Hi everybody ! I have this current problem .. I need to login into a website via cUrl .. website : www.v-tac [dot] ro/ Now based on the headers and based on the input fields I wrote a php function, but I hit a wall with the token . HEADERS :
username=username&password=password&Submit=Conectare&option=com_users&task=user.login&return=aW5kZXgucGhwP0l0ZW1pZD0yMTY%3D&0dbf64fe20e2395a7d72ed5b64b3cf7c=1
FORM FIELDS - copy paste - this is the login form
<fieldset class="userdata">
<p id="form-login-username">
<label for="modlgn-username">Nume Utilizator</label>
<input id="modlgn-username" type="text" name="username" class="inputbox" size="18">
</p>
<p id="form-login-password">
<label for="modlgn-passwd">Parola</label>
<input id="modlgn-passwd" type="password" name="password" class="inputbox" size="18">
</p>
<p id="form-login-remember">
<label for="modlgn-remember">Retine utilizator</label>
<input id="modlgn-remember" type="checkbox" name="remember" class="inputbox" value="yes">
</p>
<input type="submit" name="Submit" class="button" value="Conectare">
<input type="hidden" name="option" value="com_users">
<input type="hidden" name="task" value="user.login">
<input type="hidden" name="return" value="aW5kZXgucGhwP0l0ZW1pZD0yMTY=">
<input type="hidden" name="11b09608b3184e6258012d44846c81ed" value="1">
</fieldset>
And this is the function I wrote to do the cUrl login :
function login_to_website($targetURL){
global $browser_user_agent;
if(empty($targetURL)) { return; }
if(empty($login_url)) { $login_url = $targetURL; }
$url = $login_url;
$login_user = "loginusername";
$login_password = "loginpassword";
$thetoken = "this-is-my-problem-the-token-from-the-hidden-input";
$post_data = array();
$post_data['username'] = "$login_user";
$post_data['password'] = "$login_password";
$post_data['Submit'] = "Conectare";
$post_data['option'] = "com_users";
$post_data['task'] = "user.login";
$post_data['return'] = "aW5kZXgucGhwP0l0ZW1pZD0yMTY%3D";
$post_data[$thetoken] = "1";
$postthis = http_build_query($post_data);
$login = curl_init();
curl_setopt($login, CURLOPT_COOKIEJAR, dirname(__FILE__) . "/cookie.tmpz");
curl_setopt($login, CURLOPT_COOKIEFILE, dirname(__FILE__) . "/cookie.tmpz");
curl_setopt($login, CURLOPT_VERBOSE, true);
curl_setopt($login, CURLOPT_URL, $url);
curl_setopt($login, CURLOPT_USERAGENT, random_user_agent());
curl_setopt($login, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($login, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($login, CURLOPT_POST, TRUE);
$timeout = 5;
curl_setopt( $login, CURLOPT_CONNECTTIMEOUT, $timeout );
curl_setopt( $login, CURLOPT_TIMEOUT, $timeout );
curl_setopt( $login, CURLOPT_MAXREDIRS, 10 );
curl_setopt($login, CURLOPT_POSTFIELDS, $postthis); // POST vars
curl_setopt($login, CURLOPT_HEADER, 0); // debug headers sent - 1
$data = curl_exec ($login);
curl_setopt($login, CURLOPT_URL, $targetURL);
$datax = curl_exec ($login);
return $datax;
// close cURL resource, and free up system resources
curl_close($login);
}
The problem is this the last array input.
the token is generated each time the page is loaded, located on the page as an input hidden field . So the question is how do I get a fresh token that will work ? Also I have tried to get the token with a xpath extract like this :
$htmlx = file_get_contents('http://www.v-tac.ro');
$htmlx = mb_convert_encoding($htmlx, 'UTF-8', mb_detect_encoding($htmlx)); //make sure this is utf8
if(!strlen($htmlx)) {echo "No HTML here . stoping execution ."; return;}
$doc = new DomDocument;
@$doc->loadHTML($htmlx);
$xpath = new DOMXPath($doc);
echo $xpath->query('//fieldset[@class="userdata"]/input[5]')->item(0)->getAttribute("name");
$thetoken = $xpath->query('//fieldset[@class="userdata"]/input[5]')->item(0)->getAttribute("name");
Help !?