What I want to do is simply to run a script from localhost (my computer) and login into an external site. Then, as a logged user, access a certain page and take the output, then save it in a file.
Now, sending the post data is no problem (I'm not using cURL, but I already managed that problem with another function), so the login isn't big deal. After I login to a certain site, it happens that the site manages the sessions with cookies. So, I receive the output of the cookies:
Code: Select all
HTTP/1.1 302 Found
Date: Mon, 01 Sep 2008 04:44:04 GMT
Server: Apache
Accept-Ranges: bytes
X-Powered-By: PHP/4.4.8
Set-Cookie: MDAAuth=<ENCRYPTEDCOOKIE>; expires=Wed, 01 Oct 2008 04:44:04 GMT; path=/; domain=.<SITE>.com
Set-Cookie: surs_2=<ANOTHERENCRYPTEDVALUE>; path=/; domain=.<SITE>.com
Set-Cookie: purs_2=<ATHIRDANDLASTCOOKIE>; expires=Thu, 30 Aug 2018 04:44:04 GMT; path=/; domain=.<SITE>.com
Ok, I decided it could be a good idea to put the code I have so far (it's pretty small as I've been working in other things...).
I took the 'file_post_contents' function from the php manual (a user posted it) and made very little changes.
Code: Select all
<?php
function file_post_contents($url, $headers = '') {
$url = parse_url($url);
if (!isset($url['port'])) {
if ($url['scheme'] == 'http') {
$url['port'] = 80;
}
else if ($url['scheme'] == 'https') {
$url['port'] = 443;
}
}
$url['query'] = isset($url['query'])
? $url['query']
: '';
$url['protocol'] = $url['scheme'].'://';
$headers = "POST ".$url['protocol'].$url['host'].$url['path']." HTTP/1.0".PHP_EOL.
"Host: ".$url['host'].PHP_EOL.
"Referer: ".$url['protocol'].$url['host'].$url['path'].PHP_EOL.
$headers.
"Content-Type: application/x-www-form-urlencoded".PHP_EOL.
"Content-Length: ".strlen($url['query']).PHP_EOL.
PHP_EOL.$url['query'];
$fp = fsockopen($url['host'], $url['port'], $errno, $errstr, 30);
if($fp) {
fputs($fp, $headers);
$result = '';
while(!feof($fp)) {
$result .= fgets($fp, 128);
}
fclose($fp);
return $result;
}
}
$url = 'SITETOLOGIN.COM';
$login = 'LOGIN_NAME';
$pass = 'PASSWORD';
/**
* I will eventually modify this "predatos" array to receive data over _GET
* The variables so far are to test with one site.
*/
$predatos = Array();
$predatos['EMAILADDR'] = $login;
$predatos['PASSWORD'] = $pass;
$predatos['path'] = 'apath'; //Just one variable I need to post.
$predatos['post'] = 'login'; //Another variable I need to post.
/**
* From here on, I will be deleting many lines of code that would be commented...
* They were mainly to test what the hell was going on.
*/
$datos = http_build_query($predatos);
$var = file_post_contents($url . '?' . $datos); //file_post_contents makes the login
//and receives a header response,
//which contains cookies.
$arrHeaders = split(PHP_EOL, $var);
/**
* This one is the part when I start to get it wrong.
* At least from my little shy knowledge, one can use the "Cookie:" header to tell the server
* So, I take the last "Set-cookie: stuff" response and change it (I already know how it outputs,
* that's why I'm using exact values). I create a single line.
* Example of how this line looks:
Cookie: MDAAuth=<Very big encrypted value>, surs_2=<ANOTHER BIG VALUE>, purs_2=<ANOTHER BIG VALUE>
* I actually wonder if I should make several "Cookie: name=vale" lines, one per cookie. Also, I'm
* not sure if it should end in a ;
*/
$resultado = 'Cookie: ';
for($i = 5; $i < 8; $i++) {
$resParcial = substr($arrHeaders[$i], 12);
$resParcial = split(';', $resParcial);
$resultado .= $resParcial[0];
$resultado .= ($i < 7) ? ', ': PHP_EOL;
}
/**
* After creating the Cookie: line, I just try again last function, but now passing headers as
* parameters.
*/
echo file_post_contents('SITE_THAT_DISPLAYS_INFO_FOR_LOGGED_USERS', $resultado);
/**
* I'm not sure if the site is blocking my actions (I actually have no evil intention in doing
* all these... in intentions in hacking, but rather in gathering information for publishing
* a weekly list. It takes time to take the info, so I want to make it automatic.
* Anyway, I said that I'm not sure if the site is blocking my actions because I get a:
* "Found: The document has moved <a href="link">here</a>"
* I hope this was detailed enough. Thanks in advance.
*/
?>So, thanks in advance =) This is my first post, I hope I didn't break any rule (I did search the forums and all before posting... and read the sticky topics)