Using PHP & Curl to login to my websites form

Question

Im trying to login to my useraccount on a site i use to download files from so i can automatically grab the file without me having to visit the site.

This is

Answer 1

The page may check to see if userlogin (the submit button) has been set before it validates the user information.

It may be worth tryin the following:

$postdata = "username=".$username."&userpass=".$password . "&userlogin=Login"; 

Answer 2

You should send via POST all data that the orignal form is sending. So you are missing autologin=1&userlogin=Login in your $postdata.

$postdata = "username=$username&userpass=$password&autologin=1&userlogin=Login";

Answer 3

You probably need to set COOKIESESSION and COOKIEJAR options to preserve session and do another request:

//initial request with login data

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://www.example.com/login.php');
curl_setopt($ch, CURLOPT_USERAGENT,'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, "username=XXXXX&password=XXXXX");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie-name');  //could be empty, but cause problems on some hosts
curl_setopt($ch, CURLOPT_COOKIEFILE, '/var/www/ip4.x/file/tmp');  //could be empty, but cause problems on some hosts
$answer = curl_exec($ch);
if (curl_error($ch)) {
    echo curl_error($ch);
}

//another request preserving the session

curl_setopt($ch, CURLOPT_URL, 'http://www.example.com/profile');
curl_setopt($ch, CURLOPT_POST, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, "");
$answer = curl_exec($ch);
if (curl_error($ch)) {
    echo curl_error($ch);
}

Answer 4

Use a headless browser - a really scalable solution. (Tell me if it works with google account :)

What I did (useful for myself as well :)

1. Install composer https://getcomposer.org (if not installed) Ensure it's installed by typing in command line

        composer -V
   

2. Create a folder, say, TryGoutte somewhere in your web server directory

3. Create a file composer.json (just to test composer):

    {
      "require": {
          "monolog/monolog": "1.0.*"
       }
    } 
   

4. Type "composer install". It should install monolog.

5. Type "composer require fabpot/goutte". It should install all packages for "goutte" https://github.com/FriendsOfPHP/Goutte (pronounced gu:t, like boot)

6. Then, create file, say try-goutte.php in TryGoutte.

     <?php
   use Goutte\Client;
   use GuzzleHttp\Client as GuzzleClient;
   
   require 'vendor/autoload.php';
   
   $client = new \Goutte\Client();
   
   // Create and use a guzzle client instance that will time out after 90 seconds
   $guzzleClient = new \GuzzleHttp\Client(array(
   'timeout' => 90,
   // To overcome Curl SSL 60 error 
   // https://github.com/FriendsOfPHP/Goutte/issues/214
   'verify' => false,
   ));
   
   $client->setClient($guzzleClient);
   
   $crawler = $client->request('GET', 'https://github.com/');
   $crawler = $client->click($crawler->selectLink('Sign in')->link());
   $form = $crawler->selectButton('Sign in')->form();
   $crawler = $client->submit($form, array('login' => 'trygoutte', 'password' => 'trygoutte1'));
   
   print_r($crawler->text());
   
   ?>
   

Enjoy and code further!

UPDATE: implemented here http://lycenok.com/site-login/programmatic-site-login.php to check if the solution works for you

Answer 5

$postdata = "username=".$username."&userpass=".$password"; 

change to:

$postdata = "username=".$username."&userpass=".$password;

And also do you have this like this?

$url="http://www.yourdomain.com/news.php";

Also add this curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);.

And also this may help:

$headers  = array();

$headers[] = 'application/xhtml+voice+xml;version=1.2, application/x-xhtml+voice+xml;version=1.2, text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1';
$headers[] = 'Connection: Keep-Alive';
$headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8';

curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt ($ch, CURLOPT_HEADER, 1);

Answer 6

When you request a page to a site you have previously logged into, you need to use

curl_setopt ($ch, CURLOPT_COOKIEFILE, $Cookie); 

You should then check the output to determine if you're currently logged in (every site will be different, but usually if the login form is not available, or a logoff button is available, you're logged in.

If you're not logged in, then you don't include CURLOPT_COOKIEFILE, you inlucde the following line:

curl_setopt ($ch, CURLOPT_COOKIEJAR, $Cookie);

I created 2 different, but similar functions. CurlPage() and CurlLogin(). The only difference is CurlPage() has the COOKIEFILE option, CurlLogin() has the COOKIEJAR option plus the following 2 lines:

curl_setopt ($ch, CURLOPT_POSTFIELDS, $PostData);
curl_setopt ($ch, CURLOPT_POST, 1); 

I then call the functions like this:

$Source = CurlPage($Url, $Cookie);
if (!CheckLoggedIn($Source))
{
    CurlLogin($LoginUrl, $Cookie, $PostDataArray);
    $Source = CurlPage($Url, $Cookie);
}

Remember, some sites require multiple pages of login. First you submit a form, then you have to enter a verification code, or click a button, or something. If that's the case, your login function will possibly have to read the source take additional actions before you're logged in and the cookie you need is created and stored in cookie.txt