Okay, so im developing my hosting site more and more and now i want to have a login form which a user can select via a select form if they want to login to cpanel/whm/whmcs (my client system)

well with whmcs the username var is username where as cpanel is user

and obviously the action is differant,

so i want it so it takes the variables and depending on the select, it sends it to which ever action and redirects to it.

does this make sense?

basically i need to know how to (presumably using cURL) to post vars, i can handle the select stuff just this bit i need :S

Thanks,

TP for helpful answers!

You need a switch statement. Say, for example your select menu is called 'place' then, in order for you to do what you'd like, you'd need something a switch statement. Here's what you'd do:

PHP Code:

<?php 
$place=$_POST['place'];
switch($place){
case 'cpanel':
//do the cpanel things here
break;

case 'whm':
//do the whm stuff here
break;

case 'whmcs':
//do that stuff here
break;
}
?>

That's it xD

Im not sure if i explained it badly, but you just answered the exact thing i said i knew... :|

I need to know how to use cURL to post vars.

I google cURL post vars

and the top one might help you.

Heres the link http://www.askapache.com/htaccess/se...-php-curl.html

Okay thanks Simster that helped.. But.

from that code i knocked up this:

PHP Code:

<?php
switch($_POST['type'])
{
case 'cpanel':
$action = 'http://xdnet.co.uk:2082/login/';
$post_vars = 'user='.$_POST['user'].'&pass='.$_POST['pass'].'&login='.$_POST['submit'];  // POST VARIABLES TO BE SENT
break;
case 'whm':
$action = 'http://xdnet.co.uk:2086/login/';
$post_vars = 'user='.$_POST['user'].'&pass='.$_POST['pass'].'&login='.$_POST['submit'];  // POST VARIABLES TO BE SENT
break;
case 'whmcs':
$action = 'http://xdnet.co.uk/clients/dologin.php?goto=clientarea';
$post_vars = 'username='.$_POST['user'].'&password='.$_POST['pass'].'&submit='.$_POST['submit'];  // POST VARIABLES TO BE SENT
break; 
}
 
 // INITIALIZE ALL VARS
 $ch='';
 $Rec_Data='';
 $Temp_Output='';
 
# if($_SERVER['REQUEST_METHOD']==='POST') {  // REQUIRE POST OR DIE
 $ch = curl_init($action);
 curl_setopt($ch, CURLOPT_POST,1);
 curl_setopt($ch, CURLOPT_POSTFIELDS,$post_vars);
 curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1); 
 curl_setopt($ch, CURLOPT_HEADER,0);  // DO NOT RETURN HTTP HEADERS 
 curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);  // RETURN THE CONTENTS OF THE CALL
 $Rec_Data = curl_exec($ch);
 ob_start();
 header("Content-Type: text/html");
 $Temp_Output = ltrim(rtrim(trim(strip_tags(trim(preg_replace ( "/\s\s+/" , " " , html_entity_decode($Rec_Data)))),"\n\t\r\h\v\0 ")), "%20");
 $Temp_Output = ereg_replace (' +', ' ', trim($Temp_Output));
 $Temp_Output = ereg_replace("[\r\t\n]","",$Temp_Output);
 $Temp_Output = substr($Temp_Output,307,200);
 echo $Temp_Output;
 $Final_Out=ob_get_clean();
 echo $Final_Out;  
 curl_close($ch);
#} else die('Hacking attempt Logged!');
 
exit;
?>

but its giving me this error:

Code:

Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set in /home/USER/public_html/login-changer.php on line 31

Warning: Cannot modify header information - headers already sent by (output started at /home/USER/public_html/login-changer.php:31) in /home/USER/public_html/login-changer.php on line 37

How can i over come this?

you can't.
At least,not without an action from your hoster:

Quote:

CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set

Your host has set the safe mode to on, and this restrict what you can do with PHP.

The second error is just a side effect of the first.
As the error is displayed on page, the server headers have been sent, thus you cannot do a header() call.
Put the ob_start() before CURL to avoid this.

Are you sure the CURLOPT_FOLLOWLOCATION is needed ?
It's just a flag that tells CURL to follow the redirect the server might send.

If the target page has no redirect [ header('location:somewhere'); ], then you should be ok even without it.

well it would i think :s because once its sent the details it needs to then go to that action?

or am i wrong :s

I will see what happens without if not will see if can get host to do it :s cant wait to get my hands on a dedicated server without destroying my college fund (even though i wouldnt be allowed to... )

Dan
Dan

okay my host has lifted the open_basedir restriction on my account.

BUT.

the script isnt working properly.

It doesnt seem to login and at most it shows the returned failed login page, and doesnt direct to it..

heres what im working with now:

PHP Code:

<?php
switch($_POST['type'])
{
case 'cpanel':
$action = 'http://xdnet.co.uk:2082/login/';
$post_vars = 'user='.$_POST['user'].'&pass='.$_POST['pass'].'&login='.$_POST['submit'];  // POST VARIABLES TO BE SENT
break;
case 'whm':
$action = 'http://xdnet.co.uk:2086/login/';
$post_vars = 'user='.$_POST['user'].'&pass='.$_POST['pass'].'&login='.$_POST['submit'];  // POST VARIABLES TO BE SENT
break;
case 'whmcs':
$action = 'http://xdnet.co.uk/clients/dologin.php?goto=clientarea';
$post_vars = 'username='.$_POST['user'].'&password='.$_POST['pass'];  // POST VARIABLES TO BE SENT
break; 
}
 
 // INITIALIZE ALL VARS
 $ch='';
 $Rec_Data='';
 $Temp_Output='';
 
 if($_SERVER['REQUEST_METHOD']==='POST') {  // REQUIRE POST OR DIE
 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL, $action);
 curl_setopt($ch, CURLOPT_POST,1);
 curl_setopt($ch, CURLOPT_POSTFIELDS,$post_vars);
 curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1); 
 curl_setopt($ch, CURLOPT_UNRESTRICTED_AUTH, 1); //Continue sending user/paas even when differant domain.
 curl_setopt($ch, CURLOPT_HEADER,0);  // DO NOT RETURN HTTP HEADERS 
 curl_setopt($ch, CURLOPT_RETURNTRANSFER,0);  // RETURN THE CONTENTS OF THE CALL
 $Rec_Data = curl_exec($ch);
 
 curl_close($ch);
} else die('Hacking attempt Logged!');
exit;
?>

help would be greatly apprieciated !

I don't see no reason why it would not work...
If you try to modify your function to have a var_dump of the result, what would it show:

PHP Code:

$Rec_Data = curl_exec($ch);
var_dump($RecData);
die();
curl_close($ch); 


Returns "NULL"

Not sure what that means :s in terms of how it works...

The only anser my host could offer was maybe the scripts required some kind of header to help protect against bruteforce etc...

Does anyone know

Just an idea...
Try to give the url in the curl_init call:

PHP Code:

$ch = curl_init($action); 


The php doc says:

Quote:

Description

resource curl_init ([ string $url ] )
Initializes a new session and return a cURL handle for use with the curl_setopt(), curl_exec(), and curl_close() functions.

Maybe this will help...

it was in it originally, i only added the url setopt to see if it worked the other way

Is there a way to "test" is the login scripts (which im trying tolog into) check for headers to stop curl logins?

How would i add like all the headers IE would do so it appears to come from a browser?

Dan

Okay im bumping this thread in hope someone else can shed some light?...

Please

Dan