I'm trying to login into twitter with php + curl, but I think there's something wrong with my request because I get this as response:
Something is technically wrong.
Thanks for noticing—we\'re going to fix it up and have things back to
normal soon.
The php code I'm using is:
<?php
$ch = curl_init($sTarget);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $sPost);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $_CKS);
curl_setopt($ch, CURLOPT_COOKIEFILE, $_CKS);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-type: multipart/form-data"));
curl_setopt($ch, CURLOPT_REFERER, "https://twitter.com");
?>
$sPost looks like this:
session[username_or_email]=user&session[password]=password&remember_me=1&scribe_log=&redirect_after_login=&authenticity_token=6e706165609354bd7a92a99cf94e09140ea86c6f
The code first fetches the login form fields so that the post variables do have the proper values(auth token). I just tried about everything and yes I know there's an api for this but I'd rather find out how to do it manual for learning's sake.
Thanks in advance.
The CURLOPT_COOKIESESSION is used to indicate a new session. That's not what you want, since you need to send the session cookie in the second post.
I got the twitter login to work with this code:
<?php
# First call gets hidden form field authenticity_token
# and session cookie
$ch = curl_init();
$sTarget = "https://twitter.com/";
curl_setopt($ch, CURLOPT_URL, $sTarget);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookie.txt");
curl_setopt($ch, CURLOPT_REFERER, "https://twitter.com/");
$html = curl_exec($ch);
# parse authenticity_token out of html response
preg_match('/<input type="hidden" value="([a-zA-Z0-9]*)" name="authenticity_token"\/>/', $html, $match);
$authenticity_token = $match[1];
$username = "your#email.com";
$password = "password";
# set post data
$sPost = "session[username_or_email]=$username&session[password]=$password&return_to_ssl=true&scribe_log=&redirect_after_login=%2F&authenticity_token=$authenticity_token";
# second call is a post and performs login
$sTarget = "https://twitter.com/sessions";
curl_setopt($ch, CURLOPT_URL, $sTarget);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $sPost);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-type: application/x-www-form-urlencoded"));
# display server response
curl_exec($ch);
curl_close($ch);
?>
PS: Sorry for not reading your post properly the first time.
I noticed two things:
1) Try to URL encode your POST data
such as:
session%5Busername_or_email%5D=user&session%5Bpassword%5D=password...
instead of:
session[username_or_email]=user&session[password]=password...
2) twitter has a hidden field named authenticity_token in the login form. It is bound to the session. Thus you cannot use a static authenticity_token, you have to read the login form first and use the authenticity_token field from there.
Hope that helps.
Related
I am submitting login form data using curl in php, and from what I've observed the login POST has no response - the lander page is loaded by a subsequent GET request. What I'd like to know is how I can make a POST using curl and then a GET? For reference, here's my current code:
$ch = curl_init('https://<my url>');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Accept: text/html',
));
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_POST, 2);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'my post fields');
$result = curl_exec($ch);
// I need to make a get request to get the loggedin page here!?
curl_setopt($ch, CURLOPT_URL, 'https:<another_url>');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, 0);
$result = curl_exec($ch);
echo curl_errno($ch);
I'm currently getting an error 52 from my POST which is no response, which I think should be expected. The issue is, when I tried to make a GET, I also got errno 52. Also for a sanity check, I retrieved my post fields my grabbing the form data from the network data from chrome dev tools.
Thanks in advance for the help!
I am trying to login to a site using curl but for some reason when I use the print_r($login) to view the output, I always end up seeing the original login page without it being processed (it was supposed to return something like login success or fail), I think curl is not able to submit the form, any suggestion?
$user="something"; $pass="something";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, "username={$user}&password={$pass}");
curl_setopt($ch, CURLOPT_USERAGENT, "Something");
$login = curl_exec($ch);
print_r($login);
You need to add
curl_setopt($ch, CURLOPT_POST, TRUE);
To send POST content. Without it, your CURLOPT_POSTFIELDS will be ignored.
This is a part of the code of a function of a class that I did in early 2015. Today it is no longer working. The variables defined in my code, so that is not the problem...
Now that we're clear, let's get to the point:
The Problems:
Do not generate cookies
In the login page , I get a red sign with "
security policy " ...
I get redirected to
https://facebook.com/common/invalid_request.php when I 'm logged (
below I explain as I did for logging )
Poorly made solutions :
To generate cookies , all you did was use an extension for Chrome that shows you cookies.txt called cookies in Netscape format and copy the file with the facebook and log in because I did not allow log in with cookies without Log .
I could not fix it
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.facebook.com/');
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $this->CONFIG['cookie']);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $this->CONFIG['useragent']);
curl_setopt($ch, CURLOPT_REFERER, 'http://www.facebook.com');
curl_exec($ch) or die(curl_error($ch));
curl_close($ch);
unset($ch);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.facebook.com/login.php');
curl_setopt($ch, CURLOPT_POSTFIELDS,'email='.urlencode($email).'&pass='.urlencode($pass).'&login=Login');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $this->CONFIG['cookie']);
curl_setopt($ch, CURLOPT_COOKIEFILE, $this->CONFIG['cookie']);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $this->CONFIG['useragent']);
curl_setopt($ch, CURLOPT_REFERER, 'http://www.facebook.com');
$page = curl_exec($ch) or die(curl_error($ch));
file_put_contents(getcwd().'/debug.html', $page);
preg_match('/<body class="([^<]+)" dir="ltr">/', $page, $web);
if(file_exists($this->CONFIG['token'])) unlink($this->CONFIG['token']);
if(preg_match('/home/i', $web[1])) {
$this->login = true;
return true;
} else {
return false;
}
curl_close($ch);
You can´t login with CURL, you need to implement a proper login process and you NEVER need the password for this: https://developers.facebook.com/docs/facebook-login
I suggest using the JavaScript SDK for this, it´s very easy to handle. Here are some links to get you started:
https://developers.facebook.com/docs/facebook-login/web
http://www.devils-heaven.com/facebook-javascript-sdk-login/
In the below code i am trying to post the username and password but not able to create the cookie using post, if i do the same with get method it creates the cookie.
$BASEURL="http://localhost/openx/www/api/json/index.php/main/authenticate/";
$POSTFIELDS='username="'.$username.'"&password="'.$password.'"';
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $POSTFIELDS);
curl_setopt($ch, CURLOPT_URL, $BASEURL);
$returned = curl_exec($ch);
The curl_getinfo($ch) returns 200 OK http code, can anybody please advice what is wrong with the above code.
Thanks in advance.
The cookiejar is only saved when you close the curl handle using curl_close($ch).
From the manual:
CURLOPT_COOKIEFILE
The name of the file containing the cookie data. The cookie file can be in Netscape format, or just plain HTTP-style headers dumped into a file. If the name is an empty string, no cookies are loaded, but cookie handling is still enabled.
CURLOPT_COOKIEJAR
The name of a file to save all internal cookies to when the handle is closed, e.g. after a call to curl_close.
http://www.php.net/manual/en/function.curl-setopt.php
I have changed my code to below and now working for me.
$ckfile = tempnam ("/tmp/", "CURLCOOKIE");
$BASEURL='http://localhost/openx/www/api/json/index.php/main/authenticate/';
$POSTFIELDS='username='.$username.'&password='.$password.'';
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookieFileName");
curl_setopt($ch, CURLOPT_URL,'http://localhost/openx/www/api/json/index.php/main/authenticate/');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $POSTFIELDS);
ob_start(); // prevent any output
$result=curl_exec ($ch); // execute the curl command
ob_end_clean(); // stop preventing output
$result = curl_exec($ch);
curl_close($ch);
I'm trying to post pin and number of giftcard to BarnesAndNoble site to get the available balance. (we are a company buying gift cards from people, and we need to verify the balance)
https://cart2.barnesandnoble.com/gc/gc_ViewBalance.asp
The weird thing is that, the content returned is the original page (not the resulted page where it should say the pin&number entered are invalid, or should return an amount)
I wonder why it doesn't work, the code is pretty straight forward
$ch = curl_init();
$formUrl = 'https://cart2.barnesandnoble.com/gc/gc_ViewBalance.asp ';
$ckfile = __DIR__.'\cookie.txt';
curl_setopt($ch, CURLOPT_URL, $formUrl);
curl_setopt($ch, CURLOPT_REFERER, $formUrl);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
$urldata = parse_url($formUrl);
$headers = array("Host: ".$urldata['host']);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
// tried this as well
//curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."/GTECyberTrustGlobalRoot.crt");
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
//curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
//curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // return content as a string
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
$content = curl_exec($ch);;
To answer my own question:
PHP curl resets content-length if CURLOPT_POST is set with curl_setopt_array?
Long answer: read the above link
Short answer: pass the query string into CURLOPT_POSTFIELDS instead of an array (I used array in the above $post)