[SOLVED] How do i automatically log in?

[gumOnShoe]

A website I want to automatically log into (www.newgrounds.com) has these variables: lb_username & lb_userpass. But the form uses onSubmit="AttemptLogin()"

 

I want to log so that I can use cURL to work with forms that can only be accessed when logged in.

 

How do I do this?

 

I've searched the web, but most of what I'm reading either seems not to fit my case or is too specific to help me with this site.

[Psycho]

Well, AttemptLogin() is going to be a JavaScript function. Did you look at the function to see what it does?

[gumOnShoe]

Well, AttemptLogin() is going to be a JavaScript function. Did you look at the function to see what it does?

 

This is essentially all that I have to go on. I don't have access to the server:

 

<form method="post" action="http://www.newgrounds.com/account/" id="loginboxform" onsubmit="AttemptLogin();return(false);">

<ul>
  <li><a href="http://www.newgrounds.com/join">Not a member? SIGN UP!</a></li>

  <li><input type="submit" class="hiddensubmit" value="s" /><a href="http://www.newgrounds.com/join/forgot">Forgot login?</a></li>
</ul>

<p>
  <strong>USERNAME:</strong>
  <input type="text" name="lb_username" id="lb_username" maxlength="20" class="inputfield formtext" />
</p>
<p>

  <strong>PASSWORD:</strong>
  <input type="password" name="lb_userpass" id="lb_userpass" maxlength="10" class="inputfield formtext" />
</p>

<div id="loginbox_button">
  <p class="save">
    <input type="checkbox" name="lb_remember" id="lb_remember" value="on" />
    <a class="textclick" href="javascript:HandleClick('lb_remember');">Save Info!</a>

  </p>
  <span class="btn"><a href="javascript:AttemptLogin();">Jack In! ></a></span>
</div>
<div id="loginbox_animation_login" class="hidecode">
  <p class="save"><strong class="status">Logging in…</strong></p>
</div>

</form>

 

Will I be completely unable to login since I'm not serverside? Is there a way to perhaps make a cookie without using the login?

[MasterACE14]

thats kinda like hacking... and I don't think they would like that.

[gumOnShoe]

thats kinda like hacking... and I don't think they would like that.

 

I'm a moderator on the site, I'm fairly sure it wouldn't be a big deal.

[Jabop]

Try asking one of the admins on that site for some help on that. If they want it to be done, I'm sure they'd lend a hand.

[wildteen88]

The site uses AJAX to perform the login. I'd recommend you to ask to the Admin of the site whether you can use cURL to perform login operations. You can see whats going on by looking at the source code, its all handled by Javascript.

[br0ken]

Well, AttemptLogin() is going to be a JavaScript function. Did you look at the function to see what it does?

 

This is essentially all that I have to go on. I don't have access to the server:

 

Javascript is a client-side language and will be downloaded onto your browser each time you visit the page. Look for a script tag in the HTML header and you should find a link to an external Javascript file.

[gumOnShoe]

Try asking one of the admins on that site for some help on that. If they want it to be done, I'm sure they'd lend a hand.

 

Alright, I'm going to do a bit of a shift in the direction I'm going. The administration of the site is strapped for programmers, so when a user requests help they often don't have time to answer, and they really don't have time for user's pet projects. I've sent a request, but I don't think I'll recieve a response for a couple of weeks.

 

It was suggested that I just try to pass the cookie that I have from already interacting with newgrounds, but I don't know how to do this. I'm assuming that I'm supposed to use cookiejar somehow, but all of the explinations that I've seen fall short of explaining exactly how to use it and provide code samples for a specific issue instead of an explination as to how to use the tool and what the tool does.

 

I know this is possible. If I can get logged in during cURL then I'll be set.

[thatsgreat2345]

All you really need to do is submit a post to the place that the ajax is connecting to and this will set the cookie.

It looks like it is connecting to /ajax/login.php

function AttemptLogin()
{
if(request_in_progress)		// Don't let them kick off simultaneous requests
{
	return;
}

// First check for both fields being filled in
var username_field = document.getElementById(username_fieldname);
var password_field = document.getElementById(password_fieldname);

if(username_field.value == "")
{
	alert("Please enter your Grounds Gold username.");
	username_field.focus();
	return;
}
else if(password_field.value == "")
{
	alert("Please enter your Grounds Gold password.");
	password_field.focus();
	return;
}

// Note that we're doing a request
request_in_progress = true;

// OK, if we're here, we've got a username and a pw
var params = new Array();
params["u"] = username_field.value;
params["p"] = password_field.value;

// See if they want to be remembered
if(document.getElementById(remember_fieldname).checked)
{
	params["r"] = 1;
}

// Swap out our "Login" button to show the "logging in" animation
DoLoginAnimation("login");
DivSwap("loginbox_button", "loginbox_animation_login");

// Now do our HTTP request to see if this guy's valid
var ajax = new AjaxRequest("/ajax/login.php");
ajax.Send(params, HandleLoginResponse, LoginCleanup);
}

[gumOnShoe]

I have an alternate account on the site for extra projects. Its unimportant to me, so for this example I'll share the password that way anyone who is working with me can work along with me. (please don't be a dick with the account)

 

$loginURL = 'http://www.newgrounds.com/ajax/login.php';
$ch = curl_init($loginURL);
curl_setopt ($ch, CURLOPT_POSTFIELDS, "u=whatsinthemiddle&p=p4ssword");
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_exec($ch);

 

The response from just that bit of code is the following: Please be patient!  whatsinthemiddle  0  1

 

So, this idea is clearly working, but I'm missing some steps. Especially since the next movement doesn't register me as logged in:

 

$url = 'www.newgrounds.com/bbs/forum/1';
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_exec($ch);
curl_close($ch);

 

Thanks for the help, I feel like we're almost there

[gumOnShoe]

Also, where did you find that function, I can't seem to find it myself.  :-\

[thatsgreat2345]

Javascript include file, install the web developer extension for firefox and live http headers is a good one too. Try setting the referrer to be coming form new ground.

 

Plus you didn't use a cookie file so the cookies aren't going to set.

[gumOnShoe]

Javascript include file, install the web developer extension for firefox and live http headers is a good one too. Try setting the referrer to be coming form new ground.

 

Plus you didn't use a cookie file so the cookies aren't going to set.

 

Well, i found the other methods that are usually called, which might be part of the problem too:

 

Can you help me with the cookie file, I'm not sure exactly what to do, is it enough to just create one, or do I use cookiejar?

 

Most php tutorials deals with setting cookies, not using them with curl for other sites, so I'm a bit lost. I'll try the referrer bit to see if it helps.

 

function HandleLoginResponse(response)
{
request_in_progress = false;

// Check to see if we need to reload the page or not - currently, only reload for dynamic pages (PHP)
if(IsDynamicPage())
{
	// Let the page refresh take care of changing the loginbox to reflect being logged in
	// Note - refresh it this way, not using .reload(), to get rid of any lingering POST
	window.location.href = window.location.href;

	// Let's return here to keep the "Logging In..." animation running until page refresh occurs
	return;
}
else		// Just swap the loginbox around ourselves and stay right here
{
	// Put their name into the form
	SetLoggedInUsername(response.GetField("username"));

	// Also slap in the # of unread PMs
	SetUnreadPMCount(response.GetField("pm_count"));

	// Clear out the password field - it'll be hidden, but you can't be too safe
	document.getElementById(password_fieldname).value = "";

	// Now swap in the "logged in" div
	DivSwap("loginbox_notloggedin", "loginbox_loggedin");
}

// End our animation and allow the user to interact again
ResetLoginAnimation("login");
}

function LoginCleanup(error_code)
{
// If they're not validated, give them the chance to reset stuff
if((typeof error_code != "undefined") && (error_code == 3))		// Matches up with user.php
{
	if(confirm("If you never received the Newgrounds validation e-mail, or need to change your e-mail address, click \"OK\"."))
	{
		window.location.href = "http://redirect.ngfiles.com/join/resend";
		return;
	}
}

[thatsgreat2345]

set up a file such as cookie.txt on your webserver. CHMOD it so that it has write privileges.

Then use this code before each curl_exec so it knows the file that has cookies.

 

As long as the cookies are set the javascript will use the ajax to check with the PHP to see if you are logged in and it will respond yeah so there is no need to keep looking at the javascript.

$loginURL = 'http://www.newgrounds.com/ajax/login.php';
$ch = curl_init($loginURL);
curl_setopt ($ch, CURLOPT_POSTFIELDS, "u=whatsinthemiddle&p=p4ssword");
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_exec($ch);

$url = 'www.newgrounds.com/bbs/forum/1';
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_exec($ch);
curl_close($ch);

[gumOnShoe]

Most php tutorials deals with setting cookies, not using them with curl for other sites, so I'm a bit lost. I'll try the referrer bit to see if it helps.

 

Adding the referrer resulted in this response:

 

Please be patient!  You're not coming from Newgrounds.com, are you?  0

[gumOnShoe]

Most php tutorials deals with setting cookies, not using them with curl for other sites, so I'm a bit lost. I'll try the referrer bit to see if it helps.

 

Adding the referrer resulted in this response:

 

Please be patient!  You're not coming from Newgrounds.com, are you?  0

 

Alright, the trick was not to use the referal at all, and to start using the cookie jar. I am now free to move about the cabin.

 

Thanks very much

 

If there's karma on this site, I'll give it to you, though I don't think there was.

[thatsgreat2345]

Nope but thanks for the thought lol. No need though just trying to help out.