Windows Live cURL Login? Help?

[renrenz]

Hello everyone, I'm new, I used to be at phpbuilder, but nobody there was able to answer this one.

 

There are tasks I do on my windows live account daily that I would like to automate. Normally that would be no problem, but, windows live has some sort of crazy validation process going on. All I want to do is login with cURL, but every time I try something it tells me my username or password is incorrect, when I'm using correct credentials. At this point I don't really know what I'm doing, besides trying to mimic all the post and get fields. Has anyone here ever done this? Below is my testing script. I'd be forever grateful for suggestions or a possible fix. <3

<?php 
$user = $_POST['username'];
$pass = $_POST['password'];

$user = strip_tags($user);
$pass = strip_tags($pass);

$user = trim($user);
$pass = trim($pass);

$pwpad = "IfYouAreReadingThisYouHaveTooMuchFreeTime";
$passlength = strlen($pass);
$pwpad = substr($pwpad, 0, -$passlength);

$ppft = file_get_contents("http://login.live.com/login.srf");
$ppft = explode('name="PPFT" id="i0327" value="',$ppft);
$ppft = explode('"/></form>',$ppft[1]);


$useragent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"; 
$loginURL = "https://login.live.com/ppsecure/post.srf?wa=wsignin1.0&rpsnv=10&ct=1241362924&rver=5.5.4177.0&wp=MBI&wreply=https:%2F%2Flive.xbox.com%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FwwwZ2ExboxZ2EcomZ2FenZ2DUSZ2FdefaultZ2Ehtm&lc=1033&cb=B001033httpZ3AZ2FZ2FwwwZ2ExboxZ2EcomZ2FenZ2DUSZ2FdefaultZ2Ehtm&id=66262&bk=1241362922";

$post = 'PPSX=Passport&PwdPad='.$pwpad.'&type=&login='.$user.'&passwd='.$pass.'&LoginOptions=3&PPFT='.$ppft[1];

$ch = curl_init();
curl_setopt($ch, CURLOPT_POST, 1); 				
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);		
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
curl_setopt($ch, CURLOPT_POSTFIELDS, $post); 
curl_setopt($ch,CURLOPT_REFERER,"http://login.live.com/login.srf");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_URL, $loginURL);
$result = curl_exec($ch);
curl_close($ch);


foreach ($_POST as $key => $value) 
{
echo $key." = ".$value."<br /><br />";
}

echo "pwpad: $pwpad<br />";

echo "Read PPFT = ".$ppft[0]."<br />";

print $result;
?>

[Daniel0]

While I haven't looked very deeply in Live's login form, I know that Yahoo hashes the password when submitting the login form (see: http://www.phpfreaks.com/forums/index.php/topic,249568.msg1169539.html#msg1169539). If you check the form then you'll see that the Javascript function OnSigninSubmit() is called when submitting the form. Maybe they do something similar.

[renrenz]

I should have included this in my original post. I switch the form action (with javascript ) on the live login to my script that prints out everything, these are all the post and get values it creates. Does this help? It's all dynamic.. or at least it appears that way, is there a premade script for this out there that anyone knows of?

 

POST:

PPSX = P

 

PwdPad = IfYouAreReadingThisYouHaveTooMuc

 

type =

 

[i modified the login to protect the account, it was not modified on submit though]

login = jax******[email protected]

 

 

[i modified the password to protect the account, it was not modified on submit though]

passwd = jello******324

 

LoginOptions = 2

 

PPFT = ByuqUjZoUBb4Ds1kFFFSuHxVUHHw9VlgBYJ!0vEPy4HSO94H17vygnp!EiHourZAeK8udU*97EV50mDART5HWOrxs92S7e4cz0wxX1qwkxChwMHgD*58UyoOpiMLm2c5UWYfbbZ*m5NpocjE9LBGyrIrXLTwsRFuWCT7cQxc4gC5xUc5OIbKBlqRHLcK

 

 

 

 

GET:

wa = wsignin1.0

 

rpsnv = 10

 

ct = 1241366070

 

rver = 5.5.4177.0

 

wp = MBI

 

wreply = https://live.xbox.com/xweb/live/passport/setCookies.ashx?rru=httpZ3AZ2FZ2FwwwZ2ExboxZ2EcomZ2FenZ2DUSZ2FdefaultZ2Ehtm

 

lc = 1033

 

cb = B001033httpZ3AZ2FZ2FwwwZ2ExboxZ2EcomZ2FenZ2DUSZ2FdefaultZ2Ehtm

 

id = 66262

 

bk = 1241366068