If I load in a cookie, I am able to get to the page that requires cookies, like this:
$cookie = ".ASPXAUTH=Secret";
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
No problem here, I can run curl_exec, and see the page that requires cookies.
If I also want to send some post data, I can do like this:
$data = array(
'index' => "Some data is here"
);
$cookie = ".ASPXAUTH=Secret";
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
I have set up a dump script on my local server, to see if it is working. If i send only the cookie, I can see it in the http headers, and if I send only the post data, I can see the post data.
When I send both, I see only the cookie.
Why?
I finally found a solution.
If I manually set the cookie, using a custom http_header, I am able to get the results wanted.
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Cookie:.ASPXAUTH=secretData"));
Even tried on different servers - same results.
Related
I am trying to retrieve information from an external website using cURL, but the website returns a blank page.
I took a close looker at the network functionality Chrome has and I think I found the problem, but I have no idea how to fix it. As seen in the image below, the server posts to a specific URL and then redirects to another one showing the final result.
This is the code I have right now:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://www.politie.nl/aangifte-of-melding-doen/controleer-handelspartij.html?_hn:type=action&_hn:ref=r199_r1_r1_r1");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"url=&query=test");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
echo curl_exec ($ch);
curl_close ($ch);
The website is in Dutch, but what I am trying to do is check a certain email, phone number or bank account number to see if they have been involved in any scams, so I would like to have the information that a user gets after submitting the form on the website.
The form is on this website: https://www.politie.nl/aangifte-of-melding-doen/controleer-handelspartij.html
I hope someone can help me and thank you for your time.
As was pointed out in one of the comments to your question, a redirect occurs after the form is submitted. But not only that - information transfer between the form submit request and the request after redirect happens through a session, with session id stored in a cookie, so in order to get the results you have to enable cookies, too.
// follow redirects
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
// store and send cookies
$tmpfname = dirname(__FILE__).'/cookie.txt';
curl_setopt($ch, CURLOPT_COOKIEJAR, $tmpfname);
curl_setopt($ch, CURLOPT_COOKIEFILE, $tmpfname);
I'll try to explain the issue, I don't know if it is doable...
If you login here (1st link):
https://profile.ea.com/
And then go here (2nd link):
https://accounts.ea.com/connect/auth?client_id=sparta-companion-web&response_type=code&prompt=none&redirect_uri=nucleus:rest
You will find a code like this only if you are logged (token):
{"code":"QUORAL0aEYq2RjJGJwFEIddI99wM_FaZ_FgktceQ"}
That token is what I need to make some (not documented) API calls work from my web app (cURL with PHP).
I'm trying to emulate what I do when I execute a login but it seems to fail every time and I can't understand why...
This is my 1st call for the 1st link:
<?php
$username = urlencode('myaccount#mail.test');
$password = 'Mysecretpassword';
$event = 'submit';
$loginUrl = 'https://profile.ea.com/';
//init curl
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $loginUrl);
curl_setopt($ch, CURLOPT_POST, 1);
//curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'email='.$username.'&password='.$password.'&_eventId='.$event);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$firstlogin = curl_exec($ch);
//var_dump($firstlogin);
//login done?
Then the token part:
//get the token
curl_setopt($ch, CURLOPT_URL, 'https://accounts.ea.com/connect/auth?client_id=sparta-companion-web&response_type=code&prompt=none&redirect_uri=nucleus:rest');
//execute the request
$token = curl_exec($ch);
var_dump($token);die;
The main issue is the 1st part:
The profile.ea link seems to do a redirect to a unique url, maybe the CURLOPT_FOLLOWLOCATION is not enough?
The data needed to login is an array with 'email', 'password' and '_eventId' but I can't find any other required field.
What I'm doing wrong? Why the login is not working? How can I debug what is not working?
Probably the issue is that when you hit first url with code $firstlogin = curl_exec($ch);. It essentially does not mean that you got logged in for every request now. The next url hit needs to know, who you are before sending you the data, and they are possibly using cookies for this identification. Try simulating it in a browser. Probably, with the first URL request, there are some cookies returned after logging in, which are then forwarded with the next request.
You need to replicate cookies with your curl too. Try to extract any cookies being set with login cURL with the code at this link.
Then forward the cookies with your cURL request using curl_setopt($ch, CURLOPT_HTTPHEADER, array("Cookie: test=cookie"));
If above doesn't work, try replicating the same scenerio at browser and find out all the cookies in browser. Then replicate cookies already set and the ones being set by the login cURL request. This should probably work.
you're doing lots of things wrong,
you don't urlencode $username, but you need to. you don't urlencode $password, but you need to. you don't urlencode $event, but you need to. you don't use, nor try to fetch, the csrf token (called execution) prior to sending the login request, that won't work. you try to login without a pre-existing cookie session, that won't work, the cookie session and the csrf token are tied together, if 1 of them are missing/incorrect, your login won't be successful, and your code fetches neither of them. you're also missing a lot of login post parameters, including phoneNumber, passwordForPhone, _rememberMe, and several others, add them all.
I am trying to use php curl function to log in to a https webpage "https://portal.opalonline.co.uk/Home/PortalCore/SignIn/SignIn.aspx"
but I have run out of ideas how I can post values to this particular page (username, password) and 'press 'sign in'.
$postfields = array('ctl00_MasterContentContentPane_Signin1_userID_txt'=>'email#address.com',
'ctl00_MasterContentContentPane_Signin1_password_txt'=>'somepassword123');
/* LOG IN TO TalkTalk ACCOUNT */
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://portal.opalonline.co.uk/Home/PortalCore/SignIn/SignIn.aspx?");
curl_setopt($ch, CURLOPT_HEADER, false);
// curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
// curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIE_FILE);
// curl_setopt($ch, CURLOPT_COOKIE, COOKIE_FILE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
curl_setopt($ch, CURLOPT_POST, 1);
var_dump($ch);
$string_exec = curl_exec($ch);
var_dump($string_exec);
I can not even display the page with var_dump :( . Ideas / suggestions much appreciated
First, I don't think you can do the 'array' thing like that as that will make PHP/CURL create multipart formpost instead, and this is not such a form. Provide the data in "name=value&name2=value2" style.
Then, make sure you also submit all the hidden fields in the form. There are at least four of them. One of them is set by the HTML to a long value that you need to extract and set, and there is also some javascript magic that sets some of the others. You probably need to use your browser's networking tool to snoop on what exactly your browser sends to be able to mimic that perfectly.
The login page sets cookies and you probably need to pass those cookies on when you submit the login form. So you need to first fetch (GET) the login form page to get the cookies, then file the login POST.
With that fixed, you should be closer. If that isn't all that takes, then continue comparing the browser's request with what your request is sending and make sure they are as similar as possible.
Open the website in google chrome, open the console, to go the network tab.
Login to the website. You should see the request in the network tab. Do a right click on it, select "copy as cURL". It will give you a command line, that will help you understand what you need.
I have got this code:
public function get_thead_page($cookie=null) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_COOKIEFILE,'');
if($cookie) curl_setopt($ch, CURLOPT_COOKIE, $cookie);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
Now I dont want to use my cookie value, but I want the browser to handle it for me. I wan tthe request to behave as if it was given by the browser.
So I want to the cookie to be loaded with the request instead of providing a value...
There is that value..
curl_setopt($ch, CURLOPT_COOKIEFILE,'');
which asks for the cookie file location...but I dont want to specify the location, I want the request to be sent with a cookie being loaded somehow without specifying the path on the system..
Is there any solution?
The browser can't do that. CURLOPT_COOKIEFILE refers to a server-side file which the browser have no access.
You're the one who made this app. It's to you to choose the cookie's location when you create it.
Im using cURL to post data to a php file (setcookie.php) on another domain.
The file, setcookie.php is supposed to set a cookie on that domain with the data posted to it.
The problem is the cookie doesn't want to be set when im doing it with cURL, because cURL returns to the calling file/domain, i guess.
So how can I make cURL not come back to the calling file?
Or is there an easier way to do this?
Here's my code :
$ch = curl_init ("http://<other domain>/setnewcookie.php");
curl_setopt ($ch, CURLOPT_POST, true);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $datatopost);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, false);
$returndata = curl_exec ($ch);
Here's what you need to do:
$ch = curl_init('http://example.org/setnewcookie.php');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_exec($ch);
For cookies to work with cURL, you need to define both CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE. ALso, if you don't want the content of "http://example.org/setnewcookie.php" to be outputted to the browser, you need to set CURLOPT_RETURNTRANSFER to TRUE.
This will create a cookie on your server that cURL can use for subsequent requests but it won't allow the user of your website for instance to use that cookie. If the intent is for the user to be logged in on both sites, this will not work as-is.
For cross sub-domains (as in between www1.example.org and www2.example.org), have a look at PHP authentication with multiple domains and subdomains.
If you want the cookie to get sent from domain2 to browser, browser needs to make request directly.
So if you must get the information from domain1 and user must not get it directly, I'd somehow encrypt the data and redirect browser to send the request to domain2 like this:
domain1/script.php
$return_url = 'http://domain1/script2.php';
$request_url = 'http://domain2/setnewcookie.php';
$request = $request_url . '?data=' . url_encode($encrypted_data) . '&return_url=' . urlencode($return_url);
header('Location: ' . $request);
exit;
And then in domain2/setnewcookie.php just decrypt the data, set the cookie and once that is done, redirect user back to domain1 with help of the $return_url.
Still not sure if this was what you were trying to accomplish, HTH.