I want to login into the McGrawhill website using PHP, then redirect users to their account area. I've created a simple login HTML page for my UI and this is my PHP part:
<?php if(!isset($_POST['loginUserName'],$_POST["loginPassword"],$_POST["force"])||$_POST['loginUserName']==''||$_POST["loginPassword"]=='')
die('{code:"FAIL"}');
if($_POST["force"]=='')
$_POST["force"] = false;
$data_string = "foce=".$_POST["force"]."&loginUserName=".$_POST["loginUserName"]."&loginPassword=".$_POST["loginPassword"];
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,"http://connected.mcgraw-hill.com/connected/login.do");
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS,$data_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
die($result);
?>
When I send the parameters to the website, it gives me two JSON-encoded parameters, first: status of the login, second one is the uri of where the users should go if their login was successful. It works correctly when I send the user/pass and I can get the redirect uri, but when I want to redirect users, it forwards me to first McGrawhill login page while i want to login into the user account area. Can anybody help me ?
When you log in, the remote server sends you a session cookie that you should reuse in order to access the private pages that need the user to log in. When someone using a browser logs in, this works fine, the session cookie gets set and is then reused to access those private pages.
However, when you use your PHP script to log in, it's actually your PHP script that gets the session cookie (and not the users of the script), which means that if you redirect your users to the private pages, it won't work because they don't have their session cookie.
I don't think there is a way to set their session cookie from the PHP script, so your idea won't work.