Page 1 of 1

CURL and PHP, auto login script.

Posted: Sat Jun 16, 2007 3:54 pm
by NiteHawk
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


I have a login/pass to a website, basiclly looks here: http://www.exclusivepath.com/login.aspx ...
Generally what I do is login, and then backup the specific file in a excel sheet. I do this everyday, once a day.

What I wanted was a script that grabs that automatically. It should be easy enough cept for the login part....
I'm not sure how I can make it fill in those fields first, hit Login, and wait until thats complete to continue. Does anyone have any suggestions or scripts that may do this?

I have a example script I played around with. I got it to login PHPbb2 forums with some modifications, but not at http://www.exclusivepath.com/login.aspx ... Am I missing something here?

Here is the coding so far for the auto login:

Code: Select all

<?php
echo login_curl();

function login_curl()
{
    //Define form data array
    $postfields = array();
    $postfields["UserName"] = urlencode("xxxxx");
    $postfields["Password"] = urlencode("xxxxx");
    $postfields["Button1"] = urlencode("Login");

    //Define option variables
    $action ="http://www.exclusivepath.com/login.aspx";
    $cookie = "cookie.txt";
    $agent = "Mozilla/5.0";
    $referer = "http://www.exclusivepath.com/login.aspx";

    //Initialize a CURL session
    $ch = curl_init($action);

    //Set the CURL options
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);     curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
    curl_setopt($ch, CURLOPT_USERAGENT, $agent);
    curl_setopt($ch, CURLOPT_REFERER, $referer);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

    //Capture output and close session
    $result = curl_exec($ch);
    curl_close($ch);

    return $result;
}
?>
Thanks!


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Sat Jun 16, 2007 4:28 pm
by John Cartwright
There is a hidden form element in their form called __VIEWSTATE, so what you'll likely need to do is to make two curl requests, one to capture the __VIEWSTATE value and using the same curl handler make another request to send the form.

Posted: Sun Jun 17, 2007 4:26 pm
by NiteHawk
Anyways, I got the __VIEWSTATE working for the login, but afterwards, it states invalid __VIEWSTATE. The viewstate does change but I'm keeping up to date with it everytime.... Here's the script so far:

Code: Select all

<?php
echo login_curl();

function login_curl()
{

    //Define option variables
    $action ="http://www.exclusivepath.com/login.aspx";
    $cookie = "cookie.txt";
    $agent = "Mozilla/5.0";
    $referer = "http://www.exclusivepath.com/login.aspx";

    //Initialize a CURL session
    $ch = curl_init($action);

	$matches = array();
	curl_setopt($ch, CURLOPT_URL,$action);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
	curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
	$result = curl_exec ($ch);
	$token = "__VIEWSTATE";
	$result = strstr($result, $token);
	$result = substr($result, strlen($token));
	$endpos = strpos($result, '" />');
	$result = substr($result, 9,$endpos - 9);

    //Define form data array
    $postfields = array();
    $postfields["UserName"] = urlencode("xxxx");
    $postfields["Password"] = urlencode("xxxx");
    $postfields["Button1"] = urlencode("Login");
    $postfields["__VIEWSTATE"] = urlencode($result);

    //Set the CURL options
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
    curl_setopt($ch, CURLOPT_USERAGENT, $agent);
    curl_setopt($ch, CURLOPT_REFERER, $referer);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

    //Capture output 
    $result = curl_exec($ch);

    $action = "http://www.exclusivepath.com/publishers/regPathDataDetailsMain.aspx?id=10";
    $referer = "http://www.exclusivepath.com/publishers/regPathDataDetailsMain.aspx?id=10";

    $ch = curl_init($action);
	$matches = array();
	curl_setopt($ch, CURLOPT_URL,$action);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
	curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
	$result = curl_exec ($ch);
	$token = "__VIEWSTATE";
	$result = strstr($result, $token);
	$result = substr($result, strlen($token));
	$endpos = strpos($result, '" />');
	$result = substr($result, 9,$endpos - 9);

    //Define form data array
    $postfields = array();
    $postfields["Button1"] = urlencode("Export to Excel");
    $postfields["__VIEWSTATE"] = urlencode($result);

    //Set the CURL options
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
    curl_setopt($ch, CURLOPT_USERAGENT, $agent);
    curl_setopt($ch, CURLOPT_REFERER, $referer);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	$result = curl_exec($ch);
//Close
	curl_close($ch);

    return $result;
}
?>
With the error:

Invalid character in a Base-64 string.

[FormatException: Invalid character in a Base-64 string.]
System.Convert.FromBase64String(String s) +0
System.Web.UI.LosFormatter.Deserialize(String input) +25
System.Web.UI.Page.LoadPageStateFromPersistenceMedium() +101

[HttpException (0x80004005): Invalid_Viewstate
Client IP: 64.79.196.227
Port: 34274
User-Agent: Mozilla/5.0
ViewState: dDwtOTMzNDIxMTYxO3Q8O2w8aTwxPjs%2BO2w8dDw7bDxpPDE%2BOz47bDx0PDtsPGk8MT4
7PjtsPHQ8cDw7cDxsPG9uY2xpY2s7PjtsPE5ld1dpbmRvdygnZXhwb3J0ZGF0YS5hc3B4P2ZuPXhtbCcsJ25hbW
UnLCc0MDAnLCc0MDAnLCd5ZXMnKVw7cmV0dXJuIGZhbHNlXDs7Pj4%2BOzs%2BOz4%2BOz4%2BOz4%2
BOz6ULe2yFyZwWRhrCH9ur73eF%2FAjCA%3D%3D
Http-Referer: http://www.exclusivepath.com/publishers ... aspx?id=10
Path: /publishers/regPathDataDetailsMain.aspx.]
System.Web.UI.Page.LoadPageStateFromPersistenceMedium() +447
System.Web.UI.Page.LoadPageViewState() +18
System.Web.UI.Page.ProcessRequestMain() +447

==

So basicly it DOES login, I checked that and it gets the http://www.exclusivepath.com/publishers ... aspx?id=10 page, but using that button makes it go blah.

Posted: Sun Jun 17, 2007 4:44 pm
by NiteHawk
I think I may of found out why, theres a main page with the VIEWSTATE as well:

http://www.exclusivepath.com/publishers ... ntrol.aspx for example.

then you click the link onto http://www.exclusivepath.com/publishers ... aspx?id=10

How would it be possible to click the link with giving the viewstate out again? I know how to grab the viewstate, and as well as clicking a 'button'. but not sure how to click a PLAIN link while doing that.

Thanks!