Php curl базовая авторизация

How to make a PHP curl request with basic authentication

When accessing API request over PHP curl, some routes are authentication required. Also third party API mostly required to authenticate before accepting request. This can be done by Bearer or Basic authentication method.

In this article, we will see how to send PHP curl request on authentication protected url. You need to send user and password data with the request. Below example send the get request which requires basic authentication:

[email protected]'; $password = '123456'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERPWD, $username.':'.$password); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch);

You can also send curl request using Authorization header. Curl CURLOPT_USERPWD option basically send Authorization header with value of username:password in a base64 format. You can do it as below:

[email protected]'; $password = '123456'; $headers = array( 'Authorization: Basic '. base64_encode($username.':'.$password) ); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch);

This way, you can also make curl request over the routes which requires authentication. If you like the article,like our Facebook page and follow us on Twitter.

Источник

PHP: Using cURL with Basic HTTP Authentication.

This is a short PHP tutorial on how to use cURL to make a Basic Access Authentication request. In this post, I will show you how to configure PHP’s cURL functions to access a web resource that is protected by basic HTTP authentication.

401 Unauthorized.

If you send a cURL request to a URL that is protected by HTTP authentication, the response will probably look something like this:

401 Unauthorized: You need a valid user and password to access this content.

The issue here is that the resource is protected and you did not provide a valid username and password. As a result, the server responded with a 401 Unauthorized response.

Using the CURLOPT_USERPWD option.

To solve this, we can use the CURLOPT_USERPWD option. This option allows us to tell cURL what username and password to use while making the request.

An example of it being used:

//The URL of the resource that is protected by Basic HTTP Authentication. $url = 'http://site.com/protected.html'; //Your username. $username = 'myusername'; //Your password. $password = 'mypassword'; //Initiate cURL. $ch = curl_init($url); //Specify the username and password using the CURLOPT_USERPWD option. curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $password); //Tell cURL to return the output as a string instead //of dumping it to the browser. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //Execute the cURL request. $response = curl_exec($ch); //Check for errors. if(curl_errno($ch)) < //If an error occured, throw an Exception. throw new Exception(curl_error($ch)); >//Print out the response. echo $response;

In the example above, we set the username and password using the CURLOPT_USERPWD option. As a result, our cURL client will end up sending the following header:

Authorization: Basic bXl1c2VybmFtZTpteXBhc3N3b3Jk

• In some cases, the resource in question might be expecting a POST request. Therefore, you might need to change the request above from a GET request to a POST request.
• The CURLOPT_USERPWD option sends the username and password combination in a base64 format. This means that a combination of “MyUsername:MyPassword” will become “TXlVc2VybmFtZTpNeVBhc3N3b3Jk”. However, it is important to note that base64 does not make this request any more secure. Therefore, it is advisable that you configure both the cURL client and the server to use SSL. This is to prevent man-in-the-middle attacks.
• Other options may need to be configured depending on your situation. In other words, the code above might not work “straight out of the box”.

Using CURLOPT_HTTPHEADER.

Alternatively, you can use the CURLOPT_HTTPHEADER, which allows you manually create headers. In the example below, we manually set the Content-Type and Authorization headers:

//HTTP username. $username = 'myusername'; //HTTP password. $password = 'mypassword'; //Create the headers array. $headers = array( 'Content-Type: application/json', 'Authorization: Basic '. base64_encode("$username:$password") ); //Set the headers that we want our cURL client to use. curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

The code above should be used in lieu of the CURLOPT_USERPWD option.

Hopefully, you found this guide to be useful!

Источник

How to use Basic Authentication with PHP Curl

In this tutorial we will have a ‘basic’ look at Basic Authentication, and how to use Basic Authentication with PHP Curl.

When sending a request to an API, often it will require some form of Authentication. One of the most common forms of HTTP authentication is Basic Authentication, owing to how easy it is to use and implement.

Note: For this tutorial I am going to assume that you have the PHP Curl extension installed and enabled on your server.

What is Basic Authentication?

Basic authentication is a way for a HTTP user agent to pass a username and password during a request.

To use Basic authentication a client must attach an ‘Authorization’ field to their request. The ‘Authorization’ field contains the word ‘Basic’ followed by a colon seperated, Base64 encoded string containing the username and password.

The basic (decoded) header format is:

Authorization: Basic example_username:example_password

Which becomes (when Base64 encoded):

Authorization: Basic ZXhhbXBsZV91c2VybmFtZTpleGFtcGxlX3Bhc3N3b3Jk

It is worth considering that Basic Authentication has security limitations when compared to something like OAuth because your login credentials are included with each request. Despite this, you will still find fairly wide spread Basic Authentication usage because of how easy it is to implement and manage. For several simple security use-cases, Basic Authentication is a perfectly acceptable solution to use, as long as you are aware that it isn’t completely secure.

Using Basic Authentication with PHP Curl

If you want to make a login call using Basic Authentication via PHP Curl then the snippet below should help you.

$username = 'gav'; $password = 'blog'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://www.gavsblog.com'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_USERPWD, "$username:$password"); $response = curl_exec($ch); curl_close($ch);

After intialising curl, we are using curl_setopt to configure the options. Specifically, we are setting the following:

• ‘CURLOPT_URL’ is used to specify the URL to call. In this example I’ve added a placeholder URL.
• ‘CURLOPT_RETURNTRANSFER’ is being used to set the response to a string value.
• ‘CURLOPT_HTTPAUTH’ specifies the authentication method to use. We are setting this to ‘CURLAUTH_BASIC’, which is default. If this doesn’t work for you, try setting it to ‘CURLAUTH_ANY’ and have the library find the right usage.
• ‘CURLOPT_USERPWD’ sets the username and password for Basic Authentication. This will Base64 encode your string and set the right ‘Authorization’ headers, basically saving you from having to do it yourself.

Note: For a full explanation of the parameters we are using, please refer to the PHP manual for curl_setopt.

Next, we use curl_exec to run curl and save the response to the ‘$response’ variable (remember we are returning the response as a string) and, finally, we close curl.

At this point you can do whatever it is that you wanted to do with the response!

Источник

Sending Curl POST Request with Basic Authentication [PHP Code]

To send a POST request with basic authentication credentials with Curl, you need to use the —user «login: password» command-line option. The user’s credentials are automatically converted by Curl to a Base64 encoded string and passed to the server with an Authorization: Basic [token] header. POST data is passed to Curl with the -d option. In this Curl POST with Basic Authentication header example, we sent a request to the ReqBin echo URL with sample POST data. Click Run to execute the Curl POST Basic Auth example online and see the result. The PHP code was automatically generated for the Curl POST Basic Authentication example.

curl -X POST https://reqbin.com/echo/post/json -H "Content-Type: application/json" -d '' --user "login:password" 

PHP code for Curl POST Basic Authentication Example

This PHP code snippet was generated automatically for the Curl POST Basic Authentication example.

What is Curl?

Curl (stands for Client URL) is popular command-line tool developers use to send requests to the server, upload files, and submit web forms. Curl supports all modern protocols, including HTTP, HTTPS, SFTP, FTP, and has built-in support for SSL, user authentication, and HTTP Cookies. Curl works on Linux, Mac, Windows.

What is HTTP POST?

POST is one of the nine standard methods of the HTTP protocol. The HTTP POST method requests the webserver to receive and process the data contained in the body of the POST message. POST method is often used to submit login or contact forms and upload files and images to the server.

Curl POST Request Syntax

curl -X POST [URL] -H [header] -d [post_data]

• -X, —request: HTTP method to use when communicating with the server
• -H, —header: HTTP headers to send to the server with a POST request
• -d, —data: Data to be sent to the server using a POST request

What is Basic Authentication?

Basic Authentication is a client authentication method built into the HTTP protocol that allows a client to provide a username and password to the server when accessing secure resources over HTTP. When requesting a protected resource, the client sends HTTP requests with an Authorization header that contains the word Basic followed by a space and a base64 encoded username: password string. Basic Authentication is not the most secure method because other protocol sniffers can easily decrypt base64 encoded user credentials. For security reasons, the Basic Authentication method should only be used over secure HTTPS/SSL connections.

How do I post Basic Authentication data using Curl?

To post a Curl request with Basic Authorization credentials, you can use the -u (or —user) command line parameter: —user username: password.

curl --user "login:password" [URL]

Curl automatically converts the provided login: password pair into a Base64-encoded string and adds an appropriate HTTP header to the request:

"Authorization: Basic bG9naW46cGFzc3dvcmQ="

Example of Basic user Authentication using Curl POST request

The general form of a Curl command for making a POST request with Basic Authentication is as follows:

curl -X POST [URL] -H "Content-Type: application/json" -d "" --user "login:password"

• -X: HTTP method to use when communicating with the server.
• -H: HTTP header to send to the server with a POST request.
• -d: Data to be sent to the server using a POST request.
• —user: Provide the username and password that will be used to authenticate the server.

See also

Generate code snippets for PHP and other programming languages

Convert your Curl POST Basic Authentication request to the PHP, JavaScript/AJAX, Node.js, Curl/Bash, Python, Java, C#/.NET code snippets using the PHP code generator.

Источник