Page 1 of 1

Yahoo login script

Posted: Sun Mar 09, 2003 12:33 pm
by efedora
I'm a newbie trying to write a script to backup Yahoo Group messages.
I can get the message and parse it ok but I don't know how to do the login to Yahoo and 'ok' the restricted access page (over 18).

This is what I want to do from the server:
1. User submits Yahoo ID and password.
2. login to Yahoo using the id and password supplied by the user.
3. click thru the 'restricted access' page (just says I'm over 18).
4. continue with my script to access messages.

I have looked around for something like this but haven't been able to find it. It can be done in javascript but I want to do it with PHP on the server.
Thanks for any pointers or help.

a step away

Posted: Thu Mar 13, 2003 5:41 pm
by musashi
Well, the issue that you are facing is in the way you are looking at the problem. You must find out how the information gets sent to Yahoo for all the automatted actions you are trying to do.

So based on your list:

1. User gives you access to their Yahoo account.
- easy enough to have a form for that
2. Access the page after the login page for the Yahoo Group section.
- This is the tricky part. The logins for Yahoo are done as POSTs so you cannot simply request the URL (doing an fopen() or something else) with a some variables tacked on at the end with the login information. You need to send data to the server as if it were in the form of a POST method. Off the top of my head, I'm not sure how exactly to do this. One thing you could try, though it is not secure, is try doing it in the manner of a GET... see if it works... it shouldn't but hey, coders are not perfect!

So this all comes down too... you can try an fopen("YAHOO?user=blah&pass=blah"); The key is to make sure to include in the URL all the variables the application is expecting (you can find them by examining the html source for the login page).

3. and 4. are done as I stated above.

Good luck. :D

Re: a step away

Posted: Thu Mar 13, 2003 8:49 pm
by efedora
musashi wrote: 1. User gives you access to their Yahoo account.
- easy enough to have a form for that
2. Access the page after the login page for the Yahoo Group section.
- This is the tricky part. The logins for Yahoo are done as POSTs so you cannot simply request the URL (doing an fopen() or something else) with a some variables tacked on at the end with the login information. You need to send data to the server as if it were in the form of a POST method. Off the top of my head, I'm not sure how exactly to do this. One thing you could try, though it is not secure, is try doing it in the manner of a GET... see if it works... it shouldn't but hey, coders are not perfect!

So this all comes down too... you can try an fopen("YAHOO?user=blah&pass=blah"); The key is to make sure to include in the URL all the variables the application is expecting (you can find them by examining the html source for the login page).

Good luck. :D
What it looks like is:
1. Send yahoo the login and pw
This should probably be considered as a stand alone task.
Yahoo uses javascript to hash the pw etc. so I'll have to dope that out.
Once I'm logged in yahoo sets some kind of session cookie.

2. After I'm logged in:
The FIRST TIME I request a group page Yahoo sends me to a notice
screen and I just click ok. Then yahoo must set another cookie because
it just requests the same group page again only this time it doesn't
go to the notice page.
I'll never see the notice page again unless I sign out of yahoo (kill the
cookie). From then on I can go to the group with no login or notice.

The notice screen is always the same so I shouldn't have any problem
recognizing it. There is no other option besides clicking 'Accept' or 'Don't
accept' but the source does not show up. The URL in the address
window is the same one that will take me to the group IF I have accepted
the cookie. I don't know how they set the cookie (or if they do).

Posted: Fri Mar 14, 2003 9:02 am
by hedge
Maybe I can get you started. Below is the code i use to login to an asp site, get the authentication cookie and then get furthur info. The first section is the include file http.php, the second section is a rough example.

Code: Select all

<?php
 function httpParseResponse(&$rslt, &$hdr, &$data) {
   $pos = strpos($rslt, "\r\n\r\n");
   if ($pos==false) {
     $hdr = array();
     $data = '';
   }
   else {
     $hdr = explode("\r\n",substr($rslt, 0, $pos));
     $data = substr($rslt, $pos+4);
   }
 }

 function httpGET($host, $path, $hdrs) {
   $fp = @fsockopen($host, 80);
   if ($fp) {
     fputs($fp, "GET $path HTTP/1.0");
     if (strlen($hdrs)>0) fputs($fp, "\r\n$hdrs");
     fputs($fp, "\r\n\r\n");
     while (!feof($fp)) $buf .= fgets($fp,1024);
     fclose($fp);
     return $buf;
   }
   else return false;
 }

 function httpSimulateFormSubmit($host, $method, $path, $data) {
   $fp = @fsockopen($host, 80);
   if ($fp) {
     if ($method == 'GET') $path .= '?' . $data;
     fputs($fp, "$method $path HTTP/1.0\r\n");
     fputs($fp, "Host: $host\r\n");
     fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
     fputs($fp, "Content-length: " . strlen($data) . "\r\n");
     fputs($fp, "Connection: close\r\n\r\n");
     if ($method == 'POST') fputs($fp, $data);
     while (!feof($fp)) $buf .= fgets($fp, 1024);
     fclose($fp);
     return $buf;
   }
   else return false;
 }
?>


<?php
 require('http.php');

 function getAuthenticationCookie(&$response) {
   $cookie = '';
   httpParseResponse($response, $hdr, $data);

   for ($i=0;$i<count($hdr);$i++) {
     $pos = strpos($hdr[$i],'ASPSESSIONID');
     if ($pos!=false) $cookie = substr($hdr[$i],$pos);
   }

   if (strlen($cookie)==0) return false;
   else return $cookie;
 }


 $host = 'www.somewhere.com';
 // replicate form submission to login page
 $response = httpSimulateFormSubmit($host, 'POST', '???.asp', 'txtUserID=???&txtPassword=???&cmdSubmit=Login');
 if ($response) {
   // get authentication cookie, just parses the http headers returned
   $cookie = getAuthenticationCookie($response);
   if ($cookie) {
     // do furthur work to get content, passing cookie along to maintain authenticated state
     $response = httpGET($host, '???.asp?display=???', 'Cookie: '.$cookie);
   }
 }
?>

Posted: Wed Mar 19, 2003 11:38 am
by m3mn0n
wow that was great. Just what i needed. 8)