RobertoNumber Posted August 9, 2012 Share Posted August 9, 2012 Hello guys, Useually I am able to find a way using curl to login, However this specific site is giving me alot of troubles, In the past I have noticed its sometimes just 1 small mistake with curl, however with this site I just cant login. <?php $url = "www.veevr.com/login/"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_COOKIEFILE, "C:\Program Files\EasyPHP-12.0\www\BOT\cookie.txt"); curl_setopt($ch, CURLOPT_COOKIEJAR, "C:\Program Files\EasyPHP-12.0\www\BOT\cookie.txt"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_exec($ch); $csrfmiddlewaretoken = explode("csrftoken",file_get_contents("C:\Program Files\EasyPHP-12.0\www\BOT\cookie.txt")); $csrfmiddlewaretoken = trim($csrfmiddlewaretoken[1]); //I use the CURL to fetch the url twice, The first time is so that veevr can set a cookie on our system, Which I then grab to use for when we post the username and password. curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_COOKIEJAR, "C:\Program Files\EasyPHP-12.0\www\BOT\cookie.txt"); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "username=RobertoNumber&password=Google88&csrfmiddlewaretoken=" . $csrfmiddlewaretoken); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 1); $result = curl_exec($ch); print_r($result); curl_close($ch); ?> Does anybody here have any experience with CURL and login pages... If so I would really appreciate some help. I have provided a working login to the site http://veevr.com in the script post fields. Edit - Also, You may need to configure the cookie.txt file path to yours. Thanks in advance. Quote Link to comment Share on other sites More sharing options...
MMDE Posted August 9, 2012 Share Posted August 9, 2012 Why are you not sending the useragent data the first time? Also, is there anything in the cookiejar/cookiefile? Quote Link to comment Share on other sites More sharing options...
Christian F. Posted August 9, 2012 Share Posted August 9, 2012 If I were you I'd write a function to do the cURL calls, so that you only have to provide the URL and any potential POST data. Will cut down on the duplicity of your code, and thus improve readability and decrease the chance of bugs. Quote Link to comment Share on other sites More sharing options...
peipst9lker Posted August 9, 2012 Share Posted August 9, 2012 Go and change your password Mr.RobertoNumber Quote Link to comment Share on other sites More sharing options...
MMDE Posted August 9, 2012 Share Posted August 9, 2012 Go and change your password Mr.RobertoNumber You mean he use that password on this site? =P Quote Link to comment Share on other sites More sharing options...
RobertoNumber Posted August 9, 2012 Author Share Posted August 9, 2012 Why are you not sending the useragent data the first time? Also, is there anything in the cookiejar/cookiefile? Yes, The site stores a csrftoken in the cookie file, Which is then grabbed with file_get_contents to supply in the postdata "csrfmiddlewaretoken", Its sent in the login form after username and password. However, the site just will not login. If I were you I'd write a function to do the cURL calls, so that you only have to provide the URL and any potential POST data. Will cut down on the duplicity of your code, and thus improve readability and decrease the chance of bugs. Well, I can create a function for it once I have logged in, For now the main objective is to just get logged in. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted August 9, 2012 Share Posted August 9, 2012 He's not using it on this forum, MMDE, but he was using it on Veevr.com. Quote Link to comment Share on other sites More sharing options...
RobertoNumber Posted August 10, 2012 Author Share Posted August 10, 2012 He's not using it on this forum, MMDE, but he was using it on Veevr.com. Do you guys not read of use common sense? I said first in the title account required inside, and using common sense, I left the account and password in the post fields so that hopefully somebody could help me, without having to waste time signing up to veevr. That way, You can just test the login script with my account set up for this matter... Hopefully somebody is still able to help me with this, As I am still unable to write a working login script. Quote Link to comment Share on other sites More sharing options...
MMDE Posted August 10, 2012 Share Posted August 10, 2012 He's not using it on this forum, MMDE, but he was using it on Veevr.com. Do you guys not read of use common sense? I said first in the title account required inside, and using common sense, I left the account and password in the post fields so that hopefully somebody could help me, without having to waste time signing up to veevr. That way, You can just test the login script with my account set up for this matter... Hopefully somebody is still able to help me with this, As I am still unable to write a working login script. Ok, I will try to give it a whirl. Quote Link to comment Share on other sites More sharing options...
MMDE Posted August 10, 2012 Share Posted August 10, 2012 <?php function get_data($url, $post=''){ $ch = curl_init($url); if(!empty($post)){ curl_setopt($ch,CURLOPT_POST,true); curl_setopt($ch,CURLOPT_POSTFIELDS,$post); curl_setopt($ch,CURLOPT_REFERER,$url); } curl_setopt($ch,CURLOPT_COOKIEJAR,realpath('.').'/cookies.txt'); curl_setopt($ch,CURLOPT_COOKIEFILE,realpath('.').'/cookies.txt'); curl_setopt($ch,CURLOPT_REFERER,$url); curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)'); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,10); curl_setopt($ch,CURLOPT_RETURNTRANSFER,true); curl_setopt($ch,CURLOPT_FOLLOWLOCATION,true); return curl_exec($ch); } $url = 'http://veevr.com/login/'; get_data($url); $csrfmiddlewaretoken = explode('csrftoken',file_get_contents(realpath('.').'/cookies.txt')); $csrfmiddlewaretoken = trim($csrfmiddlewaretoken[1]); $post = 'username=RobertoNumber&password=Google88&remember=on&csrfmiddlewaretoken='.$csrfmiddlewaretoken; echo get_data($url, $post); ?> This worked, though, I haven't tested with your useragent, I just swapped it with mine when I posted this. The main problem was it was very picky with the CURLOPT_REFERER, it HAS TO BE EXACTLY what I set $url to be. oh, and I recommend using Live HTTP headers add-on for firefox, to "sniff" the header data, so you know exactly what it sends and can mime it! Quote Link to comment Share on other sites More sharing options...
Christian F. Posted August 10, 2012 Share Posted August 10, 2012 For future reference, to avoid such misunderstandings again, I recommend leaving a notice inside the post that the account details are for a test account. Too many people here (and on other fora) are indeed stupid enough to post login information to their production systems (or other valuable accounts), and as such put themselves to risk from attackers. Thus we have a conditioned reflex to react as if it was a proper account. As for the "Account required inside", I thought you were referring to the fact that you were trying to log into an external system. Not that the account details you posted was the "required account (inside)". Minor difference, but with a huge impact to the meaning of the sentence. Quote Link to comment Share on other sites More sharing options...
RobertoNumber Posted August 12, 2012 Author Share Posted August 12, 2012 Thanks alot MMDE, That certainly worked, I think the referer is the biggest issue. <?php function get_data($url, $post=''){ $ch = curl_init($url); if(!empty($post)){ curl_setopt($ch,CURLOPT_POST,true); curl_setopt($ch,CURLOPT_POSTFIELDS,$post); curl_setopt($ch,CURLOPT_REFERER,$url); } curl_setopt($ch,CURLOPT_COOKIEJAR,realpath('.').'/cookies.txt'); curl_setopt($ch,CURLOPT_COOKIEFILE,realpath('.').'/cookies.txt'); curl_setopt($ch,CURLOPT_REFERER,$url); curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)'); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,10); curl_setopt($ch,CURLOPT_RETURNTRANSFER,true); curl_setopt($ch,CURLOPT_FOLLOWLOCATION,true); return curl_exec($ch); } $url = 'http://veevr.com/login/'; get_data($url); $csrfmiddlewaretoken = explode('csrftoken',file_get_contents(realpath('.').'/cookies.txt')); $csrfmiddlewaretoken = trim($csrfmiddlewaretoken[1]); $post = 'username=RobertoNumber&password=Google88&remember=on&csrfmiddlewaretoken='.$csrfmiddlewaretoken; echo get_data($url, $post); ?> This worked, though, I haven't tested with your useragent, I just swapped it with mine when I posted this. The main problem was it was very picky with the CURLOPT_REFERER, it HAS TO BE EXACTLY what I set $url to be. oh, and I recommend using Live HTTP headers add-on for firefox, to "sniff" the header data, so you know exactly what it sends and can mime it! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.