: HTTP/1.1 200 OK
Date: Mon, 04 Feb 2019 13:22:15 GMT
Server: Apache
X-Powered-By: PHP/5.4.37
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Age: 0
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-cache
Via: 1.1 akamai (ACE 5.8.2/5.8.2)

Php Log from a post with Firefox with a correct login :

[2019-02-04 13:50:25] security.DEBUG: Read SecurityContext from the session [] [] [2019-02-04 13:50:25] security.DEBUG: Reloading user from user provider. [] [] 
[2019-02-04 13:50:25] security.DEBUG: Username "GOODLOGIN" was reloaded from user provider. [] [] 
[2019-02-04 13:50:25] request.INFO: Matched route "FedexCoeurBundle_accueil" (parameters: "_controller": "Fedex\CoeurBundle\Controller\DefautController::indexAction", "_route": "FedexCoeurBundle_accueil") [] [] 
[2019-02-04 13:50:25] security.DEBUG: Write SecurityContext in the session [] []

So, I got back the parameters to create the curl command

curl -v -d "_username=GOODLOGIN&_password=GOODPWD" -H "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0" -H "Content-type: application/x-www-form-urlencoded" MYWEBSITE/login > curl.html

The command result :

* About to connect() to MYWEBSITE port 80 (#0)
*   Trying IP... connected
* Connected to MYWEBSITE (IP) port 80 (#0)
> POST /login HTTP/1.1
> Host: MYWEBSITE
> Accept: */*
> User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 F                                                                                                                               irefox/64.0
> Content-type: application/x-www-form-urlencoded
> Content-Length: 42
>
} [data not shown]
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0    42      0  17500 --:--:-- --:--:-- --:--:-- 17500*                                                                                                                                HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Date: Mon, 04 Feb 2019 12:54:01 GMT
< Server: Apache
< X-Powered-By: PHP/5.4.37
< Set-Cookie: PHPSESSID=4bb983672555b0264af268f5ef7c1f16; path=/
< cache-control: no-cache
< Connection: close
< Content-Type: text/html; charset=UTF-8
<
{ [data not shown]
101 11495    0 11495    0    42  99223    362 --:--:-- --:--:-- --:--:--   98k*                                                                                                                                Closing connection #0

php symfony log from a post with Curl with a correct login :

[2019-02-04 13:55:34] security.INFO: Populated SecurityContext with an anonymous Token [] [] 
[2019-02-04 13:55:34] request.INFO: Matched route "login" (parameters: "_controller": "Fedex\CoeurBundle\Controller\SecuriteController::loginAction", "_route": "login") [] []

In the curl response on client side, I have the current login form, without notification of the error or the succeed, depending the login I use.
It's like the curl command doesn't send the input of the form.

I tried to connect with a wrong login, to see the difference, here the result :

Php symfony log from a post with Firefox with an incorrect login, or simply by loading the page :

[2019-02-04 13:52:33] security.INFO: Populated SecurityContext with an anonymous Token [] [] 
[2019-02-04 13:52:33] request.INFO: Matched route "login" (parameters: "_controller": "Fedex\CoeurBundle\Controller\SecuriteController::loginAction", "_route": "login") [] []

Php symfony log from a post with Curl with an incorrect login

[2019-02-04 13:59:20] security.INFO: Populated SecurityContext with an anonymous Token [] [] 
[2019-02-04 13:59:20] request.INFO: Matched route "login" (parameters: "_controller": "Fedex\CoeurBundle\Controller\SecuriteController::loginAction", "_route": "login") [] []

Thank you for your support

2

Hi Fred13,

First of all, that Php symfony log file is not the PHP error log file.

Second, you need to do this command:

php  --version

and provide full system information, for example:

  • Operating system and version
  • Web server and version
  • Location of your PHP error log file and logging level.
  • You are still not providing basic system information.
  • You have not provided the PHP error log file.
  • You have not provided the PHP file on the server you are trying to access

.

If you want help, you must provide basic system information and the information I have requested.

So far you have not posted anything I requested, because the Php symfony log is not the PHP error log file I asked for.

We can't help you if you are going to keep everything a secret from us.

These kind of problems you have are not solved with curl() as I mentioned earlier. I develop on the web everday, full stack, very complex apps, and never use curl() to debug any web dev problem. Never.

On the client-side (browser), I use:

  • Chrome web dev tools (built into the Chrome browser)

On the server side I use logfiles, including:

  • The PHP error log file.
  • Custom logging in the script I am debugging.

We do not use curl() to debug web dev operations and no skilled web developer I know uses curl() to debug web dev ops..

Cheers.

3

About server :

  • Apache version : 2.2.26
  • PHP Version : 5.4.37
  • Unix Version : CentOS release 6.4 (Final)CentOS release 6.4 (Final)

I don't have access to the server ( maybe in some days ), but only to a supervision page with the symphony log I provided. I cant get php error log, neither the log level.

I thought my problem was just a syntax issue about curl, I never used it.
I guess we need the log server to know what is missing.

I just got the source code from the projec, I will see what I can get from it. ( If you have a clue about what to search )

Thank you

1 Like
4

You really need direct access to the server log files to debug a web dev ops problem, including:

  • The PHP error log
  • The ability to write custom logging in your PHP scripts (using error_log() .for example)

The exact name of the PHP error log files is configured in the /etc/php/5.X/php.ini configuration for the server, depending on the version of PHP running.

When you have redirection issues, you also need access to your apache server logs. The exact name of the log files is configured in the apache2 configuration for the server.

  • Apache2 error log
  • Apache2 access log

You cannot debug a server-side PHP issue without access to the php error log.

For example, our server traffic here at unix.com is getting a lot more traffic lately. We just got hammered and mysqld started throwing errors. I checked the PHP error log and found the problem (too many connections) and immediately increased the limit.

Without access to the log files, we are blind.

You must team up with someone at your place of work who has system admin privs on the server to get you access to the logs.

curl() does not give any clues to what is happening on the server side (internally) except the HTTPD status code (like 302, 404, 301, etc). You should learn to use the web dev tools built into your browser for debugging web apps, not curl() and you must have access to the server logs directly. There is a networking tab in the web dev console which can help you

If you do not have access, the you should not be working on these kinds of problems at work. Either you have permissions (you are authorized) or you are not authorized. If you do not have system admin privs on the web server, you cannot debug the web app. It's that simple.

You cannot be a doctor if you do not have access to the patient. You cannot be a builder if you do not have access to the building. You cannot build and debug web apps without access to the web server.

Cheers.

5

I'll find a sysadmin this week to get me all the logs. My access are too limited.

Later...