I need to create a php script that logs into remote site then downloads a csv file on that site. I've searched all over and haven't found anything that does what I need. Currently I only have the following code which allows me to login to a remote site.
<?php
$username="";
$password="";
$url='';
$cookie="";
$postdata = 'email='.$username.'&pass='.$password;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_POST, true);
$result = curl_exec($ch);
echo $result;
curl_close($ch);
?>
How about something like:
<?php
$username="";
$password="";
$url='';
$csvurl='';
$cookie="";
$postdata = 'email='.$username.'&pass='.$password;
/*first log in*/
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_POST, true);
$result = curl_exec($ch);
echo $result;
/*now download the file*/
curl_setopt($ch, CURLOPT_URL, $csvurl);
curl_setopt($ch, CURLOPT_REFERER, $url);
$result = curl_exec($ch);
echo $result;
curl_close($ch);
?>
Related
$fields['username'] = "Pass#1234";
$fields['password'] = "harsha";
// set postfields using what we extracted from the form
$POSTFIELDS = http_build_query($fields);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://website.com');
curl_setopt($ch, CURLOPT_POSTFIELDS,$POSTFIELDS);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "/abc.crt");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3");
curl_setopt($ch, CURLOPT_REFERER, "https://website.com");
$page = curl_exec($ch) or die(curl_error($ch));
echo $page;
i have save .pem file path in php ini
but still it shows "SSL certificate problem unable to get local issuer certificate error"
I'm trying to write a PHP script to reboot my tp-link router that has the IP address of http://192.168.1.1
Using PHP, I have tried the following script and it still fails to work:
<?php
$ch = curl_init();
$cookie="./cookie.txt" ;
$data = array('Username' => 'admin', 'Password' => 'admin');
curl_setopt($ch, CURLOPT_URL, "http://192.168.1.1");
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_POST, 1);
$o=curl_exec($ch);
echo $o;
curl_close($ch);
?>
I'm trying to login into ws1.com using curl, however whenever i put the POST to true I'm getting error: Bad Request, this is the code that i tried:
<?php
$LOGINURL = "https://secure2.ws1.com/login";
$agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$LOGINURL);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "_csrf=QTRvNkJKaUoWBFYDBHkLDHFkP0MdMhAPOUZCASR9Xh4ZRDx7BC8LGA%3D%3D&LoginForm%5Bemail%5D=naczzalid%40hotmail.com&LoginForm%5Bpassword%5D=csc1233&LoginForm%5BrememberMe%5D=0&login-button=");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
echo $result = curl_exec ($ch);
curl_close ($ch);
?>
Anyone please can explain to me what is the problem in this so i can learn how to do it?
I tested some things with this form and if the csrf code is incorrect, then it gives a bad request.
The csrf value changes for every request and is tied to your cookies. So you need to fetch the login page first and extract the correct csrf code before submitting.
Working code:
<?php
$LOGINURL = "https://secure2.ws1.com/login";
$agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$LOGINURL);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
$result = curl_exec ($ch);
// extract csrf token
preg_match('/<input type="hidden" name="_csrf" value="([^"]+)">/i', $result, $csrf);
$csrf = $csrf[1];
$csrf = urlencode($csrf);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "_csrf={$csrf}&LoginForm%5Bemail%5D=naczzalid%40hotmail.com&LoginForm%5Bpassword%5D=csc1233&LoginForm%5BrememberMe%5D=0&login-button=");
$result = curl_exec($ch);
curl_close ($ch);
var_dump($result);
I'm trying to login to my website using curl all is working fine, the only problem is when I open the file cookie.txt I find it empty this is the code that I tried:
<?
$url = "http://security-dz.com/wp-login.php"; // URL
$POSTFIELDS = 'log=testtest&pwd=test1234';
$agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4)
Gecko/20030624 Netscape/7.1 (ax)";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$POSTFIELDS);
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$result = curl_exec($ch);
curl_close($ch);
echo $result;
?>
I created a file called cookie.txt at the same folder, but when I'm runing this code i can access my website normally the only problem is when i open the file cookie.txt it is empty so what i can do about this?
If you want to get full path you can use this way to.
$cookie=dirname(__FILE__)."\\cookie.txt";
so you can just use this way.
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
it work for me
Try this:
<?
$url = "http://snipercoder.com/wp-login.php"; // URL
$POSTFIELDS = 'log=testtest&pwd=test1234';
$agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4)
Gecko/20030624 Netscape/7.1 (ax)";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$POSTFIELDS);
curl_setopt($ch, CURLOPT_COOKIEFILE, "C:/yourfolderserver/www/cookie.txt");
curl_setopt($ch, CURLOPT_COOKIEJAR, "C:/yourfolderserver/www/cookie.txt");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$result = curl_exec($ch);
curl_close($ch);
echo $result;
?>
CURLOPT_COOKIEFILE/CURLOPT_COOKIEJAR options must be set with absolute path value. "cookie.txt" is a relative path.
If you are in a localhost try this:
<?
$url = "http://security-dz.com/wp-login.php"; // URL
$POSTFIELDS = 'log=testtest&pwd=test1234';
$agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4)
Gecko/20030624 Netscape/7.1 (ax)";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$POSTFIELDS);
curl_setopt($ch, CURLOPT_COOKIEFILE, "C:/wamp/www/cookie.txt");
curl_setopt($ch, CURLOPT_COOKIEJAR, "C:/wamp/www/cookie.txt");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$result = curl_exec($ch);
curl_close($ch);
echo $result;
?>
I am trying to automate the login process for the site: winpossible.com. The site is running on .NET and expects the VIEWSTATE variable to be appropriately set and that is what is most probably tripping up the login function?
<?php
$username=urlencode('<something>');
$password="<something>";
$cookie="<cookie_file>";
$viewstate="...";
$postdata="__EVENTARGUMENT=&__EVENTTARGET=&__VIEWSTATE=$viewstate&_ctl0%3AContentPlaceHolder1%3APassword=$password&_ctl0%3AContentPlaceHolder1%3AUserName=$username&_ctl0%3AContentPlaceHolder1%3AbtnLogin.x=0&_ctl0%3AContentPlaceHolder1%3AbtnLogin.y=0";
$ch = curl_init();
$headers = 'Connection: Keep-Alive';
// First go to the home-page
curl_setopt($ch, CURLOPT_URL,"http://www.winpossible.com/");
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result0 = curl_exec ($ch);
echo "Hi there - results of hitting the home-page\n";
echo $result0;
// Now try the login
curl_setopt($ch, CURLOPT_URL,"http://www.winpossible.com/LoginCheck.aspx");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_REFERER, 'http://www.winpossible.com/Login.aspx');
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
echo $result;
// Now access my-account
curl_setopt($ch, CURLOPT_URL, "http://www.winpossible.com/");
$result2 = curl_exec ($ch);
echo $result2;
curl_close($ch);
// unlink($cookie);
exit;
?>
i've done similar stuff in php and everything seems fine, so try these:
use curl_close after every curl_exec
check if post_datat is correctly
encoded remove ssl options(I've never used them, so I'm not sure)
are you sure there isn't any token or dynamic stuff in login?
looking at source I've seen this
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="LGwSEpu70f..." /></form>
if that's the problem you'll have to isolate it with a regex and send it as post parameter