Jump to content

Simple Curl Login Doesn't Work


Kurei
 Share

Recommended Posts

Hey PHPFreaks!

 

Im having real trouble with this one..

Im trying to get a simple cURL Login to work, but it just doesn't work with this site, and im clueless to why it wouldn't be able to work

 

This is the actual script in action.

http://eurohandelson...est/curl_login/

 

The current system exists of 3 files, which are all pretty low in lines.. So hopefully it won't be too much work reading it through.

 

The funny thing is following: If i use a simple test.html file on my desktop, copy the form of the website itself. and try to login through the html file: It works. Secondly, when i'd remove the xsfr token input on the HTML file it shows me a "Cannot acces this page at this time" page. But if i remove the xsrf token from the postdata, it doesn't. It just gives me the same kind of page, it does now.

 

Thanks for any help in advance!

 

----------------------------------------------------- INDEX.PHP -----------------------------------------------------------------------------

<?php
error_reporting(E_ALL);
require_once("classes/curl_control.php");
require_once("classes/input_read.php");

function readInputs($source) {

	if(!empty($source)) {
		$inputs_read = new inputRead($source);
		return $inputs_read->inputs;
	}

	return array();
}

function getXSRFToken() {
	global $marktplaats;
	$inputs = readInputs($marktplaats->response);

	return $inputs['nl.marktplaats.xsrf.token'];
}

	$cookie_file = 'cookie_marktplaats';
	$marktplaats = new curl_control('https://vernieuwd.marktplaats.nl/' $cookie_file);

	function login($email, $password, $code_encrypt = '', $code = '') {
		global $marktplaats, $cookie_file;

		$marktplaats->getPage('account/login.html');
		$xsrf_token = getXSRFToken();

		//Truncate cookie
		$trun = fopen($cookie_file, 'w');
		fclose($trun);

		$inputs = readInputs($marktplaats->response);

		$arr = array(
			'j_password'	=> "{$password}",
			'j_username'	=> "{$email}",
			'remember_me'	=> 'true',
			'nl.marktplaats.xsrf.token' => $xsrf_token,
			'target' => 'http://vernieuwd.marktplaats.nl/'
		);

		$marktplaats->getPage('account/securityCheck.html', $arr);

		echo $marktplaats->response;exit;
		return $marktplaats->response;
	}

	$response = login('jesk@home.nl', 'e4heyu');

?>

 

------------------------------------------------------curl_control.php-----------------------------------------------------------------

<?php	
class curl_control {
	public $response;
	private $url;
	public $headers = array();
	private $errno = 0;
	private $error = '';
	private $cookieFile = '';
	private $referer = '';


	public function __construct($url, $cookieFile = '') {
		$this->url = $url;
		$this->cookieFile = $cookieFile;

		$cookieFile = $this->checkCookie();
		return $this;
	}

	private function checkCookie($file = '') {
		$file = (empty($file)) ? $this->cookieFile : $file;

		if(!empty($file)) {
			if(!file_exists($file)) {
				$file = fopen($file, 'w'); //File used to write receiving cookies to.
				fclose($file); //Closing the handle
			}
		}

		return $file;
	}

	public function clearCookie() {
		//Truncating cookiefile
		$file = $this->checkCookie();

		if(!empty($file)) {
			$handle = fopen($file, 'w');
			fclose($handle);

			return true;
		}

		return false;
	}

	private function checkErrors() {
		$error = false;
		if($this->errno > 0) {
			$error = true;
			echo 'Error-No. '.$this->errno.': '.$this->error;
		}

		return $error;
	}

	public function getPage($get = '', $postvars = array(), $cookieFile = '') {
		$cookieFile = $this->checkCookie($cookieFile);

		$curl = curl_init(); //Initializing cURL
		/*Save, and Set receiving cookie*/
		curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); // SOLLTEST DU DEN OUTPUT NICHT BESSER IN EINE VARIABLE UMLEITEN???

		if(!empty($this->referer)) {
			//curl_setopt($curl, CURLOPT_UPLOAD, true);
			curl_setopt($curl, CURLOPT_REFERER, $this->referer);
		}

		$url = $this->url.$get;
		$this->setReferer($url);

		curl_setopt($curl, CURLINFO_HEADER_OUT, true); // WOLLTEST DU NICHT DIE HEADER HABEN???
		curl_setopt($curl, CURLOPT_COOKIEFILE, $cookieFile); //Sets the cookie file that is used
		curl_setopt($curl, CURLOPT_COOKIEJAR, $cookieFile); //Writes the cookiefile, with the cookie header.
		curl_setopt($curl, CURLOPT_URL, $url); //Setting the URL
		curl_setopt($curl, CURLOPT_TIMEOUT, 40); //How long curl functions may execute.
		curl_setopt($curl, CURLOPT_HEADER, false); //Include the header in the response.
		curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); //Follow redirections the page may encounter.
		curl_setopt($curl, CURLOPT_AUTOREFERER, true);
		curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0");
		curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);

		if(count($postvars) > 0){
			//	Post-Options/-Vars
			curl_setopt($curl, CURLOPT_POST, true);
			curl_setopt($curl, CURLOPT_POSTFIELDS, $postvars);
		}

		$this->response = curl_exec($curl);
		$this->errno = curl_errno($curl);
		$this->error = curl_error($curl);

		$this->checkErrors();

		$this->headers = explode("\n", rtrim(curl_getinfo($curl, CURLINFO_HEADER_OUT)));//<<<<<<<	HIER SIND DEINE HEADERS
		curl_close($curl);

		return $this->response;
	}

	public function setReferer($referer) {
		$this->referer = $referer;

		return $this;
	}

	public function clearReferer() {
		$this->referer = '';

		return $this;
	}
}
?>

-----------------------------------------------Dunno if you guys need this / inputs_read.php ------------------------------------------------

<?php	
class inputRead {
	public $inputs = array();

	public function __construct($source) {
		preg_replace_callback('/\<input(.+?)\>/s', array($this, 'getName'), $source);

		return $this;
	}

	private function getInputAttribute($attribute, $tag_content)
	{
		$regex = '/'.$attribute.'\=\"(.+?)\"/';
		preg_match_all($regex, $tag_content, $var, PREG_SET_ORDER);
		if(isset($var[0][1])) {
			return $var[0][1];
		}

		return false;

	}

	public function getName($arr) {
		$input = array();
		if(is_array($arr)) {
			$str = $arr[1];
			$value = $this->getInputAttribute('value', $str);
			$name = $this->getInputAttribute('name', $str);
			$this->inputs[$name] = $value;
		}

		return false;
	}
}
?>

index.php

input_read.php

curl_control.php

Edited by Kurei
Link to comment
Share on other sites

The problem is you are not giving the server what it wants. Different sites use all kinds of strange ways to verify various data, sometimes there are redirects and then there's sessions/cookies etc.

 

I recommend usin Live HTTP headers, an add-on for firefox, to catch all the header data that is sent. You will need to try to replicate it.

 

Send me a test account in PM and I could try to help you later tonight or tomorrow or something like that, but try some on your own first please. :) I recently did tumblr for someone here, and while that was fun, it took a little while.

Edited by MMDE
Link to comment
Share on other sites

Thanks for your reply, MMDE!

 

I tried simulating all the headers that it needs.

Now i do get the "Cannot access this page at this time" response.

This usually happened with the HTML File if the xsrf token, was too old. Or not there(When i removed the input).

 

But i tried doing various things, i thought: Maybe the site checks the order of the POST Values, when it is put all into an Array.

And if this is not a proper order that the site usually expects, that it gives me this error.

 

But it can't be the xsrf_token, since i have really simulated that real time.

Eitherwise, i thought it might have been the alghorithm of times that are between (Minimal) the requests from going to the login page, and clicking the login button.

But this was also not the case.

 

Greetz, :)

 

Edit:

 

These are the updated files:

<?php
   error_reporting(E_ALL);
   require_once("classes/curl_control.php");
   require_once("classes/input_read.php");

   function readInputs($source) {

       if(!empty($source)) {
           $inputs_read = new inputRead($source);
           return $inputs_read->inputs;
       }

       return array();
   }

   function getXSRFToken() {
       global $marktplaats;
       $inputs = readInputs($marktplaats->response);

       return $inputs['nl.marktplaats.xsrf.token'];
   }

       $cookie_file = 'cookie_marktplaats';
       $marktplaats = new curl_control('https://vernieuwd.marktplaats.nl/', $cookie_file);

       function login($email, $password, $code_encrypt = '', $code = '') {
           global $marktplaats, $cookie_file;

           $marktplaats->getPage('account/login.html?target=http://vernieuwd.marktplaats.nl/');
           $xsrf_token = getXSRFToken();

           //Truncate cookie
           $trun = fopen($cookie_file, 'w');
           fclose($trun);

           $inputs = readInputs($marktplaats->response);


           /***REQUEST TO securityCheck.html***/
           $arr = array(
               'target' => urlencode('http://vernieuwd.marktplaats.nl/'),
               'j_username'    =>  urlencode("{$email}"),
               'j_password'    => "{$password}",
               'remember_me'    => 'true',
               'nl.marktplaats.xsrf.token' => $xsrf_token,
           );

           $headers = array(
               'Host: vernieuwd.marktplaats.nl',
               'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0',
               'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
               'Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3',
               'Accept-Encoding: gzip, deflate',
               'Connection: keep-alive',
               'Content-Type: application/x-www-form-urlencoded'
           );
           $marktplaats->setHeaders($headers);
           $marktplaats->getPage('account/securityCheck.html', $arr);
           /***END*******/

           echo $marktplaats->response;exit;
           return $marktplaats->response;
       }

       $response = login('jesk@home.nl', 'e4heyu');

?>

 

AND curl_control.php

 

<?php    
   class curl_control {
       public $response;
       private $url;
       public $headers = array();
       private $errno = 0;
       private $error = '';
       private $cookieFile = '';
       private $referer = '';


       public function __construct($url, $cookieFile = '') {
           $this->url = $url;
           $this->cookieFile = $cookieFile;

           $cookieFile = $this->checkCookie();
           return $this;
       }

       private function checkCookie($file = '') {
           $file = (empty($file)) ? $this->cookieFile : $file;

           if(!empty($file)) {
               if(!file_exists($file)) {
                   $file = fopen($file, 'w'); //File used to write receiving cookies to.
                   fclose($file); //Closing the handle
               }
           }

           return $file;
       }

       public function clearCookie() {
           //Truncating cookiefile
           $file = $this->checkCookie();

           if(!empty($file)) {
               $handle = fopen($file, 'w');
               fclose($handle);

               return true;
           }

           return false;
       }

       private function checkErrors() {
           $error = false;
           if($this->errno > 0) {
               $error = true;
               echo 'Error-No. '.$this->errno.': '.$this->error;
           }

           return $error;
       }

       public function setHeaders($headers) {
           if(is_array($headers)) {
               $this->headers = $headers;
           }

           return $this;
       }

       public function getPage($get = '', $postvars = array(), $cookieFile = '') {
           $cookieFile = $this->checkCookie($cookieFile);

           $curl = curl_init(); //Initializing cURL
           /*Save, and Set receiving cookie*/
           curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); // SOLLTEST DU DEN OUTPUT NICHT BESSER IN EINE VARIABLE UMLEITEN???

           if(!empty($this->referer)) {
               //curl_setopt($curl, CURLOPT_UPLOAD, true);
               curl_setopt($curl, CURLOPT_REFERER, $this->referer);
           }

           $url = $this->url.$get;
           $this->setReferer($url);

           curl_setopt($curl, CURLINFO_HEADER_OUT, true); // WOLLTEST DU NICHT DIE HEADER HABEN???
           curl_setopt($curl, CURLOPT_COOKIEFILE, $cookieFile); //Sets the cookie file that is used
           curl_setopt($curl, CURLOPT_COOKIEJAR, $cookieFile); //Writes the cookiefile, with the cookie header.
           curl_setopt($curl, CURLOPT_URL, $url); //Setting the URL
           curl_setopt($curl, CURLOPT_TIMEOUT, 40); //How long curl functions may execute.
           curl_setopt($curl, CURLOPT_HEADER, false); //Include the header in the response.
           curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); //Follow redirections the page may encounter.
           curl_setopt($curl, CURLOPT_AUTOREFERER, true);
           curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0");
           curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);

           if(count($postvars) > 0){
               //    Post-Options/-Vars
               curl_setopt($curl, CURLOPT_POST, true);
               curl_setopt($curl, CURLOPT_POSTFIELDS, $postvars);
           }

           if(is_array($this->headers) and count($this->headers) > 0) {
               curl_setopt($curl, CURLOPT_HTTPHEADER, $this->headers);
               $this->headers = array();
           }

           $this->response = curl_exec($curl);
           $this->errno = curl_errno($curl);
           $this->error = curl_error($curl);

           $this->checkErrors();

           $this->headers = explode("\n", rtrim(curl_getinfo($curl, CURLINFO_HEADER_OUT)));//<<<<<<<    HIER SIND DEINE HEADERS
           curl_close($curl);

           return $this->response;
       }

       public function setReferer($referer) {
           $this->referer = $referer;

           return $this;
       }

       public function clearReferer() {
           $this->referer = '';

           return $this;
       }
   }
?>

Edited by Kurei
Link to comment
Share on other sites

<?php
function get_data($url, $post=null, $header=false, $cookie=null, $ref=null, $ssl=false){
$ch = curl_init($url);
if($post){
 curl_setopt($ch, CURLOPT_POST, true);
 curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
}
if($cookie) curl_setopt($ch, CURLOPT_COOKIE, $cookie);
if($ref) curl_setopt($ch, CURLOPT_REFERER, $ref);
curl_setopt($ch, CURLOPT_HEADER, $header);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $ssl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
return curl_exec($ch);
}


function add_postfields($data, &$post){
$site = new DOMDocument();
@$site->loadHTML($data);
$inputs = $site->getElementsByTagName('input');
foreach($inputs AS $input){
 if($input->hasAttribute('name')){
  switch($input->getAttributeNode('name')->value){
   case 'nl.marktplaats.xsrf.token':
 $post['nl.marktplaats.xsrf.token'] = $input->getAttributeNode('value')->value;
 return;
  }
 }
}
}


function get_cookies($data){
preg_match_all('|Set-Cookie: (.*);|U', $data, $matches);   
return implode('; ', $matches[1]);
}


function marktplaats($url, $username, $password){
$post = array(
 'j_username' => $username,
 'j_password'  => $password,
 'remember_me' => true
);
$data = get_data('https://vernieuwd.marktplaats.nl/account/login.html', null, true, null, null, false);
add_postfields($data, $post);
$cookies = get_cookies($data);
$cookie = get_cookies(
 get_data(
  'https://vernieuwd.marktplaats.nl/account/securityCheck.html',
  http_build_query($post),
  true,
  $cookies,
  'https://vernieuwd.marktplaats.nl/account/login.html',
  false
 ),
 $post
);
return get_data($url, null, false, $cookie);
}


$url = 'http://vernieuwd.marktplaats.nl/';
$username = 'username';
$password = 'password';
$data = marktplaats($url, $username, $password);
echo $data;
?>

 

If you want the activity to seem a bit more "legit", then you could add:

curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0');

Edited by MMDE
Link to comment
Share on other sites

  • 2 months later...

Dear MMDE,

 

I'm learning php curl and came to this page while I'm also interested in logging in and posting remotely. I'm trying to go to a posting page with JSON (https://www.marktplaats.nl/syi/plaatsAdvertentie.html) after logging in and post an article, but can't get it to work. Tried to grab a page with the same cookie as $cookie in the function marktplaats. Can you help me out with some advice or code?

 

Kind regards,

 

Mart

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.