cURL login into ebay.co.uk

Question

I've been trying for some time now to use cURL to login to eBay.co.uk. The cookies are being set and the post data is being sent correctly however I am not sure that the cookie file is being read again or even set correctly for that matter since I'm getting a page from eBay that says I need to enable cookies in my browser.

Here is the cURL class I'm using:

class Curl {
    private $ch;
    private $cookie_path;
    private $agent;

    public function __construct($userId) {
        $this->cookie_path = dirname(realpath(basename($_SERVER['PHP_SELF']))).'/cookies/' . $userId . '.txt';
        $this->agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)";
    }

    private function init() {
        $this->ch = curl_init();
    }

    private function close() {
        curl_close ($this->ch);
    }

    private function setOptions($submit_url) {
        curl_setopt($this->ch, CURLOPT_URL, $submit_url);
        curl_setopt($this->ch, CURLOPT_USERAGENT, $this->agent); 
        curl_setopt($this->ch, CURLOPT_RETURNTRANSFER, 1);  
        curl_setopt($this->ch, CURLOPT_FOLLOWLOCATION, 1);
        //curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($this->ch, CURLOPT_COOKIEFILE, $this->cookie_path);         
        curl_setopt($this->ch, CURLOPT_COOKIEJAR, $this->cookie_path);
    }

    public function curl_cookie_set($submit_url) {
        $this->init();
        $this->setOptions($submit_url);
        $result = curl_exec ($this->ch);
        $this->close();
        return $result;
    }

    public function curl_post_request($referer, $submit_url, $data) {
        $this->init();
        $this->setOptions($submit_url);
        $post = http_build_query($data);
        curl_setopt($this->ch, CURLOPT_POST, 1);  
        curl_setopt($this->ch, CURLOPT_POSTFIELDS, $post);  
        curl_setopt($this->ch, CURLOPT_REFERER, $referer);
        $result = curl_exec ($this->ch);
        $this->close();
        return $result;
    }

    public function curl_clean() {
        // cleans and closes the curl connection
        if (file_exists($this->cookie_path)) { 
            unlink($this->cookie_path); 
        }
        if ($this->ch != '') { 
            curl_close ($this->ch);
        }
    }    
}

Here is the test script, the login details are for a throwaway account, so feel free to test with them:

$curl = new Curl(md5(1));   //(md5($_SESSION['userId']));
$referer = 'http://ebay.co.uk';
$submit_url = "http://signin.ebay.co.uk/aw-cgi/eBayISAPI.dll";

$data['userid'] = "VitoGambino-us";
$data['pass'] = "P0wqw12vi";
$data['MfcISAPICommand'] = 'SignInWelcome';
$data['siteid'] = '0';
$data['co_partnerId'] = '2';
$data['UsingSSL'] = '0';
$data['ru'] = '';
$data['pp'] = '';
$data['pa1'] = '';
$data['pa2'] = '';
$data['pa3'] = '';
$data['i1'] = '-1';
$data['pageType'] = '-1';


$curl->curl_cookie_set($referer);
$result = $curl->curl_post_request($referer, $submit_url, $data);

echo $result;

Here is what the cookie files contents are:

# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

www.ebay.co.uk  FALSE   /   FALSE   0   JSESSIONID  BDE9B23B829CA7DF2CC4D5880F5173A6
.ebay.co.uk TRUE    /   FALSE   0   ebay    %5Esbf%3D%23%5Ecv%3D15555%5E
.ebay.co.uk TRUE    /   FALSE   1431871451  dp1 bu1p/QEBfX0BAX19AQA**53776c5b^
#HttpOnly_.ebay.co.uk   TRUE    /   FALSE   0   s   CgAD4ACBRl4pbYjJjZDk1YTAxM2UwYTU2YjYzYzRhYmU0ZmY2ZjcyODYBSgAXUZeKWzUxOTYzOGI5LjMuMS43LjY2LjguMC4xuMWzLg**
.ebay.co.uk TRUE    /   FALSE   1400335451  nonsession  CgADLAAFRlj/jMgDKACBa/DpbYjJjZDk1YTAxM2UwYTU2YjYzYzRhYmU0ZmY2ZjcyODcBTAAXU3dsWzUxOTYzOGI5LjMuMS42LjY1LjEuMC4xhVUTMQ**
.ebay.co.uk TRUE    /   FALSE   1526479451  lucky9  4551358

You know they have an API, right? Why do you want to access eBay via cURL? — silkfire, May 17 '13 at 14:28
I'm aware of eBay API and I know it very well, I need to cURL into eBay to perform actions that API doesn't do. — Vitaliy Isikov, May 17 '13 at 14:35

score 4 · Accepted Answer · edited May 23 '17 at 12:09

I was able to figure it out.

eBay uses a pretty tricky method for logging in. It's a combination of cookies, hidden fields and a javascript redirect after successful login.

Here's how I solved it.

Newly modified class:

class Curl {
    private $ch;
    private $cookie_path;
    private $agent;

    // userId will be used later to keep multiple users logged
    // into ebay site at one time.
    public function __construct($userId) {
        $this->cookie_path = dirname(realpath(basename($_SERVER['PHP_SELF']))).'/cookies/' . $userId . '.txt';
        $this->agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)";
    }

    private function init() {
        $this->ch = curl_init();
    }

    private function close() {
        curl_close ($this->ch);
    }

    // Set cURL options
    private function setOptions($submit_url) {
        $headers[] = "Accept: */*";
        $headers[] = "Connection: Keep-Alive";
        curl_setopt($this->ch, CURLOPT_URL, $submit_url);
        curl_setopt($this->ch, CURLOPT_USERAGENT, $this->agent); 
        curl_setopt($this->ch, CURLOPT_RETURNTRANSFER, 1);  
        curl_setopt($this->ch, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($this->ch, CURLOPT_HTTPHEADER,  $headers);
        curl_setopt($this->ch, CURLOPT_COOKIEFILE, $this->cookie_path);         
        curl_setopt($this->ch, CURLOPT_COOKIEJAR, $this->cookie_path);
    }

    // Grab initial cookie data
    public function curl_cookie_set($submit_url) {
        $this->init();
        $this->setOptions($submit_url);
        curl_exec ($this->ch);
        echo curl_error($this->ch);
    }  

    // Grab hidden fields
    public function get_form_fields($submit_url) {
        curl_setopt($this->ch, CURLOPT_URL, $submit_url);
        $result = curl_exec ($this->ch);
        echo curl_error($this->ch);
        return $this->getFormFields($result);
    }

    // Send login data
    public function curl_post_request($referer, $submit_url, $data) {
        $post = http_build_query($data);
        curl_setopt($this->ch, CURLOPT_URL, $submit_url);
        curl_setopt($this->ch, CURLOPT_POST, 1);  
        curl_setopt($this->ch, CURLOPT_POSTFIELDS, $post);  
        curl_setopt($this->ch, CURLOPT_REFERER, $referer);
        $result =  curl_exec ($this->ch);
        echo curl_error($this->ch);
        $this->close();
        return $result;
    }    

    // Show the logged in "My eBay" or any other page
    public function show_page( $submit_url) {
        curl_setopt($this->ch, CURLOPT_URL, $submit_url);
        $result =  curl_exec ($this->ch);
        echo curl_error($this->ch);
        return $result;
    }

    // Used to parse out form
    private function getFormFields($data) {
        if (preg_match('/(<form name="SignInForm".*?<\/form>)/is', $data, $matches)) {
            $inputs = $this->getInputs($matches[1]);
            return $inputs;
        } else {
            die('Form not found.');
        }
    }

    // Used to parse out hidden field names and values
    private function getInputs($form) {
        $inputs = array();
        $elements = preg_match_all('/(<input[^>]+>)/is', $form, $matches);

        if ($elements > 0) {
            for($i = 0; $i < $elements; $i++) {
                $el = preg_replace('/\s{2,}/', ' ', $matches[1][$i]);

                if (preg_match('/name=(?:["\'])?([^"\'\s]*)/i', $el, $name)) {
                    $name  = $name[1];
                    $value = '';

                    if (preg_match('/value=(?:["\'])?([^"\'\s]*)/i', $el, $value)) {
                        $value = $value[1];
                    }

                    $inputs[$name] = $value;
                }
            }
        }

        return $inputs;
    }

    // Destroy cookie and close curl.
    public function curl_clean() {
        // cleans and closes the curl connection
        if (file_exists($this->cookie_path)) { 
            unlink($this->cookie_path); 
        }
        if ($this->ch != '') { 
            curl_close ($this->ch);
        }
    }    
}

The actual code in use:

$curl = new Curl(md5(1));   //(md5($_SESSION['userId']));
$referer = 'http://ebay.com';
$formPage = 'http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn';

// Grab cookies from main page, ebay.com
$curl->curl_cookie_set($referer);

// Grab the hidden form fields and then set UsingSSL = 0
// Login with credentials and hidden fields
$data = $curl->get_form_fields($formPage);
$data['userid'] = "";
$data['pass'] = "";
$data['UsingSSL'] = '0';

// Post data to login page. Don't echo this result, there's a
// javascript redirect. Just do this to save login cookies
$formLogin = "https://signin.ebay.com/ws/eBayISAPI.dll?co_partnerId=2&amp;siteid=3&amp;UsingSSL=0";
$curl->curl_post_request($referer, $formLogin, $data);

// Use login cookies to load the "My eBay" page, viola, you're logged in.
$result = $curl->show_page('http://my.ebay.com/ws/eBayISAPI.dll?MyeBay');

// take out Javascript so it won't redirect to actualy ebay site
echo str_replace('<script', '<', $result);

I used some of the code posted here, thanks to drew010!

It's a throwaway account I made just for this, so it really doesn't matter. — Vitaliy Isikov, May 20 '13 at 14:47
impressive, but i hope you'll learn to use DOMDocument & DOMXPath instead of regex html parsing next time :) (--signed someone who has made a [facebook login script](https://github.com/divinity76/msgme), a [gmail login script](https://gist.github.com/divinity76/544d7cadd3e88e057ea3504cb8b3bf7e), a Google Data Studio login script, a hotmail login script, and lots of similar stuff) — hanshenrik, Jul 14 '19 at 23:06
@hanshenrik I posted this 6 years ago... I've graduated to parsing HTML with regex. https://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags/1732454#1732454 — Vitaliy Isikov, Jul 15 '19 at 12:45

cURL login into ebay.co.uk

1 Answers1

Linked