I found a script and modified it, hoping to returrn the contents of a login page. However, it seems that the page won't let me log in.
using var_dump($_POST); and print_r($_POST); gives me a blank array:
array(0) {
}
Array
(
)
So I don't know how to do it. The website is https://create.kahoot.it/login
This is the code I am running:
<?php
$username = 'USERNAME';
$password = 'PASSWORD';
$loginUrl = 'https://create.kahoot.it/login';
//init curl
$ch = curl_init();
//Set URL
curl_setopt($ch, CURLOPT_URL, $loginUrl);
//HTTPS
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
// ENABLE HTTP POST
curl_setopt($ch, CURLOPT_POST, 1);
//try to echo post variables
var_dump($_POST);
print_r($_POST);
//Set the post parameters
curl_setopt($ch, CURLOPT_POSTFIELDS, 'user='.$username.'&pass='.$password);
//Handle cookies
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
//Setting CURLOPT_RETURNTRANSFER variable to 1 will force cURL
// to return the results as a string return value
//from curl_exec() instead of the usual true/false.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
//login
$store = curl_exec($ch);
//put page details in file
file_put_contents("test.txt",$store);
?>
--EDIT--
response headers + authentication page stuff
by changing the postman from POST to GET it returns {"error":"Authentication failed","exception":"Authentication failed","error_description":"Authentication token of type [class no.mobitroll.core.security.shiro.tokens.SessionToken] could not be authenticated by any configured realms. Please ensure that at least one realm can authenticate these tokens.","timestamp":1499789957919,"duration":0,"errorCode":0}
first use this code and debug your issue.
$info = curl_getinfo($ch);
print_r( $info );
if you are requesting HTTPS check
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
405 error probably for un-permitted methods. e.g. Making a GET call, when only POST is permitted, or vice versa.
Related
I am trying to access a website's protected web page where I need to post some JSON data to a page, but it always shows status code 200 and redirects me to a page which says
"Please enable browser cookie" and then shows me the login page as a response, both of the curl executions return 200 status code. I also give the cookie.txt correct permission i.e, 644. BUT I FOUND THAT COOKIE.TXT is not modifying
any help would be appreciated.
php curl code:
<?php
//username and password of account
$username = trim($_POST["email"]);
$password = trim($_POST["password"]);
echo "username=$username pass:$password";
$loginUrl = 'https://www.pogrande.com/login.php?action=process';
//The username or email address of the account.
define('USERNAME', $username);
//The password of the account.
define('PASSWORD', $password);
//Set a user agent. This basically tells the server that we are using Chrome ;)
define('USER_AGENT', 'Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36');
//Where our cookie information will be stored (needed for authentication).
define('COOKIE_FILE', 'cookie.txt');
//URL of the login form.
define('LOGIN_FORM_URL', 'https://www.pogrande.com/login.php');
//Login action URL. Sometimes, this is the same URL as the login form.
define('LOGIN_ACTION_URL', 'https://www.pogrande.com/login.php?action=process');
//An associative array that represents the required form fields.
//You will need to change the keys / index names to match the name of the form
//fields.
$postValues = array(
'email_address' => USERNAME,
'password' => PASSWORD
);
//Initiate cURL.
$curl = curl_init();
//Set the URL that we want to send our POST request to. In this
//case, it's the action URL of the login form.
curl_setopt($curl, CURLOPT_URL, LOGIN_ACTION_URL);
//Tell cURL that we want to carry out a POST request.
curl_setopt($curl, CURLOPT_POST, true);
//Set our post fields / date (from the array above).
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postValues));
//We don't want any HTTPS errors.
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
//Where our cookie details are saved. This is typically required
//for authentication, as the session ID is usually saved in the cookie file.
curl_setopt($curl, CURLOPT_COOKIEJAR, COOKIE_FILE);
//Sets the user agent. Some websites will attempt to block bot user agents.
//Hence the reason I gave it a Chrome user agent.
curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
//Tells cURL to return the output once the request has been executed.
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
//Allows us to set the referer header. In this particular case, we are
//fooling the server into thinking that we were referred by the login form.
curl_setopt($curl, CURLOPT_REFERER, LOGIN_FORM_URL);
//Do we want to follow any redirects?
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
//Execute the login request.
curl_exec($curl);
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
echo "status=$status";
//Check for errors!
if(curl_errno($curl)){
throw new Exception(curl_error($curl));
}
$url = $_POST['url'];
$content = $outp;//json_encode("your data to be sent");
//We should be logged in by now. Let's attempt to access a password protected page
curl_setopt($curl, CURLOPT_URL, $url);
//Use the same cookie file.
curl_setopt($curl, CURLOPT_COOKIEJAR, COOKIE_FILE);
//Use the same user agent, just in case it is used by the server for session validation.
curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
//We don't want any HTTPS / SSL errors.
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $content);
//Execute the GET request and print out the result.
curl_exec($curl);//the login is now done and you can continue to get the
//protected content.
/*
$url = $_POST['url'];
$content = $outp;//json_encode("your data to be sent");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER,
array("Content-type: application/json"));
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $content);
*/
$json_response = curl_exec($curl);
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if ( $status != 201 ) {
die("Error: call to URL $url failed with status $status, response $json_response, curl_error " . curl_error($curl) . ", curl_errno " . curl_errno($curl));
}
curl_close($curl);
$response = json_decode($json_response, true);
//alert($response);*/
}
}
?>
I have tried all several methods and approaches to this problem and I'm stumped. I'm trying to log into www.senderscore.org with php. The site's log in is a post form to their index page. I need to do this because I need to lookup several IPs and log the information on a regular basis. I have tried posting with curl but I have had no luck. Every attempt just returns the page as if I did not attempt to log in. If anyone could help out with a code snippet I'd appreciate it very much.
edit: The latest attempt's block of code. this is the code inside a class function.
$username= $this->username;
$password= $this->password;
$url = 'www.senderscore.org/index.php';
$fields = array(
'email'=>$username,
'password'=>$password,
'action'=>"localLogin",
'Submit'=>"Sign in",
'remember'=>'1'
);
$postvars='';
$sep='';
foreach($fields as $key=>$value)
{
$postvars.= $sep.urlencode($key).'='.urlencode($value);
$sep='&';
}
$curl = curl_init();
curl_setopt($curl,CURLOPT_URL,$url);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,$postvars);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
$data = curl_exec($curl);
if ($data === false) {
$data = curl_error($curl);
}
curl_close($curl);
return $data;
Try to look at this script, it should work with post; i haven't tested it:
$username = 'your_username';
$password = 'your_password';
$loginUrl = 'http://www.path-to-login.com/login/';
//init curl
$ch = curl_init();
//Set the URL to work with
curl_setopt($ch, CURLOPT_URL, $loginUrl);
// ENABLE HTTP POST - this is important in your case
curl_setopt($ch, CURLOPT_POST, 1);
//Set the post parameters - make sure to match username and password
curl_setopt($ch, CURLOPT_POSTFIELDS, 'user='.$username.'&pass='.$password);
//Handle cookies for the login
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
//Setting CURLOPT_RETURNTRANSFER variable to 1 will force cURL
//not to print out the results of its query.
//Instead, it will return the results as a string return value
//from curl_exec() instead of the usual true/false.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
//execute the request (the login)
$store = curl_exec($ch);
//the login is now done and you can continue to get the
//protected content.
//set the URL to the protected file
curl_setopt($ch, CURLOPT_URL, 'http://www.site-logging-into.com/protected/file.zip');
//execute the request
$content = curl_exec($ch);
//save the data to disk
file_put_contents('~/file.zip', $content);
I have written a php script to login to a site from curl. Below is my code:
<?php
// INIT CURL
$ch = curl_init();
// SET URL FOR THE POST FORM LOGIN
curl_setopt($ch, CURLOPT_URL, 'http://wordpress.dev/wp-login.php');
// ENABLE HTTP POST
curl_setopt ($ch, CURLOPT_POST, 1);
// SET POST PARAMETERS : FORM VALUES FOR EACH FIELD
curl_setopt ($ch, CURLOPT_POSTFIELDS, 'log=admin&pwd=admin');
// IMITATE CLASSIC BROWSER'S BEHAVIOUR : HANDLE COOKIES
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
# Setting CURLOPT_RETURNTRANSFER variable to 1 will force cURL
# not to print out the results of its query.
# Instead, it will return the results as a string return value
# from curl_exec() instead of the usual true/false.
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
// EXECUTE 1st REQUEST (FORM LOGIN)
$store = curl_exec ($ch);
var_dump($store);exit;
// CLOSE CURL
curl_close ($ch);
?>
If I give right password it gives string() " and if give wrong password it redirects me to the login page
How can check that login is successful?
You need to check response code as well. This might help you.
$contents = curl_exec($ch);
$httpcode = curl_getinfo($ch,CURLINFO_HTTP_CODE);
var_dump($httpcode);
var_dump($contents);
In most cases HTTP code 200 is a valid authentication.
curl_exec() Returns TRUE on success or FALSE on failure.
<?php
//execute the request (the login)
$store = curl_exec($ch);
if($store){ //check for true/false
//Logged in
}else{
//Login failed
}
?>
UPDATE:
if you are on HTTPS, add this:
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
UPDATE 2:
add this:
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
you can check it with $store it will return true on success otherwise false.
check Storing the response of login using curl? . think it will solve your problem.
You should pay attention to status codes.
curl_exec would return true even if your login is not validated.
It simply means that the curl request is executed without error..
Make sure that status code is "200"..
I am using the Furk.net API and I have managed to successfully login using a curl function and submitting the post data to the proper URL (http://api.furk.net/api/login/login). When I echo the results, I get a success message and the cookie is successfully stored on my server. However, when I try to then retrieve information from the API, it gives me access denied. I'm wondering why my cookie isn't being used for all following requests?
function getUrl($url, $method='', $vars='') {
global $megauser;
$ch = curl_init();
if ($method == 'post') {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $vars);
}
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
$buffer = curl_exec($ch);
curl_close($ch);
return $buffer;
}
$login_data = array(
'login' => 'user',
'pwd' => 'pass'
);
echo getUrl('http://api.furk.net/api/login/login','post', $login_data);
If I try another request on the API using this same function while the cookie exists, I get access denied, but if I try the same request in my browser while logged in, I get the appropriate results.
When you login, you don't need to save the cookie. You will receive an answer from the API with the apy_key.
You need to keep that key, and send it along with all your other requests to the API (As as POST parameter)
And you should not use the cookie and the api_key at the same time, as some requests are denied if both are sent.
<?php
function updateTwitter($status)
{
// Twitter login information
$username = 'xxxxx';
$password = 'xxxxxx';
// The url of the update function
$url = 'http://twitter.com/statuses/update.xml';
// Arguments we are posting to Twitter
$postargs = 'status='.urlencode($status);
// Will store the response we get from Twitter
$responseInfo=array();
// Initialize CURL
$ch = curl_init($url);
// Tell CURL we are doing a POST
curl_setopt ($ch, CURLOPT_POST, true);
// Give CURL the arguments in the POST
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postargs);
// Set the username and password in the CURL call
curl_setopt($ch, CURLOPT_USERPWD, $username.':'.$password);
// Set some cur flags (not too important)
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_NOBODY, 0);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// execute the CURL call
$response = curl_exec($ch);
// Get information about the response
$responseInfo=curl_getinfo($ch);
// Close the CURL connection curl_close($ch);
// Make sure we received a response from Twitter
if(intval($responseInfo['http_code'])==200){
// Display the response from Twitter
echo $response;
}else{
// Something went wrong
echo "Error: " . $responseInfo['http_code'];
}
}
updateTwitter("Just finished a sweet tutorial on http://brandontreb.com");
?>
I get the following output
Error: 0
Please help.
The libcurl documentation says http_code is set to 0 on failure (no server response code). You should check response before calling curl_getinfo, and call curl_error if it is FALSE. Also, there's no point in storing an empty array in responseInfo. You can set it to null instead.
Might be a mistake or he forgot to eliminate it from the post, but curl_close($ch) is never called. Maybe that is what is holding up the response? I'll test more when I get home.