SOLVED : cUrl Login with Token


Never ever mix file_get_contents and cUrl … must use curl in all instances and it works great …

thanks anyway !

Hi everybody !

I have this current problem … I need to login into a website via cUrl … website :

Now based on the headers and based on the input fields I wrote a php function, but I hit a wall with the token .



FORM FIELDS - copy paste - this is the login form

<fieldset class="userdata">
<p id="form-login-username">
        <label for="modlgn-username">Nume Utilizator</label>
        <input id="modlgn-username" type="text" name="username" class="inputbox" size="18">
    <p id="form-login-password">
        <label for="modlgn-passwd">Parola</label>
        <input id="modlgn-passwd" type="password" name="password" class="inputbox" size="18">
        <p id="form-login-remember">
        <label for="modlgn-remember">Retine utilizator</label>
        <input id="modlgn-remember" type="checkbox" name="remember" class="inputbox" value="yes">
    <input type="submit" name="Submit" class="button" value="Conectare">
    <input type="hidden" name="option" value="com_users">
    <input type="hidden" name="task" value="user.login">
    <input type="hidden" name="return" value="aW5kZXgucGhwP0l0ZW1pZD0yMTY=">
    <input type="hidden" name="11b09608b3184e6258012d44846c81ed" value="1">    


And this is the function I wrote to do the cUrl login :

function login_to_website($targetURL){ 

    global $browser_user_agent; 
    if(empty($targetURL)) { return; } 
    if(empty($login_url)) { $login_url = $targetURL; } 
    $url = $login_url; 

    $login_user     = "loginusername"; 
    $login_password = "loginpassword"; 
    $thetoken       = "this-is-my-problem-the-token-from-the-hidden-input";         

    $post_data = array();    
    $post_data['username']  = "$login_user";  
    $post_data['password']  = "$login_password";  
    $post_data['Submit']    = "Conectare"; 
    $post_data['option']    = "com_users"; 
    $post_data['task']      = "user.login"; 
    $post_data['return']    = "aW5kZXgucGhwP0l0ZW1pZD0yMTY%3D"; 
    $post_data[$thetoken]   = "1";           

    $postthis = http_build_query($post_data); 

    $login = curl_init(); 

    curl_setopt($login, CURLOPT_COOKIEJAR, dirname(__FILE__) . "/cookie.tmpz"); 
    curl_setopt($login, CURLOPT_COOKIEFILE, dirname(__FILE__) . "/cookie.tmpz"); 
    curl_setopt($login, CURLOPT_VERBOSE, true); 
    curl_setopt($login, CURLOPT_URL, $url); 
    curl_setopt($login, CURLOPT_USERAGENT, random_user_agent()); 
    curl_setopt($login, CURLOPT_FOLLOWLOCATION, TRUE); 
    curl_setopt($login, CURLOPT_RETURNTRANSFER, TRUE);   
    curl_setopt($login, CURLOPT_POST, TRUE); 
    $timeout = 5; 
    curl_setopt( $login, CURLOPT_CONNECTTIMEOUT, $timeout ); 
    curl_setopt( $login, CURLOPT_TIMEOUT, $timeout ); 
    curl_setopt( $login, CURLOPT_MAXREDIRS, 10 );    

    curl_setopt($login, CURLOPT_POSTFIELDS, $postthis); // POST vars 

    curl_setopt($login, CURLOPT_HEADER, 0); // debug headers sent - 1 

      $data = curl_exec ($login); 

      curl_setopt($login, CURLOPT_URL, $targetURL); 

      $datax = curl_exec ($login); 
      return $datax; 

      // close cURL resource, and free up system resources 

The problem is this the last array input.
the token is generated each time the page is loaded, located on the page as an input hidden field .

So the question is how do I get a fresh token that will work ?

Also I have tried to get the token with a xpath extract like this :

$htmlx = file_get_contents(''); 
$htmlx = mb_convert_encoding($htmlx, 'UTF-8', mb_detect_encoding($htmlx)); //make sure this is utf8 
if(!strlen($htmlx)) {echo "No HTML here . stoping execution ."; return;} 
$doc = new DomDocument; 
$xpath = new DOMXPath($doc); 

echo $xpath->query('//fieldset[@class="userdata"]/input[5]')->item(0)->getAttribute("name"); 
$thetoken = $xpath->query('//fieldset[@class="userdata"]/input[5]')->item(0)->getAttribute("name");  

Help !?