cUrl login - token problem

[hanisnl]

Hi everybody !

I have this current problem .. I need to login into a website via cUrl .. website : www.v-tac [dot] ro/

Now based on the headers and based on the input fields I wrote a php function, but I hit a wall with the token .

HEADERS :

username=username&password=password&Submit=Conectare&option=com_users&task=user.login&return=aW5kZXgucGhwP0l0ZW1pZD0yMTY%3D&0dbf64fe20e2395a7d72ed5b64b3cf7c=1

FORM FIELDS - copy paste - this is the login form

<fieldset class="userdata">
    
<p id="form-login-username">
        <label for="modlgn-username">Nume Utilizator</label>
        <input id="modlgn-username" type="text" name="username" class="inputbox" size="18">
    </p>
    <p id="form-login-password">
        <label for="modlgn-passwd">Parola</label>
        <input id="modlgn-passwd" type="password" name="password" class="inputbox" size="18">
    </p>
        <p id="form-login-remember">
        <label for="modlgn-remember">Retine utilizator</label>
        <input id="modlgn-remember" type="checkbox" name="remember" class="inputbox" value="yes">
    </p>
    
    <input type="submit" name="Submit" class="button" value="Conectare">
    <input type="hidden" name="option" value="com_users">
    <input type="hidden" name="task" value="user.login">
    <input type="hidden" name="return" value="aW5kZXgucGhwP0l0ZW1pZD0yMTY=">
    <input type="hidden" name="11b09608b3184e6258012d44846c81ed" value="1">    

</fieldset>

And this is the function I wrote to do the cUrl login :

function login_to_website($targetURL){ 

    global $browser_user_agent; 
    if(empty($targetURL)) { return; } 
    if(empty($login_url)) { $login_url = $targetURL; } 
    $url = $login_url; 

    $login_user     = "loginusername"; 
    $login_password = "loginpassword"; 
    $thetoken       = "this-is-my-problem-the-token-from-the-hidden-input";         

    $post_data = array();    
    $post_data['username']  = "$login_user";  
    $post_data['password']  = "$login_password";  
    $post_data['Submit']    = "Conectare"; 
    $post_data['option']    = "com_users"; 
    $post_data['task']      = "user.login"; 
    $post_data['return']    = "aW5kZXgucGhwP0l0ZW1pZD0yMTY%3D"; 
    $post_data[$thetoken]   = "1";           

    $postthis = http_build_query($post_data); 

    $login = curl_init(); 

    curl_setopt($login, CURLOPT_COOKIEJAR, dirname(__FILE__) . "/cookie.tmpz"); 
    curl_setopt($login, CURLOPT_COOKIEFILE, dirname(__FILE__) . "/cookie.tmpz"); 
    curl_setopt($login, CURLOPT_VERBOSE, true); 
    curl_setopt($login, CURLOPT_URL, $url); 
    curl_setopt($login, CURLOPT_USERAGENT, random_user_agent()); 
    curl_setopt($login, CURLOPT_FOLLOWLOCATION, TRUE); 
    curl_setopt($login, CURLOPT_RETURNTRANSFER, TRUE);   
    curl_setopt($login, CURLOPT_POST, TRUE); 
    $timeout = 5; 
    curl_setopt( $login, CURLOPT_CONNECTTIMEOUT, $timeout ); 
    curl_setopt( $login, CURLOPT_TIMEOUT, $timeout ); 
    curl_setopt( $login, CURLOPT_MAXREDIRS, 10 );    

    curl_setopt($login, CURLOPT_POSTFIELDS, $postthis); // POST vars 

    curl_setopt($login, CURLOPT_HEADER, 0); // debug headers sent - 1 

      $data = curl_exec ($login); 

      curl_setopt($login, CURLOPT_URL, $targetURL); 

      $datax = curl_exec ($login); 
      return $datax; 

      // close cURL resource, and free up system resources 
      curl_close($login); 
}  

The problem is this the last array input.

the token is generated each time the page is loaded, located on the page as an input hidden field .

So the question is how do I get a fresh token that will work ?

Also I have tried to get the token with a xpath extract like this :

    $htmlx = file_get_contents('http://www.v-tac.ro'); 
    $htmlx = mb_convert_encoding($htmlx, 'UTF-8', mb_detect_encoding($htmlx)); //make sure this is utf8 
    if(!strlen($htmlx)) {echo "No HTML here . stoping execution ."; return;} 
    $doc = new DomDocument; 
    @$doc->loadHTML($htmlx); 
    $xpath = new DOMXPath($doc); 

    echo $xpath->query('//fieldset[@class="userdata"]/input[5]')->item(0)->getAttribute("name"); 
    $thetoken = $xpath->query('//fieldset[@class="userdata"]/input[5]')->item(0)->getAttribute("name");  

Help !?

[jazzman1]

I can't open the url. what do you want to fetch from there? The token is normal to be generated each time when the page is requested, that's the purpose of it..

 

Edit: Take a look at my reply #12, you have a similar issue I think.

Edited September 29, 2014 by jazzman1

[hanisnl]

the url works fine ... I must scrape the product info, and without a logged in user,i can not get the price and some more details .
there must be a way to do this ... or not ? I don't like to get stuck on something that seems really simple ... and thanks for the link, but it did not help much .

[jazzman1]

when you make a request to the page every time you get dynamically the value and name of those 2 input fields:

<input type="hidden" value="aW5kZXgucGhwP0l0ZW1pZD0yMTY=" name="return">
<input type="hidden" value="1" name="1555e5a1f4e76fd4029da142aee42022">

then your login credential would be similar like :

username=jazz&password=password&Submit=Conectare&option=com_users&task=user.login&return=aW5kZXgucGhwP0l0ZW1pZD0yMTY%3D&1555e5a1f4e76fd4029da142aee42022=1

in case like this that you don't know which exactly return:value/name would be attached to the login form, download the page using cookies, grab those value/name using regular expression ( they follow the same pattern every time) and attach them to your login credentials dynamically. I'll try to show you an example latter. 

Edited September 30, 2014 by jazzman1

[hanisnl]

SOLVED ! 

 

Never ever mix file_get_contents and cUrl ... must use curl in all instances and it works great .. 

 

thanks anyway !

[jazzman1]

I am glad to see that you got it sorted out. How about to share the solution helping someone with the same issue?