The following code looks simple enough and runs for anyone setting up their own domains:

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_COOKIEJAR, $cookiefile);
curl_setopt($curl, CURLOPT_COOKIEFILE, $cookiefile);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$data = curl_exec($curl);

Unfortunately, when you run that code on a shared server using Plesk, cPanel or anything else that tries to tighten security you get the following error:

Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set.

Which isn't a warning really, as it disables the "curl -L" function, which means "follow location" so that, just like your browser, redirects are automatically followed and cookies processed until you get to the final destination URL.

Someone posted a halfhearted effort on php.net at a replacement for curl_exec() that follows the redirects called curl_redir_exec() which still doesn't handle cookies properly.

Someone else posted another kludge read_header($ch, $string) to keep track of location redirects and cookies by adding an override curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');

So now I'm sitting here with a smouldering pile of non-functional dung written in PHP's curl functions that I could easily override just by shelling out to the actual CURL command. If it wasn't for the vague security warning about curl downloading a file using the "curl -L" and not honoring the open_basedir, meaning it could theoretically write wherever it pleased, then I would've just used the system() command and do whatever the heck I wanted.

Tell me, does it make any sense that this PHP language will let curl do whatever it wants unless you do it in a shared server environment?

Using CURLOPT_FOLLOWLOCATION is either secure 100% across the board or it isn't, there's no middle ground here.

One software vendor in a support forum simple told a customer with this issue to use the following syntax to mask the warning:

@curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

Mask the warning?

The functionality doesn't exist, it doesn't work, it's more than a warning!

ARG!

Anyway, does anyone happen to know of full implementation of something like curl_redir_exec() that handles cookies properly that will actually follow through those annoying Google logins or those annoying .aspx sites that redirect all over the place while feeding you a trail of cookies a mile long?

Any help here greatly appreciated.

FYI, telling me to hack out a line in the PHP library that stops the problem is unacceptable as this has to be a plug-n-play solution for anyone using a shared server install.