...

View Full Version : using cURL to login



Christian271
01-16-2010, 08:46 PM
I'm trying to use cURL to login to http://s1.zetaboards.com/Egg_Rescue_HQ/index/ this is the code I'm currently using (I've replaced my password with 'privet'):


$ch = curl_init(); //create cURL
$agent=$_SERVER["HTTP_USER_AGENT"];
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_URL, "http://s1.zetaboards.com/Egg_Rescue_HQ/login/log_in/");
curl_setopt($ch, CURLOPT_POST, 1); //set cURL to post data
curl_setopt($ch, CURLOPT_POSTFIELDS, "uname=Christian271&pw=privet"); //set data to post
curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,1); //set cURL to fallow rederects
curl_setopt($ch, CURLOPT_RETURNTRANSFER ,1); // return the contents of the call
$data = curl_exec($ch);
echo $data;
curl_close($ch);When I run the script it just displays the forum content as if I wasn't logged in. you can see the page here: http://mobileforum.200u.com/. Any ideas?

Christian271
01-19-2010, 12:00 AM
Anyone?

sir.jones
01-19-2010, 11:04 AM
Your script look like right on the place...

hm... do you have access to change/modified the file "http://s1.zetaboards.com/Egg_Rescue_HQ/login/log_in/" Let say login.php
if yes just try put this:


<?php
var_dump($_POST);
?>
to login.php
i hope this can help You

Christian271
01-20-2010, 07:52 PM
No I do not have accesses.

hinch
01-20-2010, 07:54 PM
your login curl script will need to store the cookie generated by the forums else you won't be able to login

Christian271
01-20-2010, 08:58 PM
Thanks for your replay!

I added cookie handling and it still doesn't work,

$ch = curl_init(); //create cURL
$agent=$_SERVER["HTTP_USER_AGENT"];
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_URL, "http://s1.zetaboards.com/Egg_Rescue_HQ/login/log_in/");
curl_setopt($ch, CURLOPT_POST, 1); //set cURL to post data
curl_setopt($ch, CURLOPT_POSTFIELDS, "uname=Christian271&pw=privet"); //set data to post
curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,1); //set cURL to fallow rederects
curl_setopt($ch, CURLOPT_RETURNTRANSFER ,1); // return the contents of the call
$data = curl_exec($ch);
echo $data;
$info = curl_getinfo($ch);
print_r($info);
curl_close($ch);

http://whirlwindproduction.com/dchatchery/Mobile%20Forum/

hinch
01-20-2010, 09:45 PM
the forums won't just create a cookie called cookie.txt it'll be something like domainname.cookie or user-date.cookie etc something similar you'll have to replicate that else when the forum then requests the cookie back it'll be looking for a cookie that doesn't exist with a different name.

you may also want to check if the forums pass a sessionid across the query string that matches the cookie contents and also check for xss protection on the forum as there may be a hidden key that needs to be returns to match the cookie too before login form submission will work properly

Christian271
01-21-2010, 05:35 PM
I created a test form http://whirlwindproduction.com/dchatchery/Mobile%20Forum/testlogin.php it works fine, meaning that it's not a missing field or something. The way I understood cURL cookies is that cookies.txt is where cURL would store to cookies, not the cookie name its self. If I am wrong than can you point me in the right direction?

Thanks!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum