I'm trying to login to IP board with CURL and PHP. This is the code that I'm using. Anyone have an idea?
<?php
$url=stream_get_contents(fopen('https://invisioncommunity.com/login/', "rb"));
function get_string_between($string, $start, $end){
$string = ' ' . $string;
$ini = strpos($string, $start);
if ($ini == 0) return '';
$ini += strlen($start);
$len = strpos($string, $end, $ini) - $ini;
return substr($string, $ini, $len);
}
$csrf_key = get_string_between($url, '" value="', '">');
$path = "/root/ctemp";
$postinfo = "csrfKey=".$csrf_key."&auth=____USERNAME_______&password=___PASSWORD____&remember_me=1&_processLogin=usernamepassword&_processLogin=usernamepassword";
$cookie_file_path = $path."/cookie.txt";
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_NOBODY, false);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
//set the cookie the site has for certain features, this is optional
curl_setopt($ch, CURLOPT_COOKIE, "cookiename=0");
curl_setopt($ch, CURLOPT_USERAGENT,
"Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, "https://invisioncommunity.com/login/");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postinfo);
curl_exec($ch);
//page with the content I want to grab
curl_setopt($ch, CURLOPT_URL, "https://invisioncommunity.com/discover/unread/");
//do stuff with the info with DomDocument() etc
$html = curl_exec($ch);
echo $html;
curl_close($ch);
?>
yeah, your csrf token is tied to a cookie session given to the stream_get_contents request, without that cookie, your csrf token is worthless, and you never extract the cookie from stream_get_contents (and i don't think stream_get_contents even support doing that), rewrite it with the curl_ api, and make sure curl's cookie system is enabled (eg, set CURLOPT_COOKIEFILE to emptystring, that will enable libcurl's cookie handling system). also your csrf extraction code is unreliable, it doesn't decode html entities (for example, if the csrf token contains an &, it will be html-encoded as &, but your code does not translate & back to &. ), use a proper HTML parser instead, like DOMDocument. also you don't urlencode csrf_key, so again it may be corrupted if it contains special characters (like an @, more on that later). use urlencode() or http_build_query() to properly urlencode the csrf key, and your username, and your password, because you're not urlencoding those either. did you know that the @ in your email must be encoded to %40 ? i bet, when you hardcode your login email, you just write [email protected], you don't write foo%40gmail.com, so you'll have to urlencode that too.
try this, using http_build_query to encode the post data, and DOMDocument to parse out the csrf token:
<?php
declare(strict_types = 1);
$ch = curl_init ();
curl_setopt_array ( $ch, array (
CURLOPT_COOKIEFILE => '',
CURLOPT_ENCODING => '',
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_FOLLOWLOCATION => 1,
CURLOPT_URL => 'https://invisioncommunity.com/login/'
) );
$html = curl_exec ( $ch );
$domd = @DOMDocument::loadHTML ( $html );
$xp = new DOMXPath ( $domd );
curl_setopt_array ( $ch, array (
CURLOPT_URL => 'https://invisioncommunity.com/login/',
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => http_build_query ( array (
'csrfKey' => $xp->query ( '//input[@name="csrfKey"]' )->item ( 0 )->getAttribute ( "value" ),
'auth' => '____USERNAME_______',
'password' => '___PASSWORD____',
'remember_me' => 1,
'_processLogin' => 'usernamepassword'
) )
) );
$html = curl_exec ( $ch );
echo $html;