supermerc Posted February 23, 2009 Share Posted February 23, 2009 Hey im trying to log into a site and retrieve information from a page. Im able to login sucessfully using this code: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'http://quiver.outwar.com/myaccount.php'); curl_setopt ($ch, CURLOPT_POST, 1); curl_setopt ($ch, CURLOPT_POSTFIELDS, 'login_username=username&login_password=password'); curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt'); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); $store = curl_exec ($ch); curl_setopt($ch, CURLOPT_URL, 'http://quiver.outwar.com/crew_vault.php?suid=55726&serverid=6'); $result1 = curl_exec($ch); echo strip_tags($result1); curl_close ($ch); However the page that I want to go to :http://quiver.outwar.com/crew_vault.php?suid=55726&serverid=6 Is protected by a security word, meaning the first time you go to that page in a session it redirects you to a page : http://quiver.outwar.com/security_prompt.php and asks you a question for example mine is: What is your favorite movie? then when you submit it brings you to the page you wanted to go. My question is how would I make cURL get past that page? Quote Link to comment Share on other sites More sharing options...
sloth456 Posted February 23, 2009 Share Posted February 23, 2009 Either find a way to bypass it through a security flaw or start collecting a library of questions to give correct answers to. Fraid that's all I can think of. Or maybe you could get a human to do it for you some how using amazon's mturk function Quote Link to comment Share on other sites More sharing options...
supermerc Posted February 23, 2009 Author Share Posted February 23, 2009 no no the answer is always the same I just dont know how I would use curl to make it enter that word because im not familiar with curl Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted February 23, 2009 Share Posted February 23, 2009 You would need to read the question and submit the answer into the text field. If there is more than one question then you must have the answers ready i.e. store them in an array and get the answer record from the question. Treat cURL as a web browser without a human clicking links or inputting into form fields. However websites will still function as they do in a normal browser, redirecting you if session values aren't set, 404 errors on invalid links, etc. You cannot bypass website security just because you are using cURL. Example using cURL to post into a form where the field names are 'name' & 'answer' <?php $dataArray = array('name' => 'joe', 'answer' => 'slumdog millionaire'); # Convert data array into a query string (ie animal=dog&sport=baseball) foreach($dataArray as $key => $value) { if(strlen(trim($value)) > 0) { $value = is_array($value) ? $value : urlencode($value); $tempString[] = $key . "=" . $value; } else { $tempString[] = $key; } } $queryString = join('&', $tempString); curl_setopt($ch, CURLOPT_POSTFIELDS, $queryString); curl_setopt($ch, CURLOPT_HTTPGET, FALSE); ?> Quote Link to comment Share on other sites More sharing options...
supermerc Posted February 23, 2009 Author Share Posted February 23, 2009 Theres only one question and thats the question, im not trying to bypass it im trying to answer it so i can go to the other link. this is the form values and stuff <form method="post" action="security_prompt.php"> <input type="hidden" name="prompt_number" value="12" /> What is your favorite movie?<br> <input type="password" name="answer" value="" size="20" maxlength="30"> <br /> <input type="submit" value="Continue" name="security_submitted" /> </form> Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted February 23, 2009 Share Posted February 23, 2009 All you need to do then is add the sample code I have given you to submit the following to security_prompt.php prompt_number = 12 answer = security_submitted = Continue so: $dataArray = array('prompt_number' => 12, 'answer' => 'slumdog millionaire', 'security_submitted' => 'Continue'); Read up on using cURL and write yourself a set of functions as you are likely to need POST and GET routines or set various cURL options in the future. Quote Link to comment Share on other sites More sharing options...
supermerc Posted February 23, 2009 Author Share Posted February 23, 2009 It still doesnt get me passed that page, this is my code now <?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'http://quiver.outwar.com/myaccount.php'); curl_setopt ($ch, CURLOPT_POST, 1); curl_setopt ($ch, CURLOPT_POSTFIELDS, 'login_username=username&login_password=password'); curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt'); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); $store = curl_exec ($ch); curl_setopt($ch, CURLOPT_URL, 'http://quiver.outwar.com/security_prompt.php?suid=55726&serverid=6'); $result1 = curl_exec($ch); $dataArray = array('prompt_number' => 12, 'answer' => 'word', 'security_submitted' => 'Continue'); # Convert data array into a query string (ie animal=dog&sport=baseball) foreach($dataArray as $key => $value) { if(strlen(trim($value)) > 0) { $value = is_array($value) ? $value : urlencode($value); $tempString[] = $key . "=" . $value; } else { $tempString[] = $key; } } $queryString = join('&', $tempString); curl_setopt($ch, CURLOPT_POSTFIELDS, $queryString); curl_setopt($ch, CURLOPT_HTTPGET, FALSE); foreach($dataArray as $key => $value) { if(strlen(trim($value)) > 0) { $value = is_array($value) ? $value : urlencode($value); $tempString[] = $key . "=" . $value; } else { $tempString[] = $key; } } $queryString = join('&', $tempString); curl_setopt($ch, CURLOPT_POSTFIELDS, $queryString); curl_setopt($ch, CURLOPT_HTTPGET, FALSE); echo strip_tags($result1); curl_close ($ch); ?> Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted February 23, 2009 Share Posted February 23, 2009 You need to learn cURL properly. Write a function that takes the URL to make the request and any POST data in the form of an array. Each request is made using curl_exec() What you have basically done is logged in using: curl_setopt($ch, CURLOPT_URL, 'http://quiver.outwar.com/myaccount.php'); curl_setopt ($ch, CURLOPT_POST, 1); curl_setopt ($ch, CURLOPT_POSTFIELDS, 'login_username=username&login_password=password'); $result1 = curl_exec($ch); And then pasted my example code in. You must make further requests to the website, so your second request is to security_prompt.php i.e. curl_setopt($ch, CURLOPT_URL, 'http://quiver.outwar.com/security_prompt.php'); // rest of code // execute request $result = curl_exec($ch); Quote Link to comment Share on other sites More sharing options...
supermerc Posted February 23, 2009 Author Share Posted February 23, 2009 Im not too sure what you meant... is this what you meant? <?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'http://quiver.outwar.com/myaccount.php'); curl_setopt ($ch, CURLOPT_POST, 1); curl_setopt ($ch, CURLOPT_POSTFIELDS, 'login_username=username&login_password=pass'); curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt'); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); $result1 = curl_exec ($ch); curl_setopt($ch, CURLOPT_URL, 'http://quiver.outwar.com/security_prompt.php?suid=55726&serverid=6'); $dataArray = array('prompt_number' => '12', 'answer' => 'word', 'security_submitted' => 'Continue'); # Convert data array into a query string (ie animal=dog&sport=baseball) foreach($dataArray as $key => $value) { if(strlen(trim($value)) > 0) { $value = is_array($value) ? $value : urlencode($value); $tempString[] = $key . "=" . $value; } else { $tempString[] = $key; } } $queryString = join('&', $tempString); curl_setopt($ch, CURLOPT_POSTFIELDS, $queryString); curl_setopt($ch, CURLOPT_HTTPGET, FALSE); foreach($dataArray as $key => $value) { if(strlen(trim($value)) > 0) { $value = is_array($value) ? $value : urlencode($value); $tempString[] = $key . "=" . $value; } else { $tempString[] = $key; } } $queryString = join('&', $tempString); curl_setopt($ch, CURLOPT_POSTFIELDS, $queryString); curl_setopt($ch, CURLOPT_HTTPGET, FALSE); $result = curl_exec($ch); echo strip_tags($result); curl_close ($ch); ?> Quote Link to comment Share on other sites More sharing options...
supermerc Posted February 23, 2009 Author Share Posted February 23, 2009 because that doesnt work i tried :S Quote Link to comment Share on other sites More sharing options...
supermerc Posted February 24, 2009 Author Share Posted February 24, 2009 bump? Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted February 24, 2009 Share Posted February 24, 2009 http://www.higherpass.com/php/Tutorials/Using-Curl-To-Query-Remote-Servers/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.