How to Perform HTTP Authentication Using PHP Curl

1. Introduction to php-curl
2. Installation of the php-curl Library in Ubuntu
3. Perform the Basic HTTP Authentication From HTML Form
4. Perform the Basic HTTP Authentication Using cURL

This tutorial demonstrates how to perform HTTP authentication using the PHP cURL in Ubuntu.

Introduction to php-curl

cURL (Client URL) is a command-line utility that sends or receives data and files. It uses the URL syntax and supports protocols like FTP, FTPS, DICT, HTTP, HTTPS, etc.

The cURL library is available in PHP, called php-curl. We can use this library to communicate with servers by sending HTTP requests in PHP.

We can perform various tasks like setting cookies, using proxies, passing data over SSL connections and even authentication using php-curl.

Let’s look at the basic php-curl functions.

1. curl_init() - It initializes a cURL session.

2. curl_close() - It closes a cURL session.

3. curl_setopt(handle, option, value) - It sets option for the cURL session. Here, handle is the value returned by curl_init().

   The option parameter can have a wide value of options. You can find the list of options here.

   It is used according to the need. The value parameter has the value for the option.

4. curl_exec() - It executes the predefined cURL session.

Installation of the php-curl Library in Ubuntu

Before performing the authentication, we must verify whether php-curl is installed in our system. We can do it with the following command.

php -m

The command lists the compiled PHP modules. If you can locate curl in the list, it means the php-curl is installed.

You can also verify its installation by checking the output of the phpinfo() function. If installed, a table for curl will appear in the output.

If php-curl is not installed, you can install it via the following command.

sudo apt-get install php-curl

After the installation, open the php.ini file and locate the line below.

;extension=curl

Uncomment the above line as below.

extension=curl

The final step is to restart the server with either of these commands.

sudo systemctl start apache2

sudo /etc/init.d/apache2 start

Perform the Basic HTTP Authentication From HTML Form

First, we will perform a basic authentication using only the HTTP POST method. We will create an HTML login form that accepts username and password.

We will check the user input with a set of predefined login credentials. Next, we will perform the HTTP authentication with cURL methods.

For example, create a directory curl in the /var/www/html and then create a file login.php. In the PHP file, create a login form using HTML.

Write the name attributes as uname and pass for username and password, as shown in the example below.

Code Example:

<form action="login.php" method="post">
  <input type="text" placeholder="Enter Username" name="uname" required><br>
  <input type="password" placeholder="Enter Password" name="pass" required><br>
  <button type="submit" >Login</button>
</form>

Next, open the PHP tag and use the isset() function to check whether the username and password equal user123 and password123. Use the if condition to display the message accordingly, as shown in the example below.

if(isset($_POST['uname'])&& isset($_POST['pass']))
   if($_POST['uname']=='user123' && $_POST['pass']=='password123'){
       echo "login successful";
   }
   else{
       echo "login failed";
   }

Now, open the file from the server and fill out the login credentials as follows.

username=user123
password=password123

Output:

You can check the HTTP request in the Network tab of the Inspect Element option, as shown below.

You can test the authentication by submitting the wrong credentials to the form, displaying the message login failed. The wrong credentials can also be seen from the Request tab, as in the picture above.

Perform the Basic HTTP Authentication Using cURL

We can perform HTTP authentication using the above-listed cURL methods. First, we must create a payload to send the HTTP request to the server.

For example, create a file post.php inside the curl directory. In the PHP file, create an array $data and store the correct login credentials, as shown below.

$data = array(
    "uname" => "user123",
    "pass" => "password123",
    "form" => "submit"
);

Next, create a variable ch to store the cURL session. Assign the function curl_init() with the URL http://localhost/curl/login.php to ch.

After that, use the curl_setopt() function to set the various options for the cURL session. Set the CURLOPT_FOLLOWLOCATION, CURLOPT_POST and CURLOPT_RETURNTRANSFER to TRUE.

Supply the payload $data for the CURLOPT_POSTFIELDS option. For the CURLOPT_COOKIEJAR option, write the cookie filename cookie.txt.

You must create an empty cookie.txt file to store the cookie in the project directory.

1. http://localhost/curl/login.php is the target URL where we send the request with cURL.
2. The option CURLOPT_FOLLOWLOCATION set to TRUE follows any header location that is redirected by Location: header().
3. The option CURLOPT_POST set to TRUE informs the session that it is a POST request to the server.
4. The option CURLOPT_POSTFIELDS defines the payload sent in the request.
5. The option CURLOPT_COOKIEJAR saves the cookies to the file cookie.txt after the cURL session is closed.
6. The option CURLOPT_RETURNTRANSFER set to TRUE returns the response of the curl_exec() instead of direct input.

Finally, write the function curl_exec() with ch as the parameter to execute the cURL session and close the session with curl_close(). At last, display the output curl_exec() function.

Code Example:

$ch = curl_init('http://localhost/curl/login.php');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);

$result = curl_exec($ch);
curl_close($ch);
echo $result;

Then, run the post.php script. The following output is received as the credentials are correct in the payload.

The output will say login failed if we use the wrong credentials.

Thus, this tutorial demonstrated how to perform a basic cURL authentication in PHP.