Home > Mobile >  PHP curl login to url with password and username and hidden token
PHP curl login to url with password and username and hidden token

Time:02-25

I'm having troubles to login on a site using curl that has an hidden input field with an token. Now i think its possible but i cant find an solution. Anyone an idea on how i can fix it?

$username = '2142019677';
$password = 'Vercautp1'; //no secrets here
        $link = 'https://www.autoscout24.be/dealer-statistics/api/listing/overview/d42ea89e-b717-4ab4-85ee-2b5e7bff959c';
        $html = file_get_contents($link);
        preg_match_all("'VerificationToken\" type=\"hidden\" value=\"(.*?)\"'si", $html, $match);
        $hidden = $match[1][0];

        preg_match_all("'action=\"/(.*?)\" method=\"post\"'si", $html, $match);
        $url = $match[1][0];

$path = "/ctemp";
$postinfo = "Username=".$username."&Password=".$password.'__RequestVerificationToken='.$hidden;

$cookie_file_path = $path."/cookie.txt";

$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_NOBODY, false);
curl_setopt($ch, CURLOPT_URL, 'https://www.autoscout24.be'.$url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
curl_setopt($ch, CURLOPT_COOKIE, "cookiename=0");
curl_setopt($ch, CURLOPT_USERAGENT,
    "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER['REQUEST_URI']);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);

curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postinfo);
curl_exec($ch);

curl_setopt($ch, CURLOPT_URL, "https://www.autoscout24.be/dealer-statistics/api/listing/overview/d42ea89e-b717-4ab4-85ee-2b5e7bff959c");
$html = curl_exec($ch);
echo $html;
curl_close($ch);

CodePudding user response:

Form data is being sent to the server:

https://stackoverflow.com/a/53758840/4323201

So you need code that looks similar to this:

$ch = curl_init ( 'https://www.autoscout24.be/dealer-statistics/api/listing/overview/d42ea89e-b717-4ab4-85ee-2b5e7bff959c' );
curl_setopt_array ( $ch, array (
        CURLOPT_POST => 1,
        CURLOPT_POSTFIELDS => array (
           '__RequestVerificationToken` => 'Ikt8rjIySPHhjsx48MYwrHBDOjhEBdKDkGR6PIzkPHs9oDBfzO8M1O2ZEAlXt3ARCgJq-8UvjhUEMbAxZMffCOQTQ7AfTmxWK785T5TL18k1'
           'Username' => '2142019677',
           'Password' => 'Vercautp1',
           'RememberMeCheckBox' => 'on',
           'RememberMe' => true
        ) 
) );
curl_exec ( $ch );

The tricky part will be generating the __RequestVerificationToken which is likely a hash of the user name and password, but without analyzing the JS that creates this it's unknown how this is generated.

See also: https://stackoverflow.com/a/46872809/4323201

CodePudding user response:

lots of issues here, where to start..

first, this won't work:

$link = 'https://www.autoscout24.be/dealer-statistics/api/listing/overview/d42ea89e-b717-4ab4-85ee-2b5e7bff959c';
$html = file_get_contents($link);
preg_match_all("'VerificationToken\" type=\"hidden\" value=\"(.*?)\"'si", $html, $match);
  • the verificationToken you're trying to extract here is tied to the cookie session recived by file_get_contents(), and file_get_contents does not share cookies with curl (in fact file_get_contents has no cookie support at all, practically speaking, but not literally speaking, elaborating would go off track here..)

so you must fetch it with curl, and curl must have cookies enabled when fetching it. also your regex extraction should be replaced with DOMDocument DOMXPath extraction, but since you don't you must run the code you extract through html_entity_decode() , for example if your regex extract a&b then the token isn't a&b, it is a&b html-encoded (so you need to html-decode it)

also your $postinfo = "Username=".$username."&Password=".$password.'__RequestVerificationToken='.$hidden; will only work if there's no special characters in your username/password, for example if your password is Password&999, you must send it as Password&999 - because & needs to be urlencoded, so you need to do it like

$postinfo = "Username=".urlencode($username)."&Password=".urlencode($password).'&__RequestVerificationToken='.urlencode($hidden);

or better yet

$postinfo = http_build_query(array(
    "Username" => $username,
    "Password" => $password,
    '__RequestVerificationToken' => $hidden
));

also do not use CURLOPT_CUSTOMREQUEST for POST, quoting the libcurl doc https://curl.se/libcurl/c/CURLOPT_CUSTOMREQUEST.html :

Many people have wrongly used this option to replace the entire request with their own, including multiple headers and POST contents. While that might work in many cases, it will cause libcurl to send invalid requests and it could possibly confuse the remote server badly. Use CURLOPT_POST and CURLOPT_POSTFIELDS to set POST data.

... and one last piece, i see you forgot to put an & in front of the __RequestVerificationToken - http_build_query would do that for you too

Page link:https//www.codepudding.com/Mobile/314230.html

Prev:Google Forms Booking
Next:How do I add more than one quality inside a foreach
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding