Login to remote site with PHP cURL
I had let this go for a good while but revisited it later. Since this question is viewed regularly. This is eventually what I ended up using that worked for me.
define("DOC_ROOT","/path/to/html");
//username and password of account
$username = trim($values["email"]);
$password = trim($values["password"]);
//set the directory for the cookie using defined document root var
$path = DOC_ROOT."/ctemp";
//build a unique path with every request to store. the info per user with custom func. I used this function to build unique paths based on member ID, that was for my use case. It can be a regular dir.
//$path = build_unique_path($path); // this was for my use case
//login form action url
$url="https://www.example.com/login/action";
$postinfo = "email=".$username."&password=".$password;
$cookie_file_path = $path."/cookie.txt";
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_NOBODY, false);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
//set the cookie the site has for certain features, this is optional
curl_setopt($ch, CURLOPT_COOKIE, "cookiename=0");
curl_setopt($ch, CURLOPT_USERAGENT,
"Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER['REQUEST_URI']);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postinfo);
curl_exec($ch);
//page with the content I want to grab
curl_setopt($ch, CURLOPT_URL, "http://www.example.com/page/");
//do stuff with the info with DomDocument() etc
$html = curl_exec($ch);
curl_close($ch);
Update: This code was never meant to be a copy and paste. It was to show how I used it for my specific use case. You should adapt it to your code as needed. Such as directories, vars etc
how to login this web site by php curl?
Try this snippet I wrote, replace username and password with your corresponding credentials, and replace the URL with the page you want to grab data from (a page that requires a login).
Check the post data that is sent in browser inspector. Replace $postinfo with the correct post data to ensure you are sending the right data. "email" and "Password" as the $postdata might not work for the site you are trying to login into. If you have trouble, post the inspector's data that is reported in the network tab and I'll try and help.
$username = "email@example.com";
$password = "MyPassword123";
$dir = $_SERVER['DOCUMENT_ROOT']."/ctemp";
$path = tempnam(sys_get_temp_dir(), 'MyTempCookie');
$url = "https://www.example.com/dashboard/";
$postinfo = "email=".$username."&Password=".$password;
$cookie_file_path = $path."/cookie.txt";
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_NOBODY, false);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
//for certain features, set the cookie the site has - this is optional
curl_setopt($ch, CURLOPT_COOKIE, "cookiename=0");
curl_setopt($ch, CURLOPT_USERAGENT,
"Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER['REQUEST_URI']);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postinfo);
curl_exec($ch);
curl_setopt($ch, CURLOPT_URL, $url);
$html_data = curl_exec($ch);
curl_close($ch);
echo $html_data;
Here at the end I'm simply just echoing the return html data. But you can do whatever you want with it and search for the data inside the response that you need.
Edit:
Just saw that the site has a recaptcha for their login process. Logging in via cURL is going to be far more complex now since they present the recaptcha code to you in an image. Might want to look into tutorials on spoofing recaptcha data. Good luck.
Login to remote site with PHP cURL and fetch site data
in your cpanel code, username and password is not urlencoded, so if they contain &
or =
or spaces or tabs or ÆØÅ
or a bunch of other characters, you'll send the wrong credentials, and won't get logged in. it's just because you were lucky and your password didn't contain any special characters, that your cpanel login code ever worked, fix that with urlencode() while you're at it. also, don't use CURLOPT_CUSTOMREQUEST for GET requests (use CURLOPT_HTTPGET instead, but that's the default mode anyway), nor for POST requests (use CURLOPT_POST instead). as for manheim.com , seems you do the same urlencode mistake as with cpanel. but more importantly, your authenticity_token is hardcoded. that's never going to work, that authenticity_token is tied to your browser, unique to your browser's session cookie id, and probably expired long ago. hardcoding it won't work. instead, make a GET request to https://www.manheim.com/ , in the headers you'll get an unique session cookie id, you must send this cookie in all future requests, because if you don't, it'll be like switching a browser, and this website is weird, if you don't already have a cookie session id, you can't see the login page, if you try, you'll get http-header-redirected to a bogus url, then make a GET request with the cookie id to https://www.manheim.com/login/ , then in the html, you'll get an unique authenticity_token tied to your cookie session id. parse out the authenticity_token from the html, and add them to the POST body of your next request to https://www.manheim.com/login/authenticate
, together with the static data (username & password & submit), and make sure they're all urlencoded, then you should get logged in. and to continue to get the logged in page, keep sending the same cookie session id, because your login is tied to that id, and if you don't send it, the web server won't remember that you're logged in, and you'll get some "you need to login to see this page" error.
here's an example implementation (using the hhb_curl from https://github.com/divinity76/hhb_.inc.php/blob/master/hhb_.inc.php as a convenience wrapper around curl_ functions, turning silent errors into exceptions, handling cookies, and a lot more)
<?php
declare(strict_types = 1);
require_once ('hhb_.inc.php');
hhb_init(); // better error reporting
const USERNAME = '?';
const PASSWORD = '??';
$hc = new hhb_curl ( '', true );
header ( "content-type: text/plain;charset=utf8" );
$hc->exec ( 'https://www.manheim.com/' ); // getting a cookie session id
$html = $hc->exec ( 'https://www.manheim.com/login/' )->getResponseBody (); // getting authenticity_token , required for logging in
$domd = @DOMDocument::loadHTML ( $html );
$xp = new DOMXPath ( $domd );
$token = $xp->query ( '//input[@name="authenticity_token"]' )->item ( 0 )->getAttribute ( "value" );
$hc->setopt_array ( array (
CURLOPT_URL => 'https://www.manheim.com/login/authenticate',
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => http_build_query ( array (
'utf8' => '✓',
'authenticity_token' => $token,
'user' => array (
'username' => USERNAME,
'password' => PASSWORD
),
'submit' => 'Login'
) )
) )->exec ();
$html = $hc->getResponseBody ();
$domd = @DOMDocument::loadHTML ( $html );
$xp = new DOMXPath ( $domd );
$errmsg = $xp->query ( '//*[contains(@class,"msgError")]' );
if ($errmsg->length > 0) {
echo 'Error logging in: ' . $errmsg->item ( 0 )->textContent;
} else {
echo 'logged in!';
}
hhb_var_dump ( $token, $hc->getStdErr (), $hc->getStdOut () );
right now, it prints: Error logging in:
The username and password you entered do not match any accounts on record. Please make sure that you have correctly entered your username and password. Both are case-sensitive and should not contain any special characters. If you have forgotten your username or password, please use our username retrieval or password retrieval tools.
but if you change out the username and password on line 4 and 5, it will probably log in instead, and say logged in!
(then print a bunch of debug data)
- ps, in the code above, i used
http_build_query
instead of urlencode() to do the urlencoding. when there's several variables to encode, giving an array to a single http_build_query call will often result in prettier code than manually urlencode()'ing everything :)
Using PHP CURL to login to a remote web site
EDIT: The URL you specified is wrong, it should be:
https://vp1-voiceportal.megapath.com/servlet/com.broadsoft.clients.oam.servlets.Login
And not:
https://vp1-voiceportal.megapath.com/Login/servlet/com.broadsoft.clients.oam.servlets.Login
It looks like you need to follow redirects and specify the cookie file (for reading), try:
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
echo $result;
curl_close($ch);
It's also a good practice so specify an absolute (and writable) path to the cookie file.
Login to site with PHP cURL
Does it have to be via cURL?
Have you considered leveraging a library like Guzzle?
They have good documentation that covers scenarios as you have described.
https://docs.guzzlephp.org/en/stable/quickstart.html#post-form-requests
Something like the below but could be laid out better
use GuzzleHttp\Client;
use GuzzleHttp\Exception\BadResponseException;
$client = new Client(['base_uri' => 'https://url_site/', 'cookies' => true]);
// Login
try {
$client->request(
'POST',
'login/',
[
'form_params' => [
'username' => $username,
'password' => $password,
],
]
);
} catch (BadResponseException $e) {
echo "Error Logging On for User {$username}";
exit;
}
// Navigate
$response = $client->request('GET', '/statistics');
$content = $response->getBody()->getContents();
file_put_contents('~/file.txt', $content);
Related Topics
Get Table Column Names in MySQL
Preparing For Removal of Mcrypt in PHP 7.2
Remove New Lines from String and Replace With One Empty Space
Getting the Names of All Files in a Directory With PHP
Difference Between PHP Echo and PHP Return in Plain English
Best Solution to Protect PHP Code Without Encryption
Select Count(*) from Table of MySQL in PHP
Why Is Require_Once So Bad to Use
Get Url Query String Parameters
Example of How to Use Bind_Result VS Get_Result
MySQLi_Real_Escape_String() Expects Exactly 2 Parameters, 1 Given
Running MySQL *.SQL Files in PHP
Execute PHP Script in Cron Job