0

Solved: Yay. In addition to what you wrote Drew, I found this: http://www.smooka.com/blog/2009/07/24/maintaining-php-session-when-using-curl/ session_write_close(); before initializing the next set. Now I just need to figure out AJAX/jquery, because it looks like I can't register resource variables (e.g. Curl's handle) in a session.

I want to login to a site using cURL. Their login process uses a token which I am able to parse using file_get_contents(). However, when I try to access the site again using cURL, the token is no longer good. Is there a way read the file using cURL, pause to do the calculations/steps, and then post the fields? Is there a better way?

cateye
  • 47
  • 1
  • 9

1 Answers1

0

The token is probably no longer good because it is associated with a session cookie that gets set when you access the site. Since file_get_contents has no cookie tracking, you should use cURL to request the initial URL, grab the token, do your calculations, and then post back using cURL again.

To get cURL to keep track of the cookies, use the CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR options for the cURL handle.

$cookies = '/tmp/cookies.txt';  // path to cookie file
$ch = curl_init('http://site.com');
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
//...
$res = curl_exec($ch);

// grab token here...

// do calculations here...

curl_setopt($ch, CURLOPT_URL, 'http://site.com/next-url');

$res = curl_exec($ch); // execute next request on same handle

Here are some other answers of mine that use cURL to login to various websites and perform actions; looking at the code may be of help to you.

Community
  • 1
  • 1
drew010
  • 68,777
  • 11
  • 134
  • 162
  • I tried it, but no. Every time that page is refreshed, there is a new token. – cateye Sep 21 '12 at 18:28
  • Yeah a new token on each refresh makes sense, how are you sending it with the form? The token is probably stored in a session based on some cookie. Impossible to help without knowing the site and URL you are trying to log into or seeing some code that you have. – drew010 Sep 21 '12 at 18:31
  • No. They store it as a value in their form. I just added my code. – cateye Sep 21 '12 at 19:00
  • Yeah they store the value in the form so the client can submit it, but if the token isn't also stored on the server side, then how can they validate the token? I bet that if you clear your cookies and request the page you will see a cookie gets set. The cookie is what ties your token to the one on the server. – drew010 Sep 21 '12 at 19:02
  • They aren't checking the token. They're using it to encrypt the password and then checking that. I've tested (with help for Chrome's develop tools and Charles proxy), so I know I'm getting the same result. – cateye Sep 21 '12 at 19:09
  • Hey. Thanks for your help so far. I didn't notice that you hadn't put in curl_close and then curl_init. I'm working on that now. Question: Do you know if it's possible to pass the $ch in the session cookies or should I just look into AJAX/jquery? – cateye Sep 21 '12 at 19:51