I'm trying to login to a secure aspx site using curl, and retrieve some of the account's data.
The page uses the aspx __VIEWSTATE to keep track of the browser's state. From checking the request headers here is the sequence:
user GETS from Login.aspx (including __VIEWSTATE)
user POSTS __VIEWSTATE, loginName and loginPassword to login.aspx -> server responds with 302
user GETS Submissions.aspx
submissions.aspx is a table of different clients referred to by __EVENTTARGET=dgrdSubmissions$ctl0x$ctl00 where the first $ctl0x represents that client's row.
user POSTS _VIEWSTATE,_EVENTTARGET and an AdvisorView param to submissions.aspx -> server responds with 302
user GETS Policy.aspx
This works fine in the browser (Chrome - The site suspiciously breaks in Firefox with Message: Exception of type 'System.Web.HttpUnhandledException' was thrown) but in my php script the GET Policy.aspx responds with the login page and not the expected client info.
Here is my code (minus error-checking and page displaying):
Helper Functions:
function curl_page($url){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
$data=curl_exec($ch);
curl_close($ch);
return $data;
}
function curl_ssl_page($url="",$postdata=""){
$ch = curl_init();
$cookie = 'cookie.txt';
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
return $result;
}
function curl_get_page($url=""){
$ch = curl_init();
$cookie = 'cookie.txt';
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
$result = curl_exec ($ch);
return $result;
}
Pages
Pages - Login:
if(isset($_POST['user-name'])) {
//GET login page
$url = "http://www.gryphinonline.ca/Login.aspx";
$login_page = $this->curl_page($url);
// get viewstate
$regexViewstate = '/__VIEWSTATE\" value=\"(.*)\"/i';
$regexEventVal = '/__EVENTVALIDATION\" value=\"(.*)\"/i';
$viewstate = $this->regexExtract($login_page,$regexViewstate,1);
$eventval = $this->regexExtract($login_page, $regexEventVal,1);
//Post to login page
$postdata = '__VIEWSTATE='.rawurlencode($viewstate)
.'&txtLoginName='.$_POST['user-name']
.'&txtPassword='.$_POST['password']
.'&Start=Login+%2F+Ouverture+de+session';
$this->curl_ssl_page($url,$postdata);
header("Location:http://url-edited/submissions");
}
Pages - Submissions:
$url = "http://www.gryphinonline.ca/Submissions.aspx";
$submissions = $this->curl_get_page($url);
$dom = new DOMDocument();
#$dom->loadHTML($submissions);
// scrape for data including viewstate
$view = $dom->getElementById('dgrdSubmissions');
if(!$view) header("Location://url-edited/login");
$h_data = $dom->getElementsByTagName('div');
$h_data = $h_data->item(0);
if(isset($_POST['__EVENTTARGET'])){
$postdata=array();
foreach ($_POST as $key => $value) {
$postdata[]=$key.'='.$value;
}
$postdata = implode('&', $postdata);
$this->curl_ssl_page($url,$postdata);
header("Location:http://url-edited/policy");
}
Pages - Policy:
$url = "http://www.gryphinonline.ca/Policy.aspx";
$policy = $this->curl_get_page($url);
All the HTTP requests and cookies are identical as far as I can tell. Anyone have any idea what is going on here? Is this possibly related to the site's problems with Firefox or am I misunderstanding something basic?
I've been at this for a few days and any help would be appreciated.
Turns out I had forgotten to urlencode the POST string to submissions.
Related
I am trying to write a script to login to a particular site and obtain multiple web pages in the site to php variables. Here I am using the same cookie in both curl requests.
In the attached code, first curl request returns the home page, but the second requests return the login page instead of the requested page(it seems that it is counted as a new request). I am using the same cookie file in both occasions.
<?php
$username='xxxxx';
$password='xxxxxxx';
$cookie="C:/Games/cookie21.txt";
$url = 'http://xxxx/xxx/login.php';
$postdata = "?&uname=$username&upwd=$password";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
echo $result;
curl_close($ch);
$url1 = 'http:///xxxx/xxx/forms/personal_info.php';
$ch1 = curl_init();
curl_setopt ($ch1, CURLOPT_URL, $url);
curl_setopt ($ch1, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch1, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch1, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch1, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch1, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch1, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch1, CURLOPT_REFERER, $url1);
$result1 = curl_exec ($ch1);
echo $result1;
curl_close($ch1);
?>
Can someone explain the reason for this odd behavior and the modification needed in this code to obtain multiple web pages in a site to php variables using php-curl?
<?php
$username = "";
$password = "";
$url = "https://wordpress.com/wp-login.php";
$cookie = "cookie.txt";
$postdata = "log=".$username."&pwd=".$password."&rememberme=forever&wp-submit=Log+In&redirect_to=https%3A%2F%2Fwordpress.com%2F&testcookie=1
";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url );
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, "https://wordpress.com/wp-login.php?redirect_to=https%3A%2F%2Fwordpress.com%2F");
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
curl_close($ch);
echo $result;
exit;
?>
am unable to login to wordpress using curl php this is the error i am getting
"ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress."
Use full path (i.e. /var/abc/cookie.txt) instead of just file name.
Also use option CURLOPT_COOKIEFILE along with cookiejar.
What I am trying to do is login to a website and then go and grab data from a table since they do not have an export feature. So far I've managed to login and it shows me the user homepage. However I need to navigate to a different page or somehow grab that page while still being logged in with curl.
My code so far:
$username="email";
$password="password";
$url="https://jiltapp.com/sessions";
$cookie="cookie.txt";
$url2 = "https://jiltapp.com/shops/shopname/orders";
$postdata = "email=".$username."&password=".$password;
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
echo $result;
curl_close($ch);
As I mentioned i get access to the main user page, but I need to grab the contents of the $url2 variable, not $url. How can I accomplish something like that?
Thank you!
Once logged in, make a second request for the page that contains the data you are after.
For subsequent requets, you must set the option CURLOPT_COOKIEFILE which points to the same file as CURLOPT_COOKIEJAR. cURL will read cookies from this file and send them with the request.
$username="email";
$password="password";
$url="https://jiltapp.com/sessions";
$cookie="cookie.txt";
$url2 = "https://jiltapp.com/shops/shopname/orders";
$postdata = "email=".$username."&password=".$password;
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie); // <-- add this line
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
echo $result;
// make second request
$url = 'page you want to get data from';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 0);
$data = curl_exec($ch);
My code is doing the login to a remote site using CURL. But it is not keeping the session alive there. In my case I am logging into the site using the following code.
$username=$options['session[login]'];
$password=$decryptedPassword;
$cookie = tempnam("/tmp", "cookies");
$postdata = "session[login]=".$username."&session[password]=".$password;
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
$result = str_replace("href=\"","href=\"$onappurl\\",$result);
$result = str_replace("href=\"$onappurl\\","href=\"$onappurl",$result);
echo $result;
curl_close($ch);
Now the result is echoed in a popup and it is showing logged in interface. But if I click on any link of the site, I loose the session and it is redirected to the login page.
I think this is because your server is sending the request, and the remote site is creating a session for your server, not for you. So, if you click a link that redirects to that remote site, and you do not have an active session there, you will be prompted to log in.
Well, I want to login using cURL on some page.
When i paste this data in addressbar in that form in the browser
http://mywebpage.net/login.php?username=HERESMYUSERNAME&password=dded0102f44e7e0809520eb93055cb16
page takes me to the address http://mywebpage.net/user.php and everything works.
Now i want to get the same effect by using cURL but something does not work.
$url="http://mywebpage.net/login.php";
$cookie="cookie.txt";
$postdata = "username=cow&password=ass";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
if (!$result) {
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch); // make sure we closeany current curl sessions
die($http_code.' Unable to connect to server. Please come back later.');
}
echo $result;
curl_close($ch);
it's showing me the login page with empty input's and it don't login me and move to the correct address.
When I type www.mywebpage.net/user.php shows "Err 401"
Working code here:
$url="http://mywebpage.net/login.php?username=user&password=ddad0102f44e7f0800354eb11155cb16";
$cookie="cookie.txt";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
if (!$result) {
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch); // make sure we closeany current curl sessions
die($http_code.' Unable to connect to server. Please come back later.');
}
echo $result;
curl_close($ch);
How i can now redirect myself to /all.php?
I see 3 things wrong
You are using CURL POST instead of GET
CURLOPT_FOLLOWLOCATION is set to false but your login script does redirection to user.php , even if the authentication works you would be getting empty response. I think you should set CURLOPT_FOLLOWLOCATION to true
The Url you gave not valid or not working .. am not sure if this is the real URL or just an example.
Thanks
:)