Dynamo

26 replies to this thread. Most Recent

JDW

8 Jul 2015, 9:51 am

[Pro] PHP, cURL and Cookies

I can read and then display some web pages using PHP and cURL, but some web pages I cannot do this. For example, the following PHP code works great to display example.com in-browser (running my PHP code from an APACHE server):

    <?php
    $curl = curl_init();
    curl_setopt ($curl, CURLOPT_URL, "http://www.example.com");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    $result = curl_exec ($curl);
    curl_close ($curl);
    print $result; 
    ?>

But the URL I really want to access is the login page of my FileMaker database, running on a shared server via IWP (Instant Web Publishing). Here is the code I am using which results in a blank browser page:

    <?php
    $curl = curl_init();
    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    $result = curl_exec ($curl);
    curl_close ($curl);
    print $result; 
    ?>

That page on macusa.net uses a cookie, so perhaps that is causing the blank browser page. When I manually type the above macusa URL into the Safari address bar and hit return, the Console shows me the following:

Set-Cookie     fmi-cookie=fmi-cookie; Path=/; Version=1

Assuming it is the cookie causing trouble, what approach should I take to solve it?

[NOTE]: I am still learning PHP, so for now I simply want to display the desired page contents in the browser, to show me that at least I can access the page content via my PHP code. My ultimate goal, however, will be to quietly access the login page via PHP, then present the user with the same page but translated into Japanese, from which they should be able to enter their ID/PSW, submit the form, and access the database. And if the login attempt throws an error, I would grab that with PHP and then return a translated page for the user. The reason is because the shared server that hosts my FileMaker database is set to an English UI, and I wish to translate the login page (and any errors) into Japanese.

waltd

8 Jul 2015, 10:58 am

My guess here is that the page is possibly setting a cookie, and may also be redirecting you. There’s a great Firefox extension called (I think) Tamper Session, which lets you slow down these sorts of processes, and interrupt them like a debugger. Instead of just redirecting quickly and quietly, TS lets you pause and see what is going on. That would be my first debugging step. Then look at all these many options for cURL: http://php.net/manual/en/curl.constants.php (that’s just the tip of what you can do). Many of these refer to cookies and redirection. Have a google around that subject, once you figure out what exactly the page is doing. Also, don’t take that white page literally. View source on it and see what exactly is in there. Also, put the following in the very top of your script — you may have a syntax error somewhere; a white screen is a perfectly valid outcome of that.

ini_set('display_errors', true);
error_reporting(E_ALL);

Walter

On Jul 8, 2015, at 5:51 AM, JDW <[email protected]> wrote:

I can read and then display some web pages using PHP and cURL, but some web pages I cannot do this. For example, the following PHP code works great to display example.com in-browser (running my PHP code from an APACHE server):

<?php
>    $curl = curl_init();
>    curl_setopt ($curl, CURLOPT_URL, "http://www.example.com");
>    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
>    $result = curl_exec ($curl);
>    curl_close ($curl);
>    print $result; 
> ?>

But the URL I really want to access is the login page of my FileMaker database, running on a shared server via IWP (Instant Web Publishing). Here is the code I am using which results in a blank browser page:

<?php
>    $curl = curl_init();
>    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
>    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
>    $result = curl_exec ($curl);
>    curl_close ($curl);
>    print $result; 
> ?>

That page on macusa.net uses a cookie, so perhaps that is causing the blank browser page. When I manually type the above macusa URL into the Safari address bar and hit return, the Console shows me the following:

Set-Cookie     fmi-cookie=fmi-cookie; Path=/; Version=1

Assuming it is the cookie causing trouble, what approach should I take to solve it?

[NOTE]: I am still learning PHP, so for now I simply want to display the desired page contents in the browser, to show me that at least I can access the page content via my PHP code. My ultimate goal, however, will be to quietly access the login page via PHP, then present the user with the same page but translated into Japanese, from which they should be able to enter their ID/PSW, submit the form, and access the database. And if the login attempt throws an error, I would grab that with PHP and then return a translated page for the user. The reason is because the shared server that hosts my FileMaker database is set to an English UI, and I wish to translate the login page (and any errors) into Japanese.

Freeway user since 1997

http://www.walterdavisstudio.com

JDW

9 Jul 2015, 7:28 am

I spent the last 30 minutes typing in my post into this field, and upon clicking the blue SEND button it took me to the front page and said, “WELCOME BACK.” My post was never sent, and clicking the back button on the browser would not return the text I typed.

Grrrrrrrr!!!!!!

Now I need to type it all again.

Drat.

JDW

9 Jul 2015, 7:48 am

Walter,

I still get a blank page even after adding the error reporting code to my PHP script as follows:

    <?php
    $curl = curl_init();
    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    ini_set('display_errors', true);
        error_reporting(E_ALL);
    $result = curl_exec ($curl);
    curl_close ($curl);
    print $result; 
    ?>

But when I substitute “example.com” for the above “hartford.macusa.net” URL, the page content displays fine. But example.com doesn’t use sessions or cookies. So I guess that shows the MacUSA page is blank due to non-existent handling of the cookie it assigns.


I couldn’t find a FireFox extension named “Tamper Session” but I installed one called “Tamper Data”. Even so, that extension doesn’t really do much that I can see. When I open its window and then load the MacUSA Login page, here’s a screenshot of what I see:

http://cl.ly/image/200a1P3R252v/Image%202015-07-09%20at%203.49.33%20PM.png

No mention of a Cookie in sight. So I guess you remembered the name of the FF extension wrong.


I do have FireBug in FireFox. It works pretty much like the Console in Safari though. If I open the MacUSA Login page in Safari with the Console open to show Cookies, this is what I see:

http://cl.ly/image/291u0Q2A2x0y/Image%202015-07-09%20at%204.17.56%20PM.png

As you can see in that screenshot the cookie seems to be named “fmi-cookie”. But the strange thing is, when I review the JavaScript on that MacUSA Login page, it seems to say the cookie name is “check”:

    <script type="text/javascript" language="JavaScript1.4">
    <!--
        function setCookie(cookieName,value)
        {
                var today=new Date();
                today.setDate(today.getDate()+ 1);
                document.cookie=cookieName+ "=" +escape(value)+ ";expires="+today;
        }

        function getCookie(name)
        {
            var start = document.cookie.indexOf( name + "=" );
            if (start == -1) return null;
            var nameLength = start + name.length + 1;
            var end = document.cookie.indexOf( ';', nameLength );
            if (end == -1) end = document.cookie.length;
            return unescape(document.cookie.substring( nameLength, end ));
        }

        function checkCookie(){
            setCookie('check','check');
            testCookie = getCookie('check');

            if(testCookie == null){
                return false;
            }else{
                document.cookie = 'check' + '=' +';expires=Thu, 01-Jan-1970 00:00:01 GMT';
                return true;
            }
        }

        function getSid()
        {
            var url = window.top.location.href;
            var result = "";
            if ( url != null )
            {
                var sid = null;
                var index = null;
                if(checkCookie() == true){
                    index = url.indexOf( "JSESSIONID=" );
                }else{
                    index = url.indexOf( ";jsessionid=" );
                }
                if ( index != -1 )
                {
                    var end = url.indexOf ( "&", index );
                    if ( end != -1 )
                    {
                        result = url.substring ( index, end );
                    }
                    else
                    {
                        result = url.substr ( index );
                    }
                }
            }
            return result;
        }

        var sid = getSid();
        if ( sid.length > 0 ){
            document.write ( '<script type="text/javascript" language="JavaScript1.4" src="/fmi/iwp/cgi' + sid+ '?-authinfo' + '"><' + '/script>' );
    }else{
        document.write ( '<script type="text/javascript" language="JavaScript1.4" src="/fmi/iwp/cgi?-authinfo' + '"><' + '/script>' );
    }


-->
</script>

So I am rather confused at how to proceed at this stage.

—James W.

(Saving the entire text of this post prior to clicking SEND this time! Ack!)

Roger Holloway

9 Jul 2015, 8:22 am

Dear James, A Very interesting, obscure and totally incomprehensible mail, James. My suggestion is that, once you have chosen the target address in the top window, go to the bottom window and type your message clearly. Coherence, simplicity, and sticking to the point are GOOD. Roger

Sent from my iPad

On 9 Jul 2015, at 08:28, JDW <[email protected]> wrote:

I spent the last 30 minutes typing in my post into this field, and upon clicking the blue SEND button it took me to the front page and said, “WELCOME BACK.” My post was never sent, and clicking the back button on the browser would not return the text I typed.

Grrrrrrrr!!!!!!

Now I need to type it all again.

Drat.

rogerh

JDW

9 Jul 2015, 8:48 am

Roger, I’m not sure what you mean. I always come to freewaytalk.softpress.com, scroll to the bottom of the web page, type in my message, and then click SEND. This is the first time FreewayTalk has eaten my message!

But it would be nice if after click SEND, if there is a problem, I could click the browser’s BACK button to see the text of my post still sitting there unsent. That is how a lot of true forums work, although I fully understand that FreewayTalk is more of a “web interface for an email list” than a true forum.

It’s not a big deal. PHP and Cookies… Well, that’s the big deal. Therefore, if you have specific comments on my previous post, I’m all ears! :-)

—James W.

waltd

9 Jul 2015, 11:23 pm

True, it is a front end on a mailing list, but it is also built (was build many years ago) with some serious attempts toward avoiding automated spam and form submissions. The form is injected into the page with JavaScript, and it is very deliberately built to avoid being reloaded as you would like it to be. Sorry about that. On the plus side, there hasn’t been much of a spam problem here either (touch wood).

Walter

On Jul 9, 2015, at 4:48 AM, JDW <[email protected]> wrote:

But it would be nice if after click SEND, if there is a problem, I could click the browser’s BACK button to see the text of my post still sitting there unsent. That is how a lot of true forums work, although I fully understand that FreewayTalk is more of a “web interface for an email list” than a true forum.

Freeway user since 1997

http://www.walterdavisstudio.com

waltd

9 Jul 2015, 11:24 pm

Please try putting the error reporting stuff at the very top of the page, right after the opening <?php.

Walter

On Jul 9, 2015, at 3:48 AM, JDW <[email protected]> wrote:

I still get a blank page even after adding the error reporting code to my PHP script as follows:

Freeway user since 1997

http://www.walterdavisstudio.com

JDW

9 Jul 2015, 11:50 pm

Hi Walter,

Moving those 2 lines of code to the top would yield this script:

    <?php
    ini_set('display_errors', true);
    error_reporting(E_ALL);
    $curl = curl_init();
    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    $result = curl_exec ($curl);
    curl_close ($curl);
    print $result; 
    ?>

I still get a blank page.

The script can be executed from off my server via the following URL:

http://kiramek.com/curl_FMDB-LoginPage_test.php

Note that I also have the following lines within my .htaccess file on the server:

php_flag display_errors 1
php_value error_reporting 30719

Best,

James W.

waltd

9 Jul 2015, 11:58 pm

What happens if you try to curl a different page using this same script? Does it work on “normal” non-cookies pages? What about redirects?

Walter

On Jul 9, 2015, at 7:50 PM, JDW <[email protected]> wrote:

Hi Walter,

Moving those 2 lines of code to the top would yield this script:

<?php
>    ini_set('display_errors', true);
>    error_reporting(E_ALL);
>    $curl = curl_init();
>    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
>    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
>    $result = curl_exec ($curl);
>    curl_close ($curl);
>    print $result; 
> ?>

I still get a blank page.

The script can be executed from off my server via the following URL:

http://kiramek.com/curl_FMDB-LoginPage_test.php

Note that I also have the following lines within my .htaccess file on the server:

php_flag display_errors 1
php_value error_reporting 30719

Best,

James W.

Freeway user since 1997

http://www.walterdavisstudio.com

JDW

10 Jul 2015, 12:10 am

As I said in my previous posts, when I use “example.com” in place of the “macusa” URL, it works as expected (displays the website “example.com” perfectly). I also tried other URLs too. It displays those sans graphics, and sometimes the layout is crazy, but it works.

So something is special about the FileMaker DB Login page, which is here:

http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession

Curling that page yields a blank page.

—James W.

Tim Plumb

10 Jul 2015, 8:33 am

Hi James, I’ve done nothing more than Google this for you but this Stack Overflow thread may be of some use to you; http://stackoverflow.com/questions/12399087/curl-to-access-a-page-that-requires-a-login-from-a-different-page Regards, Tim.

On 10 Jul 2015, at 01:10, JDW wrote:

So something is special about the FileMaker DB Login page, which is here:

http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession


FreewayActions.com - Freeware and commercial Actions for Freeway Express & Pro - http://www.freewayactions.com

Tim Plumb - Experienced Freeway designer for hire

FreewayActions.com - Freeware and commercial Actions for Freeway Express & Pro

JDW

13 Jul 2015, 8:22 am

Thanks for the link, Tim, but I don’t understand what those -b, -c, -d switches do. (They are mentioned in the code presented on the StackOverflow link you provided.)

So I Googled and tried some other code, but without success:

    <?php
    ini_set('display_errors', true);
    error_reporting(E_ALL);

    session_start(); 
    $strCookie = 'JSESSIONID=' . $_COOKIE['fmi-cookie'] . '; path=/'; 
    session_write_close(); 

    $curl = curl_init();

    curl_setopt($curl, CURLOPT_COOKIE, $strCookie );   
    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

    $result = curl_exec ($curl);
    curl_close ($curl);
    print $result; 
    ?>

The above code results in the following error:

Notice: Undefined index: fmi-cookie in /home/jdwages/domains/kiramek.com/public_html/curl_FMDB-LoginPage_test.php on line 6

I then tried this code:

    <?php
    ini_set('display_errors', true);
    error_reporting(E_ALL);
    $curl = curl_init();

    curl_setopt($curl, CURLOPT_COOKIEJAR, "fmi-cookie");  // Initiates cookie file if needed 
    curl_setopt($curl, CURLOPT_COOKIEFILE, "fmi-cookie");  // Uses cookies from previous session if exists 
    curl_setopt($curl, CURLOPT_VERBOSE, 1); 
    curl_setopt($curl, CURLOPT_HEADER, 1); 

    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

    $result = curl_exec ($curl);
    curl_close ($curl);
    print $result; 
    ?>

But that yields this error:

HTTP/1.1 302 Moved Temporarily 
Date: Mon, 13 Jul 2015 08:10:44 GMT 
Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET 
Date: Mon, 13 Jul 2015 08:10:44 GMT 
Server: hartford.macusa.net Cache-control: no-cache="set-cookie" Cache-control: must-revalidate 
Set-Cookie: JSESSIONID=054FC374C75DA594156C9FC8.wpc1; 
Path=/fmi/iwp; Version=1 Set-Cookie: fmi-cookie=fmi-cookie; Path=/; 
Version=1 Content-Type: text/html; charset=utf-8 
Location: <http://hartford.macusa.net/fmi/iwp/res/iwp_auth.html;jsessionid=054FC374C75DA594156C9FC8.wpc1> 
Content-Length: 0 
Expires: Tue, 03 May 1988 14:40:00 GMT

Casting PHP aside and opening the URL directly in Safari shows the following in Safari’s Console:

http://cl.ly/image/2S2P192w3C1V

URL: http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession

I’m about as lost as I can be!

—James W.

waltd

13 Jul 2015, 10:18 am

I tried using cURL from the terminal to access your page, and I could either get the content of an error page (without specifying a cookie jar) or an empty page with no error (when I did). I didn’t have time to dig further into it, but I suspect that there may be a redirect in there that I’m not seeing. Attacking it with Tamper Session in Firefox would be my next step. I know there are flags in cURL that allow it to follow redirects and maintain the session using cookies as it does.

Walter

On Jul 13, 2015, at 4:22 AM, JDW <[email protected]> wrote:

Thanks for the link, Tim, but I don’t understand what those -b, -c, -d switches do. (They are mentioned in the code presented on the StackOverflow link you provided.)

So I Googled and tried some other code, but without success:

<?php
>    ini_set('display_errors', true);
>    error_reporting(E_ALL);
>   
>    session_start(); 
>    $strCookie = 'JSESSIONID=' . $_COOKIE['fmi-cookie'] . '; path=/'; 
>    session_write_close(); 
>   
>    $curl = curl_init();
> 
>    curl_setopt($curl, CURLOPT_COOKIE, $strCookie );   
>    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
>    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
> 
>    $result = curl_exec ($curl);
>    curl_close ($curl);
>    print $result; 
> ?>

The above code results in the following error:

Notice: Undefined index: fmi-cookie in /home/jdwages/domains/kiramek.com/public_html/curl_FMDB-LoginPage_test.php on line 6

I then tried this code:

<?php
>    ini_set('display_errors', true);
>    error_reporting(E_ALL);
>    $curl = curl_init();
> 
>    curl_setopt($curl, CURLOPT_COOKIEJAR, "fmi-cookie");  // Initiates cookie file if needed 
>    curl_setopt($curl, CURLOPT_COOKIEFILE, "fmi-cookie");  // Uses cookies from previous session if exists 
>    curl_setopt($curl, CURLOPT_VERBOSE, 1); 
>    curl_setopt($curl, CURLOPT_HEADER, 1); 
> 
>    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
>    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
> 
>    $result = curl_exec ($curl);
>    curl_close ($curl);
>    print $result; 
> ?>

But that yields this error:

HTTP/1.1 302 Moved Temporarily 
Date: Mon, 13 Jul 2015 08:10:44 GMT 
Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET 
Date: Mon, 13 Jul 2015 08:10:44 GMT 
Server: hartford.macusa.net Cache-control: no-cache="set-cookie" Cache-control: must-revalidate 
Set-Cookie: JSESSIONID=054FC374C75DA594156C9FC8.wpc1; 
Path=/fmi/iwp; Version=1 Set-Cookie: fmi-cookie=fmi-cookie; Path=/; 
Version=1 Content-Type: text/html; charset=utf-8 
Location: <http://hartford.macusa.net/fmi/iwp/res/iwp_auth.html;jsessionid=054FC374C75DA594156C9FC8.wpc1> 
Content-Length: 0 
Expires: Tue, 03 May 1988 14:40:00 GMT

Casting PHP aside and opening the URL directly in Safari shows the following in Safari’s Console:

http://cl.ly/image/2S2P192w3C1V

URL: http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession

I’m about as lost as I can be!

—James W.

Freeway user since 1997

http://www.walterdavisstudio.com

JDW

16 Jul 2015, 7:13 am

As mentioned in my previous posts here, I see “JSESSIONID” appearing in Safari’s Console, Cookies section, when I view that MacUSA Login page directly (outside my PHP script). JSESSIONID corresponds to the J2EE (Java 2 platform Enterprise Edition, 1999-2003) web app development framework, not PHP. So is special handling required in a PHP script for this?

Not knowing the answer to the above question, I continue to experiment. I gleaned some tips from Stack Overflow and wrote this script:

    <?php
    ini_set('display_errors', true);
    error_reporting(E_ALL);

    $useragent = $_SERVER['HTTP_USER_AGENT'];
    $strCookie = 'JSESSIONID=' . $_COOKIE['JSESSIONID'] . '; path=/';
    session_write_close(); // end current session and store session data

    $curl = curl_init();
    curl_setopt($curl, CURLOPT_VERBOSE, true);
    curl_setopt ($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML) Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36');
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    //curl_setopt($curl, CURLOPT_HEADER, true); //displays the header info
    curl_setopt($curl, CURLOPT_COOKIESESSION, true);
    curl_setopt($curl, CURLOPT_COOKIEJAR, 'fmi-cookie');
    curl_setopt($curl, CURLOPT_COOKIEFILE, 'fmi-cookie');
    $result = curl_exec ($curl);

    curl_close ($curl);
    print $result; 
    ?>

And to ensure the cookie handling works, I placed the above script inside a folder named “php” on my web server and gave that folder 777 permissions. Even so, the above script results in the following browser error:

Notice: Undefined index: JSESSIONID in /home/jdwages/domains/kiramek.com/public_html/php/test.php on line 6 

The offending “line 6” is this:

$strCookie = 'JSESSIONID=' . $_COOKIE['JSESSIONID'] . '; path=/';

Thoughts?

JDW

16 Jul 2015, 7:37 am

Addendum to my previous post…

After executing the PHP script shown in my previous post from the /php/ directory on my web server, which has 777 permissions, I see the following file was created:

fmi-cookie

Contents of that file:

    # Netscape HTTP Cookie File
    # <http://curl.haxx.se/rfc/cookie_spec.html>
    # This file was generated by libcurl! Edit at your own risk.

hartford.macusa.net FALSE   /fmi/iwp    FALSE   0   JSESSIONID  054FC37BD6AB0358156C9EFD.wpc1
hartford.macusa.net FALSE   /   FALSE   0   fmi-cookie  fmi-cookie

waltd

20 Jul 2015, 2:49 pm

One thing for you to look into here — I don’t think it matters at all what name you give the cookie file, as long as each request references the same file. Earlier in this thread, you mentioned creating a cookie file named for the cookie that you expected to store within it. Those two concepts are not related, as far as I know.

The folder where you create the cookie file needs to exist, and needs to allow whatever user (usually nobody or www-user or something like that) to write into it. A shortcut to this is to give the folder 777 permissions, but this is really something that should not be true for long. (It’s perfectly okay for testing, but leaving a folder at 777 allows anyone else on the same server to read/write that folder, which is bad. )

Once you get the cookie created, look at the folder in Terminal with ls -l, and see which user the file was created with. Then you can chmod the folder to 770, chgroup it to your user’s group, and chown it to that user the Web server runs as. That allows you to change the folder if you need to, and allows the Web server to do the same, but keeps anyone else from accessing it at all.

Walter

Freeway user since 1997

http://www.walterdavisstudio.com

JDW

21 Jul 2015, 4:49 am

Walter Davis wrote:      …look at the folder in Terminal with ls -l, and see which user the file was created with. Then you can chmod the folder to 770, chgroup it to your user’s group, and chown it to that user the Web server runs as. That allows you to change the folder if you need to, and allows the Web server to do the same, but keeps anyone else from accessing it at all.

But the server on which I have that folder and cookie stored is my off-site web server — a shared server hosted on ServerLogistics. As such, I cannot use the Terminal to alter permissions as you suggest. I merely used Transmit (the FTP client) to GET INFO on a new folder I created on that server, and I then easily changed the permissions to 777.

Please advise in light of this.

Thanks,

James W.

JDW

21 Jul 2015, 8:21 am

Walter, instead of saving the cookie inside a sub-folder of /public_html/ and using 777 permissions on that sub-folder (as I have been doing), I could opt to save the cookie within “/tmp/” which is in the root directory my server and already has 777 permissions. That should be secure enough, shouldn’t it?

The relevant section of the PHP code would then become something like this:

    curl_setopt($curl, CURLOPT_COOKIEJAR, 'root/tmp/fmi-cookie'); //copies cookie to my server
    curl_setopt($curl, CURLOPT_COOKIEFILE, 'root/tmp/fmi-cookie');

Regardless, I still don’t understand how to properly deal with JSESSIONID, as described in my earlier post.

—James W.

JDW

21 Jul 2015, 8:52 am

I was advised by someone off-list to rewrite the HEADER in an attempt to deal with JSESSIONID. I save the HEADER and COOKIE into the root/tmp/ directory, which has 777 permissions. Here’s the code:

    <?php
    ini_set('display_errors', true);
    error_reporting(E_ALL);
    $headerfile = 'root/tmp/headers.txt';
    $cookiefile = 'root/tmp/fmi-cookie.txt';
    $useragent = $_SERVER['HTTP_USER_AGENT'];
    $cookies = $_SERVER['HTTP_COOKIE'];

    $curl = curl_init();
    curl_setopt($curl, CURLOPT_VERBOSE, true);
    curl_setopt($curl, CURLOPT_URL, "http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession");
    curl_setopt($curl, CURLOPT_COOKIE, $cookies);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_WRITEHEADER, fopen($headerfile, 'w+'));
    $result = curl_exec ($curl);

    curl_close ($curl);

    $headers = file($headerfile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
    foreach($headers as $header){
        header($header);
    }
    print $result;
    ?>

I fully understand that I don’t need to name my cookie the same as what is used by FM IWP, but there’s no harm in it and it helps my brain know better what it is. The content of “fmi-cookie.txt” saved into root/tmp/ when I execute the above script is as follows:

    # Netscape HTTP Cookie File
    # <http://curl.haxx.se/rfc/cookie_spec.html>
    # This file was generated by libcurl! Edit at your own risk.

hartford.macusa.net FALSE   /fmi/iwp    FALSE   0   JSESSIONID  0573C320F091469D15509EA4.wpc1
hartford.macusa.net FALSE   /   FALSE   0   fmi-cookie  fmi-cookie

And the content of “headers.txt” saved into root/tmp/ when I execute the above script is as follows:

HTTP/1.1 302 Moved Temporarily
Date: Tue, 21 Jul 2015 08:28:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 21 Jul 2015 08:28:01 GMT
Server: hartford.macusa.net
Cache-control: no-cache="set-cookie"
Cache-control: must-revalidate
Set-Cookie: JSESSIONID=0573C323F0A0574D15509EA7.wpc1; Path=/fmi/iwp; Version=1
Set-Cookie: fmi-cookie=fmi-cookie; Path=/; Version=1
Content-Type: text/html; charset=utf-8
Location: <http://hartford.macusa.net/fmi/iwp/res/iwp_auth.html;jsessionid=0573C323F0A0574D15509EA7.wpc1>
Content-Length: 0
Expires: Tue, 03 May 1988 14:40:00 GMT

Executing the PHP script in-browser displays the “You have logged out.” page at /iwp_home.html on my FileMaker server, rather than displaying the Login page (I want the Login page). I was told that I would need to “write a proxy in PHP” to resolve the problem.

What are your thoughts on this?

Thanks,

James W.

JDW

23 Jul 2015, 6:55 am

Typing the following URL into the browser address bar…

http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession

…displays Login page:

http://hartford.macusa.net/fmi/iwp/res/iwp_auth.html

Examining imp_auth.html in Safari’s Console reveals the following JavaScript:

    <script type="text/javascript" language="JavaScript1.4">
    <!--
        function setCookie(cookieName,value)
        {
                var today=new Date();
                today.setDate(today.getDate()+ 1);
                document.cookie=cookieName+ "=" +escape(value)+ ";expires="+today;
        }

        function getCookie(name)
        {
            var start = document.cookie.indexOf( name + "=" );
            if (start == -1) return null;
            var nameLength = start + name.length + 1;
            var end = document.cookie.indexOf( ';', nameLength );
            if (end == -1) end = document.cookie.length;
            return unescape(document.cookie.substring( nameLength, end ));
        }

        function checkCookie(){
            setCookie('check','check');
            testCookie = getCookie('check');

            if(testCookie == null){
                return false;
            }else{
                document.cookie = 'check' + '=' +';expires=Thu, 01-Jan-1970 00:00:01 GMT';
                return true;
            }
        }

        function getSid()
        {
            var url = window.top.location.href;
            var result = "";
            if ( url != null )
            {
                var sid = null;
                var index = null;
                if(checkCookie() == true){
                    index = url.indexOf( "JSESSIONID=" );
                }else{
                    index = url.indexOf( ";jsessionid=" );
                }
                if ( index != -1 )
                {
                    var end = url.indexOf ( "&", index );
                    if ( end != -1 )
                    {
                        result = url.substring ( index, end );
                    }
                    else
                    {
                        result = url.substr ( index );
                    }
                }
            }
            return result;
        }

        var sid = getSid();
        if ( sid.length > 0 ){
            document.write ( '<script type="text/javascript" language="JavaScript1.4" src="/fmi/iwp/cgi' + sid+ '?-authinfo' + '"><' + '/script>' );
    }else{
        document.write ( '<script type="text/javascript" language="JavaScript1.4" src="/fmi/iwp/cgi?-authinfo' + '"><' + '/script>' );
    }


-->
</script>
    <script type="text/javascript" language="JavaScript1.4" src="/fmi/iwp/cgi?-getstrings"></script>
    <script type="text/javascript" language="JavaScript1.4">
            <!--
                function disableFields()
                {
                    var acct = document.getElementById( "accnt" );
                    var pass = document.getElementById( "pass" );
                    acct.disabled = true;
                    pass.disabled = true;
                }

                function enableFields()
                {
                    var acct = document.getElementById( "accnt" );
                    var pass = document.getElementById( "pass" );
                    acct.disabled = false;
                    pass.disabled = false;
                }

                function setup()
                {
                    var ai = window.authinfo;
                    var name = document.getElementById( "thingy" );
                    var guest = document.getElementById( "guest-radio" );
                    var account = document.getElementById( "acct-radio" );
                    var login = document.getElementById( "login" );
                    var cancel = document.getElementById( "cancel" );
                    login.setAttribute( "value", iwp.strings.auth_btn_login );
                    cancel.setAttribute( "value", iwp.strings.stat_btn_cancel );
                    document.title = iwp.strings.home_ttl_iwp;
                    if ( ai != null && name != null )
                    {
                        var txt;
                        var sid = getSid();
                        var form = document.getElementById( "form-elt" );
                        if ( ai.realm.substring( 0, 9 ) == "FileMaker" )
                        {
                            txt = document.createTextNode( iwp.strings.auth_lbl_openfms );
                            var type = document.getElementById( "type" );
                            if ( sid.length > 0 )
                                form.action = "/fmi/iwp/cgi" +sid+ "?-authserver";
                            else
                                form.action = "/fmi/iwp/cgi?-authserver";
                            type.name = "-authserver";
                            cancel.style.visibility = "hidden";
                        }
                        else
                        {
                            if ( sid.length > 0 )
                                form.action = "/fmi/iwp/cgi" + sid + "?-authdb";
                            txt = document.createTextNode( iwp.strings.auth_lbl_opendb + ai.realm.substring( 9 ) + iwp.strings.auth_lbl_with );
                        }
                        name.appendChild( txt );
                        if ( ai.guest == "no" )
                        {
                            account.checked = true;
                            guest.disabled = true;
                        }
                        if ( ai.retrycount > 0 )
                        {
                            if ( ai.retrycount >= 4 && ai.dbpath != null )
                            {
                                window.location = "/fmi/iwp/cgi?-home&reset";
                            }
                            var msg = document.getElementById( "msg" );
                            msg.removeChild( msg.lastChild );
                            var txt;
                            if ( ai.realm.substring( 0, 9 ) == "FileMaker" )
                                txt = document.createTextNode( iwp.strings.auth_err_server );
                            else
                                txt = document.createTextNode( iwp.strings.auth_err_incorrect );
                            msg.appendChild( txt );
                        }
                        if ( ai.dbpath != null )
                        {
                            var hidden = document.getElementById( "dbpath" );
                            hidden.value = ai.dbpath;
                        }
                    }
                    document.getElementById( "accnt" ).focus();
                    var obj = document.getElementById( "iwpTopBox" );
                    var txt = document.createTextNode( iwp.strings.home_ttl_banner );
                    obj.appendChild( txt );
                }
                if ( window.authinfo == null )
                {
                    window.location = "/fmi/iwp/cgi?-home";
                }
            -->
            </script>
    <link href="/fmi/iwp/res/iwp_home.css" rel="stylesheet" type="text/css">
    </head>

<body onload="setup()">

This would seem to indicate that I cannot achieve my aims in PHP alone. Would you agree?

JDW

23 Jul 2015, 7:28 am

The really sad part is that there is so much complexity required to achieve simple aim. I’ve already created a Japanese language login page (using Freeway) that logs-in users without any PHP or JS at all:

http://kiramek.com/install-database/

The lone down side to that Japanese Login page is that if the user mistypes their ID or PSW, then they will be taken to the English login page, atop which the ERROR message, in English, will be displayed.

So I have been going to all this trouble, even learning PHP, simply so I can display that Japanese Login page AND intercept any error messages from the MacUSA server and display those errors in Japanese atop my Japanese Login page. That’s my entire aim in a nutshell.

JDW

23 Jul 2015, 7:55 am

Since no one appears to know how to reply to my 5 previous posts, let me ask you another question then…

Using Safari’s Console to examine the iwp_auth.html Login page, I see the following JS:

<script type="text/javascript" language="JavaScript1.4" src="/fmi/iwp/cgi?-getstrings">
</script>

That JS links to these English strings for the UI:

http://hartford.macusa.net/fmi/iwp/res/eng/strings.js

I simply substituted “jpn” for the “eng” part and found that this page loads:

http://hartford.macusa.net/fmi/iwp/res/jpn/strings.js

That’s what I want. If I can swap out the English for the Japanese, simply by switching which STRING file is used, that would be a solution.

Is there an easy way to do that?

waltd

23 Jul 2015, 11:29 am

Great detective work, James. This explains a whole lot of things at once. First, it means that your cURL approach never had a chance to do this, because cURL doesn’t load or run JavaScript. Second, it seems to me that if you are able to do a straight proxy of the page, you may be able to rewrite the JavaScript inline so that it requests the strings file you do want. But it also leads me to wonder, if that infrastructure is there, maybe there’s a way to enable it — an “official” way, that is — rather than sneaking around in the dark and rearranging the furniture. Most Web servers have a way to inspect the browser environment and switch languages like this based on headers that the browser sends. The browser says something like “I like HTML GZIP, etc, and I prefer German, Russian, and English, in that order. The server hunts through its assets and serves the first one that matches. I would have a look through the Filemaker server documentation, and see if there is some way to signal to the server that you prefer one language or another. Wouldn’t it be great (and slightly tragic, after all this effort) if all you had to do was pass a querystring variable like ?language=jp to the initial request in order to have what you’re after?

Here’s a PHP proxy in as few lines of code as I can muster:

<?php
$source = file_get_contents('your login page here');
// do things to the source with string manipulation here
$source = str_replace('/fmi/iwp/cgi?-getstrings', '/fmi/iwp/res/jpn/strings.js', $source);
header('Content-type: text/html; charset=utf-8');
print $source;
?>

Try putting that into an index.php file and then direct that as your login page, see what happens when you do.

Walter

On Jul 23, 2015, at 3:55 AM, JDW <[email protected]> wrote:

Since no one appears to know how to reply to my 5 previous posts, let me ask you another question then…

Using Safari’s Console to examine the iwp_auth.html Login page, I see the following JS:

<script type=”text/javascript” language=”JavaScript1.4” src=”/fmi/iwp/cgi?-getstrings”> </script>

That JS links to these English strings for the UI:

http://hartford.macusa.net/fmi/iwp/res/eng/strings.js

I simply substituted “jpn” for the “eng” part and found that this page loads:

http://hartford.macusa.net/fmi/iwp/res/jpn/strings.js

That’s what I want. If I can swap out the English for the Japanese, simply by switching which STRING file is used, that would be a solution.

Is there an easy way to do that?

Freeway user since 1997

http://www.walterdavisstudio.com

waltd

23 Jul 2015, 11:34 am

Detail omitted here: this should be a fully-qualified URL to the login page in question on the FMP server.

Walter

On Jul 23, 2015, at 7:28 AM, Walter Lee Davis <[email protected]> wrote:

file_get_contents(‘your login page here’);

Freeway user since 1997

http://www.walterdavisstudio.com

waltd

23 Jul 2015, 11:57 am

You may also need to inject a <base > tag into the head of the page you scrape so that all the paths to the JavaScript and other resources line up with reality.

// on another line, before the output, and replace the URL with the correct base
$source = str_replace('<head>', '<head><base href="http://example.com/">', $source);

Walter

On Jul 23, 2015, at 7:33 AM, Walter Lee Davis <[email protected]> wrote:

Detail omitted here: this should be a fully-qualified URL to the login page in question on the FMP server.

Walter

On Jul 23, 2015, at 7:28 AM, Walter Lee Davis <[email protected]> wrote:

file_get_contents(‘your login page here’);

Freeway user since 1997

http://www.walterdavisstudio.com

Back to Top

JDW

24 Jul 2015, 2:19 am

Walter, thank you for your tips.


First, there is no browser sniffing to determine the language. MacUSA is running FileMaker Server Advanced 11 on Macintosh hardware, used to share multiple FileMaker databases (including mine). There is a setting within FileMaker server that controls language. If you set it to English, it uses the English string file. If you change the setting to Japanese, it uses the Japanese string file. But it will not use both, and it will not switch.

Here’s a screenshot of the FileMaker Server Language setting:

http://cl.ly/image/462w2N050q2L/FMserver_IWP_StatusAreaLang.jpg

And here’s the text description from the FM Server manual:

For Status Area Language, select the language for the labels
displayed in the status area of the Instant Web Publishing page.
This setting changes the language for all text in the Instant Web
Publishing user interface — for example, the status area, Instant
Web Publishing homepage, forms- based authentication, dialog
boxes, and error messages.  The status area language setting does
not change the language of data stored in databases.

Since MacUSA is hosted in the USA, their target audience is English, not Japanese. That’s why they have their setting on English. And when the Server setting is English, then everyone who hosts a FileMaker database on that server will get the Login page, errors, etc. in English.

If FileMaker server had been more intelligently designed to sniff the client’s browser and send the appropriate language strings to the browser, I wouldn’t have any problem at all. But sadly, that is not the case.


Next, I tried your code, saving it and running it from off my ServerLogistics web server.

The first code block I tried was your first suggestion, modified only to swap in the correct address for the Login page:

    <?php
    $source = file_get_contents('http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession');
    // do things to the source with string manipulation here
    $source = str_replace('/fmi/iwp/cgi?-getstrings', '/fmi/iwp/res/jpn/strings.js', $source);
    header('Content-type: text/html; charset=utf-8');
    print $source;
    ?>

When I try to execute the above PHP file from Safari, it displays nothing for about 20 seconds and then I get a 404 Not Found error page.


Next, I added the line in your last post, swapping out example.com for the BASE URL of MacUSA, as follows:

    <?php
    $source = file_get_contents('http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession');
    // do things to the source with string manipulation here
    $source = str_replace('/fmi/iwp/cgi?-getstrings', '/fmi/iwp/res/jpn/strings.js', $source);
    header('Content-type: text/html; charset=utf-8');
    // on another line, before the output, and replace the URL with the correct base
    $source = str_replace('<head>', '<head><base href="http://hartford.macusa.net/">', $source);
    print $source;
    ?>

That takes me to the “You have logged out.” page, which resides at “iwp_home.html”. The remains true even if I try it again adding “/fmi/iwp/” to the end of that base URL. I still get the “You have logged out.” page.

NOTE:

iwp_auth.html is the Login page.

iwp_home.html is the “You have logged off.” page.