0

I implemented the following code for automatic login and set session using cURL. It will not authenticate. Please explain to me how Laravel authentication using PHP cURL works.

$url = 'http://localhost/site/login'; (Laravel Login URl)

$username = 'xxx@xxx.com';  

$password = 'password'; 

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");

curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);

$output = curl_exec($ch);

$info = curl_getinfo($ch);

curl_close($ch);

I am getting the

419 Sorry, your session has expired

How do I pass Laravel CSRF token using cURL in same domain between core PHP and Laravel?

Myl Swamy Mca
  • 115
  • 1
  • 2
  • 9
  • It depends on how you've got authentication set up, but HTTP Basic Authentication is *unusual* for a Laravel install. You'd typically do this with a form POST and storing the cookies for subsequent requests. – ceejayoz Mar 12 '19 at 13:29
  • Possible duplicate of [Login to remote site with PHP cURL](https://stackoverflow.com/questions/3008817/login-to-remote-site-with-php-curl) – ceejayoz Mar 12 '19 at 13:30

1 Answers1

3

Laravel 5 with cURL :

Use '_token' => csrf_token() for laravel CSRF

Also you can disable the csrf validation on specific route to app/Http/Middleware/VerifyCsrfToken.php class 

    protected $except = [
        'custom/login'
    ];

Outside Laravel APP : 

    $attr = [
       'username' => $username,
       'password' => $pass
    ];
    $curl = curl_init();
    // Set some options - we are passing in a useragent too here
    curl_setopt_array($curl, [
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_URL => 'http://testcURL.com/custom/login',
        CURLOPT_USERAGENT => 'login',
        CURLOPT_POST => 1,
        CURLOPT_POSTFIELDS => $attr
    ]);
    $resp = curl_exec($curl);
    curl_close($curl);
Rashedul Islam Sagor
  • 1,943
  • 14
  • 20
  • The File is out side of laravel application . How can i use the `csrf_token()` token in the CURL. Because csrf_token() is Laravel helper function. – Myl Swamy Mca Mar 13 '19 at 04:06
  • Also you can disable the csrf validation on laravel app specific route to app/Http/Middleware/VerifyCsrfToken.php class – Rashedul Islam Sagor Mar 13 '19 at 04:06
  • How can i use with out disabling csrf_token() and i want to retrieve laravel session out side of the application in same domain – Myl Swamy Mca Mar 13 '19 at 04:09