Problems with username or pass with colon when setting CURLOPT_USERPWD

Question

We are trying to use curl in PHP5 to login to a website using basic authentication.

Partial code is like this:

<?
...
$uname = "username";
$pass = "p:assword";

curl_setopt($ch,CURLOPT_USERPWD,"$uname:$pass"); 
...
?>

but it seems the colon in our password is causing trouble.

We are unable to change the password for our production site, but we confirmed the code works fine on another site where an alphanumeric username and password is used.

Is there a way to escape the colon in the password so curl still works? We tried "p\:assword" with no luck.

Thanks.

Answer 1

so it turns out that it wasn't a problem with the colon.... it was a problem with the authentication scheme.

at first we were using:

curl_setopt($curl_conn, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); 

and changing to:

curl_setopt($curl_conn, CURLOPT_HTTPAUTH, CURLAUTH_ANY);

fixed the problem.

Our test against another server had its flaws - the server that worked was running IIS on windows, the production server we were having problems with was running apache on linux.

So i repeat: there are apparently no issues with using usernames or passwords that contain colons with curl. this explains why there would be no documentation of this problem.

sorry for jumping to conclusions, and thanks for the help.

Answer 2

I looked up the implementation of extraction of CURLOPT_USERPWD in curl code, This is how its done There is a forward searh on the username-passwd string, looking for the ":" character. And then username and passwd are extracted (the string before : is username and the string after : is passwd)

So, as you would have guessed, if the username string contains a : character, all this will fail. However as the chances of the : character being as part of username are considerably less, this is not reported as a bug.

thanks