PHP CURL Proxy question


#1

Is there any way I can use curl through a proxy without specifying my username and password in the actual script?

My code is as follows:

$URL ='http://www.asx.com.au/asx/markets/EquitySearchResults.jsp?method=get&template=F1001&ASXCodes=BHP%20NAB%20CBA'; 
//Initialize the Curl session
$ch = curl_init();
//Set curl to return the data instead of printing it to the browser.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_PROXY, "xxxxxx.xx.xxx.xxx.xx");
curl_setopt($ch, CURLOPT_PROXYPORT, 8080);
curl_setopt ($ch, CURLOPT_PROXYUSERPWD, "user:pass");
//Set the URL
curl_setopt($ch, CURLOPT_URL, $URL);
//Execute the fetch
$data = curl_exec($ch) or die(curl_error($ch));
//Close the connection
curl_close($ch);
print $data;

which works fine, but when i remove the username and password I get an Access denied due to authentication failure. even though I have the proxy setup in .curlrc with the appropriate details.

Not: I know the proxy is set properly in .curlrc because I can type:
curl http://www.whateversite.com in the commandline
and it works fine

Thanks in advance


#2

If you’re going to use it command-line, wouldn’t it be safer to just prompt for the username and password? Keep in mind that security and userfriendliness don’t mix very well. Apart from that, you could put your credentials in an external file, which would be included in your curl app.


#3

Zyppora, thanks for the reply. I’m not going to use it from command-line, its going to be accessed through the web browser (I put the stuff about the command line in to illustrate that I had correctly set the proxy in the .curlrc file)

what I want to know is can I authenticate myself, without having the username and password in the script,

as in without curl_setopt ($ch, CURLOPT_PROXYUSERPWD, "user:pass");

so that if someone get access to the source of my script they cant see my password?


#4

You could try using HTTP Authentication, but if that’s not working, you could make a login page and set it with cookies. I guess the closest thing you’ll get to not having your password directly in your script, and still not having to provide them on each time you use your script, is to put them in a separate file and have them included (make sure the separate file won’t get ripped :wink: Other than that, I’ve heard about setting PHP variables, but I’m not sure how they work.