CODEWITHSUNDEEP
phpauthenticationcurlsteam
user3479044
user3479044

Reputation: 23

How i can authentication on steam site?

I try to login on steam using the following code.

steamcommunity.com/login/getrsakey first request is successful.

Request a steamcommunity.com/login/dologin/ all the time gives an error incorrect login.

Perhaps dealing with encryption password or need to add ssl.

I use to encrypt library on http://phpseclib.sourceforge.net/

function geturl($url, $ref, $cookie, $postdata, $header, &$info, &$output)
    {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt ($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36');
        if ($ref)
        {
            curl_setopt($ch, CURLOPT_REFERER, $ref);
        }
        if ($cookie)
        {
            curl_setopt($ch, CURLOPT_COOKIE, $cookie);
        }

        if ($postdata)
        {
            curl_setopt($ch, CURLOPT_POST, true);
            $postStr = "";
            foreach ($postdata as $key => $value)
            {
                if ($postStr)
                    $postStr .= "&";
                $postStr .= $key . "=" . $value;
            }
            curl_setopt($ch, CURLOPT_POSTFIELDS, $postStr);
        }

        curl_setopt($ch, CURLOPT_HEADER, $header);
        $info = curl_getinfo($ch);
        $output = curl_exec($ch);
        curl_close($ch);
    }
geturl("https://steamcommunity.com/login/getrsakey", null, null, array('username' => $login), 0, $info, $output);
$data = json_decode($output, true);

if ($data['success'] === true)
{
    $publickey_exp = $data['publickey_exp'];
    $publickey_mod = $data['publickey_mod'];
    $RSA = new Crypt_RSA();
    $RSA->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
    $n = new Math_BigInteger($publickey_mod, 16);
    $e = new Math_BigInteger($publickey_exp, 16);

    $key = array("modulus"=>$n, "publicExponent"=>$e);
    $RSA->loadKey($key, CRYPT_RSA_PUBLIC_FORMAT_RAW);
    $encryptedPassword = base64_encode($RSA->encrypt($password, false));
    $captchaGid = -1;
    $captchaText;
    $emailAuth;
    $emailSteamId;

        $params = array(
            'username' => $login,
            'password' => $encryptedPassword,
            'rsatimestamp' => $data['timestamp'],
            'captcha_gid' => $captchaGid,
            'captcha_text' => $captchaText,
            'emailauth' => $emailAuth,
            'emailsteamid' => $emailSteamId
        );
        geturl("https://steamcommunity.com/login/dologin/", null, null, $params, 0, $info, $output);
        $data = json_decode($output, true);
        var_dump($data);
        if ($data['captcha_needed'])
        {
            $captchaGid = $data['captcha_gid'];
            echo '<img src="https://steamcommunity.com/public/captcha.php?gid=' . $captchaGid . '">';
        }
}

Upvotes: 2

Views: 4181

Answers (3)

Devyatov A
Devyatov A

Reputation: 1

Use "urlencode()" function

$encryptedPassword = urlencode(base64_encode($RSA->encrypt($password, false)));

Upvotes: 0

Andy
Andy

Reputation: 50600

I can't be sure, but it looks like you are attempting to log a user into your site using Steam as the login method. Is this what you are attempting to do? If so, I recommend using the LightOpenID library. 

<?php
require 'includes/lightopenid/openid.php';
$_STEAMAPI = "YOURSTEAMAPIKEY";
try 
{
    $openid = new LightOpenID('http://URL.TO.REDIRECT.TO.AFTER.LOGIN/');
    if(!$openid->mode) 
    {
        if(isset($_GET['login'])) 
        {
            $openid->identity = 'http://steamcommunity.com/openid/?l=english';    // This is forcing english because it has a weird habit of selecting a random language otherwise
            header('Location: ' . $openid->authUrl());
        }
?>
<form action="?login" method="post">
    <input type="image" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png">
</form>
<?php
    } 
    elseif($openid->mode == 'cancel') 
    {
        echo 'User has canceled authentication!';
    } 
    else 
    {
        if($openid->validate()) 
        {
                $id = $openid->identity;
                // identity is something like: http://steamcommunity.com/openid/id/76561197960435530
                // we only care about the unique account ID at the end of the URL.
                $ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
                preg_match($ptn, $id, $matches);
                echo "User is logged in (steamID: $matches[1])\n";
// $matches[1] is the profile ID you will want to use for additional API calls

        } 
        else 
        {
                echo "User is not logged in.\n";
        }
    }
} 
catch(ErrorException $e) 
{
    echo $e->getMessage();
}
?>

At the end of this login, you will have the user's profile ID (ie. 76561197960435530) which you can use against many of the API's that Steam provides to gather further information on the player.

Upvotes: 0

Northys
Northys

Reputation: 1313

I think it would be better to use third-part libraries to auth. Check this one: https://github.com/SmItH197/SteamAuthentication

It creates login button like "Sign in via Facebook".

EDIT: Steam has alsow his own API https://steamcommunity.com/dev

Upvotes: 1

Related Questions