0

I am trying to login a user and save the session to a cookie file using the following PHP curl request:

curl -c cookie-jar.txt -v --header "X-CSRF-Token: unsafe" --data "xs-username={{USER}}&xs-password={{PASS}}" "https://.../login.func"

And in PHP have the following code:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://.../login.func');
curl_setopt($ch, CURLOPT_USERAGENT,'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, "username={{USER}}&password={{PASS}}");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies/cookie-jar.txt'); 
curl_setopt($ch, CURLOPT_COOKIEFILE,'cookies/cookie-jar.txt'); 
$headers[] = 'X-CSRF-Token:' .  'unsafe';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$answer = curl_exec($ch);
if (curl_error($ch)) {
    echo curl_error($ch);
}

However when executing this I get the error:

Request execution failed due to missing or invalid XSRF token. How can I modify my curl request params to add this?

Jebathon
  • 4,310
  • 14
  • 57
  • 108
  • 1
    Are you trying to highjack some login form? The xsrf token is designed to prevent requests like this. – Jerodev Feb 16 '17 at 16:09
  • @Jerodev I am trying to login a user through a Hana SAP form via PHP Curl and save the user session to a cookie file – Jebathon Feb 16 '17 at 16:11
  • Not sure if just editing mistake but you are missing a close tag on this line `curl_setopt($ch, CURLOPT_URL, 'https://.../login.func);` – Kaboom Feb 16 '17 at 16:12
  • @Kaboom Fixed. I changed the URL from the real code so it was an editing mistake. Sorry – Jebathon Feb 16 '17 at 16:13

0 Answers0