0

Solved the problem .. never use file_get_contents . MUST use cUrl in all cases and it works .

I'm trying to LOGIN with cUrl to this website : http://www.v-tac.ro/ .

Now based on the headers and based on the input fields I wrote this php code.

The problem is this the last two array inputs, i just made a copy paste .. but the token is generated each time the page is loaded, located on the page as an input hidden field .

So the question is how do I get a fresh token that will work ? EDITED - ADDED MY ENTIRE FUNCTION :

function login_to_website($targetURL){

    global $browser_user_agent;
    if(empty($targetURL)) { return; }
    if(empty($login_url)) { $login_url = $targetURL; }
    $url = $login_url;

    $login_user     = "loginusername";
    $login_password = "loginpassword";
    $thetoken       = "this-is-my-problem-the-token-from-the-hidden-input";        

    $post_data = array();   
    $post_data['username']  = "$login_user"; 
    $post_data['password']  = "$login_password"; 
    $post_data['Submit']    = "Conectare";
    $post_data['option']    = "com_users";
    $post_data['task']      = "user.login";
    $post_data['return']    = "aW5kZXgucGhwP0l0ZW1pZD0yMTY%3D";
    $post_data[$thetoken]   = "1";          

    $postthis = http_build_query($post_data);

    $login = curl_init();

    curl_setopt($login, CURLOPT_COOKIEJAR, dirname(__FILE__) . "/cookie.tmpz");
    curl_setopt($login, CURLOPT_COOKIEFILE, dirname(__FILE__) . "/cookie.tmpz");
    curl_setopt($login, CURLOPT_VERBOSE, true);
    curl_setopt($login, CURLOPT_URL, $url);
    curl_setopt($login, CURLOPT_USERAGENT, random_user_agent());
    curl_setopt($login, CURLOPT_FOLLOWLOCATION, TRUE);
    curl_setopt($login, CURLOPT_RETURNTRANSFER, TRUE);  
    curl_setopt($login, CURLOPT_POST, TRUE);
    $timeout = 5;
    curl_setopt( $login, CURLOPT_CONNECTTIMEOUT, $timeout );
    curl_setopt( $login, CURLOPT_TIMEOUT, $timeout );
    curl_setopt( $login, CURLOPT_MAXREDIRS, 10 );   

    curl_setopt($login, CURLOPT_POSTFIELDS, $postthis); // POST vars

    curl_setopt($login, CURLOPT_HEADER, 0); // debug headers sent - 1

      $data = curl_exec ($login);

      curl_setopt($login, CURLOPT_URL, $targetURL);

      $datax = curl_exec ($login);
      return $datax;

      // close cURL resource, and free up system resources
      curl_close($login);
}

and the original live header is this :

username=username&password=password&Submit=Conectare&option=com_users&task=user.login&return=aW5kZXgucGhwP0l0ZW1pZD0yMTY%3D&0dbf64fe20e2395a7d72ed5b64b3cf7c=1

EDIT :

i'm getting the token like this :

$htmlx = file_get_contents('http://www.v-tac.ro');
$htmlx = mb_convert_encoding($htmlx, 'UTF-8', mb_detect_encoding($htmlx)); //make sure this is utf8
if(!strlen($htmlx)) {echo "No HTML here . stoping execution with a return ."; return;}
$doc = new DomDocument;
@$doc->loadHTML($htmlx);
$xpath = new DOMXPath($doc);

echo $xpath->query('//fieldset[@class="userdata"]/input[5]')->item(0)->getAttribute("name");
$thetoken = $xpath->query('//fieldset[@class="userdata"]/input[5]')->item(0)->getAttribute("name");

and the final error is : Token Invalid .

Owen Pauling
  • 11,349
  • 20
  • 53
  • 64
Liviu ZeJah
  • 113
  • 2
  • 18

1 Answers1

0

You'll have to do multiple requests. This code will download the site first, parse out the values you need and write them to the post array.:

$in=file_get_contents('http://www.v-tac.ro');
$re = '/<input type=\\"hidden\\" name=\\"return\\" value=\\"([\\w=]*)\\" \\/>.*?<input type=\\"hidden\\" name=\\"(\\w*)\\" value=\\"1\\" \\/>/s';
preg_match($re, $in, $out);
$post_data['return']    = $out[1];
$post_data[$out[2]]      = "1";
var_dump($post_data);

If this doesn't work, try replacing the file_get_contents with a curl-download keeping the cookies (also see this question)

P.S.: Feel free everybody to comment an easier RegExp

Community
  • 1
  • 1
tillz
  • 2,108
  • 15
  • 21
  • i would do that with xpath rather then preg_match .. but i thought there might be something I'm missing like asking the server for a new token ? or something ? html_headers ? it's all new to me, but why do I have the feeling that scrapping the data is not the correct answer ... – Liviu ZeJah Sep 27 '14 at 20:43
  • Thats why I suggested using cookies. I guess the site creates two tokens, stores them in databases, stores one in a cookie and the other pre-fills the html form. Only if they match they can be sure, this is an legit request. P.S.: I think you can safely ignore the 'return', it's only the base64-encoded target URL. – tillz Sep 27 '14 at 20:47
  • I allready had a cookie / cookiejar info added to curl .. it seems i really need the token and no, your solution doesn't work, and not because of the code, I also tried that .. I don't know what's the problem, but the response always is : invalid token . – Liviu ZeJah Sep 27 '14 at 21:03
  • i added my full function and the request header i captured with liveheaders – Liviu ZeJah Sep 27 '14 at 21:12
  • never ever use file_get_contents .. that was the problem . MUST USE CURL and it works ! – Liviu ZeJah Sep 30 '14 at 14:49