Reputation: 485
loggin in with curl
I'm trying to get the below cURL operation to login on a bangme.net picture rating site. When I inspect the login form, the IDs are signin_UserName, signin_UserPass. The names are signin$UserName, signin$UserPass. The script doesn't seem to work with the underscore as the result leads me to a page that asks me to login as far as I can tell. I'm not able to use the dollar sign names as it turnes it into a variable. I notice some examples of this and similar scripts show some fields starting with the '&' sign when it doesn't have that on the form on the webpage for which they want to login to. What does this do? Any assistance you can provide would be much appreciated. Thank you.
$username = "username";
$password = "password";
$url = "http://www.bangme.net/starform.aspx";
$cookie = "cookie.txt";
$postdata = "signin_UserName=" .$username . "signin_UserPass=" .$password;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_POST, 1);
$result = curl_exec($ch);
echo $result;
curl_close($ch);
new code:
$username = "username";
$password = "password";
$url = "http://www.bangme.net/signin.aspx";
$cookie = "cookie.txt";
$post = array(
'__EVENTTARGET'=>"" ,
'__EVENTARGUMENT'=>"",
'__VIEWSTATE'=>"/wEPDwUJMzQ0MjU1MjA0ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAwUJbGFzdHBob3RvBQh2b3RleWVzMgUHdm90ZW5vMgfkai25gOMuDdbmzYMWHA2LgYKt",
'__EVENTVALIDATION'=>"/wEWDgLmnpGMBwKOwMbqCwK4wb4IAv/10agEAqHH7a8KAtXfk+ULAt/Q94gCAvS2udYOAqrdhtcHAq+k5d0LAo+Au5MKApm/3+0OAqDCuuYMArCmgTeosqrEgmB3P5bavC40rTc6dbeF1g==",
'signin$UserName'=>$username ,
'signin$UserPass'=>$password ,
'signin$Button1.x'=>42,
'signin$Button1.y'=>17
);
$postData = http_build_query($post);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);//changed from 0 to 1
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);//new
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);//new
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_POST, 1);
$result = curl_exec($ch);
echo $result;
curl_close($ch);
Upvotes: 0
Views: 686
Answers (3)
Reputation: 95161
I see 3 thing wrong here
A. Wrong variable declaration ....
Correction
$post = 'signin$UserName=' . $username . '&signin$UserPass=' . $password;
B. Wrong Url
Correction
http://www.bangme.net/signin.aspx
C. Parameters not complete System Expects the following :
EDIT 1
$post = array(
'__EVENTTARGET'=>"" ,
'__EVENTARGUMENT'=>"",
'__VIEWSTATE'=>'/wEPDwULLTEyMzUzNDExNjFkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRdzaWduaW4kUmVtZW1iZXJDaGVja2JveAUOc2lnbmluJEJ1dHRvbjFA3HLFp6KEVYvii7p6PjecyYMsaw==',
'__EVENTVALIDATION'=>'/wEWBQL/xuPVDgLCoo75CQKoiOf4DQKtwMGFDgLz0rmTDUnuxoGtW34gNpQqIpwh3OT11JJl',
'signin$UserName'=>$username ,
'signin$UserPass'=>$password ,
'signin$Button1.x'=>42,
'signin$Button1.y'=>17
);
$postData = http_build_query($post);
Edit 2
Full Headers ... Just noticed it also had cookies
POST http://www.bangme.net/signin.aspx HTTP/1.1
Host: www.bangme.net
Connection: keep-alive
Content-Length: 391
Cache-Control: max-age=0
Origin: http://www.bangme.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.bangme.net/signin.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=1jqjwt45h0gpzb452rvrcu55; __utma=178887351.705741064.1333412926.1333412926.1333412926.1; __utmc=178887351; __utmz=178887351.1333412926.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=178887351
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTEyMzUzNDExNjFkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRdzaWduaW4kUmVtZW1iZXJDaGVja2JveAUOc2lnbmluJEJ1dHRvbjFA3HLFp6KEVYvii7p6PjecyYMsaw%3D%3D&__EVENTVALIDATION=%2FwEWBQL%2FxuPVDgLCoo75CQKoiOf4DQKtwMGFDgLz0rmTDUnuxoGtW34gNpQqIpwh3OT11JJl&signin%24UserName=test&signin%24UserPass=test&signin%24Button1.x=42&signin%24Button1.y=17
EDIT 3
Change
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
to
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
Thanks
:)
Upvotes: 2
Reputation: 2188
As far as I can see you're just missing an ampersand (&) between your two post parameters.
And to deal with the $ in the input fields names just use \$ (escaped dollar sign) in your code or put the parts with the $ signs into single quotes. (But then you have to put all variable references outside the string and concatenate them with a .)
Upvotes: 0
Reputation: 69977
You will need to use the form field names with the dollar signs; you need to either escape the $ so it isn't interpreted as a variable, or stick it in single quotes so it is only evaluated as plain text.
$post = 'signin$UserName=' . $username . '&signin$UserPass=' . $password;
// or
$post = "signin\$UserName=$username&signin\$UserPass=$password";
Try that and see if you make any progress. Sniff out the request in your browser using something like Wireshark or livehttpheaders which help you see the exact format post data being submitted.
See also PHP - Strings - Single Quoted
Upvotes: 1