Jump to content

cURL with PHP lookback

jmwalloh

By jmwalloh
in PHP Coding Help

 Share

Recommended Posts

jazzman1 Member

jazzman1

Posted
Posted

You also need to send the specified data in a POST request to the HTTP server, in the same way that a browser does when a user has filled in an HTML form and presses the submit button. Can you show us your current curl script?

Link to comment
Share on other sites
jmwalloh Newbie

jmwalloh

Posted
  • Author
Posted

You also need to send the specified data in a POST request to the HTTP server, in the same way that a browser does when a user has filled in an HTML form and presses the submit button. Can you show us your current curl script?

Hi, that i have done but the challenge is to get the scritp name that handle this form and whether the username and password when being sent, what are the exact name tied to them e.g "username or uname or user" as well as the password that is sent whether "password or pass or pword" etc as they form the query string to the server.

Link to comment
Share on other sites
jazzman1 Member

jazzman1

Posted
Posted

There is a wonderful ad-ons for firefox, it's called - Life HTTP Headers, which, you can use to get a form login credential. So, I made a fake request to this site and this is what I get:

 

 

https://www.23andme.com/user/signin/
POST /user/signin/ HTTP/1.1
Host: www.23andme.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Referer: https://www.23andme.com/user/signin/
Cookie: vs=251a25c3e3682b78605fbed2456d57921555d7bd|622c4ef2dfca44189a69fad19dcb628e; ab="RqWvqdnJfAdafLHHoryy-YBGqPI93jt6qpECzyuZAoA="; uuid=5dfe2db79c7a51ce630f44f18f4a0f8a86564a09|1f7fbdbe3e8a4adea186cca31c06c656; NSC_xxx-wjq-ttm-gps-dtx=ffffffff09090e0345525d5f4f58455e445a4a42378b; optly_new=true; optly_new_session=true; optimizelySegments=%7B%22288246438%22%3A%22none%22%2C%22172166249%22%3A%22direct%22%2C%22172196495%22%3A%22ff%22%2C%22566394325%22%3A%22true%22%2C%22172021755%22%3A%22false%22%7D; optimizelyEndUserId=oeu1402226740580r0.45816714093541944; optimizelyBuckets=%7B%221118350307%22%3A%221194051135%22%7D; __utma=172634208.740909486.1402226741.1402226741.1402226741.1; __utmb=172634208.7.10.1402226741; __utmc=172634208; __utmz=172634208.1402226741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); cvo_sid1=N5JJATSNEUBK
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 286
username=jazzman&password=password&redirect=&source_flow=&__source_node__=start&__context__=IhEcX2ivtGzK30cuk0eODNsNcX7FHNZJWPaEIYtdQT12OIx41EALfWWl4eTEIKDMJ-tQ9LhFIui8U0dpV0sBIipLq5jLnCJmworArmgt_QkbbfLczY_T8_6WR7-B4QxZRn8zxfTWKKvZI8nyQaVHmA%3D%3D&__form__=login&redirect=&button=Log+In

 

The first line is the action of the login form, the last one is the login credentials and you need to send this data in exactly same way as the browser does.

Link to comment
Share on other sites
jmwalloh Newbie

jmwalloh

Posted
  • Author
Posted

There is a wonderful ad-ons for firefox, it's called - Life HTTP Headers, which, you can use to get a form login credential. So, I made a fake request to this site and this is what I get:

 

 

The first line is the action of the login form, the last one is the login credentials and you need to send this data in exactly same way as the browser does.

Hi jazzman, so if i were to include this suggestion on my cURL script below, will this work out

 

<?php

error_reporting(E_ALL);

 

$username = 'myusername';

$password = 'mypassword';

$loginUrl = 'https://www.23andme.com/user/signin/';

 

//init curl

$ch = curl_init();

 

//Set the URL to work with

curl_setopt($ch, CURLOPT_URL, $loginUrl);

 

// ENABLE HTTP POST

curl_setopt($ch, CURLOPT_POST, 1);

 

//Set the post parameters

curl_setopt($ch, CURLOPT_POSTFIELDS, 'username='.$username.'&password='.$password.'&redirect=&source_flow=&__source_node__=start&__context__=IhEcX2ivtGzK30cuk0eODNsNcX7FHNZJWPaEIYtdQT12OIx41EALfWWl4eTEIKDMJ-tQ9LhFIui8U0dpV0sBIipLq5jLnCJmworArmgt_QkbbfLczY_T8_6WR7-B4QxZRn8zxfTWKKvZI8nyQaVHmA%3D%3D&__form__=login&redirect=&button=Log+In');

 

//Handle cookies for the login

curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$store = curl_exec($ch);

if($store !=true){

    die('Error: "' . curl_error($ch) . '" - Code: ' . curl_errno($ch));

}else{

//the login is now done and you can continue to get the protected content.

 

//set the URL to the protected file

curl_setopt($ch, CURLOPT_URL, 'https://www.23andme.com/you/download');

 

//execute the request

$content = curl_exec($ch);

echo $content;

 

}

//if($store == true){

    //echo "Login success";

    

    //the login is now done and you can continue to get the

//protected content.

 

//set the URL to the protected file

//curl_setopt($ch, CURLOPT_URL, 'http://www.example.com/protected/download.zip');

 

//execute the request

//$content = curl_exec($ch);

 

//save the data to disk

//file_put_contents('~/download.zip', $content);

//}else{

// echo"Login fails......";

// echo "Last known error code: " . curl_errno($ch) . "\n";

// echo "Last known error text: " . curl_error($ch) . "\n";

 

//}

?>

Link to comment
Share on other sites
jazzman1 Member

jazzman1

Posted
Posted (edited)

Please, use the forum's code tags when providing code next time! Did you test it? Try my script it would be something like this,

$data = array('username'=>'user',
'password'=>'pass',
'redirect'=>'',
'source_flow'=>'',
'__source_node__'=>'start',
'__context__'=>'IhEcX2ivtGzK30cuk0eODNsNcX7FHNZJWPaEIYtdQT12OIx41EALfWWl4eTEIKDMJ-tQ9LhFIui8U0dpV0sBIipLq5jLnCJmworArmgt_QkbbfLczY_T8_6WR7-B4QxZRn8zxfTWKKvZI8nyQaVHmA%3D%3D',
'__form__'=>'login',
'redirect'=>'',
'button'=>'Log%20In');

$curl_cookie = "cookies.txt";

$fp = fopen("example_homepage.txt", "w");

// create a new cURL resource
$ch = curl_init();

// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, 'https://www.23andme.com/user/signin/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, FALSE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, $curl_cookie); // Read cookie file
curl_setopt($ch, CURLOPT_COOKIEJAR,  $curl_cookie); // Write cookie file
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_FILE, $fp);
// grab URL and pass it to the browser
$output = curl_exec($ch);

$info = curl_getinfo($ch);

curl_close($ch);

fclose($fp);

Double check the login credentials. If everything is fine with the server permissions, you would be able to find the content of the requested, then redirected form page inside example_homepage.txt file. 

Edited by jazzman1
Link to comment
Share on other sites
jazzman1 Member

jazzman1

Posted
Posted (edited)

Sorry, i forgot to put an ampersand (&) in front of every html form field name in array data. When I run the login test I got a html error page. Next script works for me:

$data = array(
'username'=>'email%40gmail.com',
'&password'=>'pass',
'&redirect'=>'',
'&source_flow'=>'',
'&__source_node__'=>'start',
'&__context__'=>'dG7hxHue89rxYi1En6avVefzAKAQDAVFfmXJ0fbZP8OrIAoW22b9ImZz6j_j5B-7KAUc7ijL7dwkY-tsC9U1aUpQfCATLtAvxcSsb6FPTFwZkB2_ATGv7uZO6s5l8QF-KrnFfkcX3qB5OvsjnbhMlA%3D%3D',
'&__form__'=>'login',
'&redirect'=>'',
'&button'=>'Log%20In');
 
$curl_cookie = "cookies.txt";
 
//$fp = fopen("example_homepage.txt", "w");
 
// create a new cURL resource
$ch = curl_init();
 
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, 'https://www.23andme.com/user/signin/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, FALSE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, $curl_cookie); // Read cookie file
curl_setopt($ch, CURLOPT_COOKIEJAR, $curl_cookie); // Write cookie file
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
//curl_setopt($ch, CURLOPT_FILE, $fp);
// grab URL and pass it to the browser
$output = curl_exec($ch);
 
$info = curl_getinfo($ch);
 
curl_close($ch);
 
//fclose($fp);

post-124152-0-41528600-1402244775_thumb.png

Edited by jazzman1
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.