Login to Remote Site With PHP Curl

Login to remote site with PHP cURL

I had let this go for a good while but revisited it later. Since this question is viewed regularly. This is eventually what I ended up using that worked for me. 

define("DOC_ROOT","/path/to/html");
//username and password of account
$username = trim($values["email"]);
$password = trim($values["password"]);

//set the directory for the cookie using defined document root var
$path = DOC_ROOT."/ctemp";
//build a unique path with every request to store. the info per user with custom func. I used this function to build unique paths based on member ID, that was for my use case. It can be a regular dir.
//$path = build_unique_path($path); // this was for my use case

//login form action url
$url="https://www.example.com/login/action"; 
$postinfo = "email=".$username."&password=".$password;

$cookie_file_path = $path."/cookie.txt";

$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_NOBODY, false);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
//set the cookie the site has for certain features, this is optional
curl_setopt($ch, CURLOPT_COOKIE, "cookiename=0");
curl_setopt($ch, CURLOPT_USERAGENT,
    "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER['REQUEST_URI']);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);

curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postinfo);
curl_exec($ch);

//page with the content I want to grab
curl_setopt($ch, CURLOPT_URL, "http://www.example.com/page/");
//do stuff with the info with DomDocument() etc
$html = curl_exec($ch);
curl_close($ch);

Update: This code was never meant to be a copy and paste. It was to show how I used it for my specific use case. You should adapt it to your code as needed. Such as directories, vars etc

how to login this web site by php curl?

Try this snippet I wrote, replace username and password with your corresponding credentials, and replace the URL with the page you want to grab data from (a page that requires a login).

Check the post data that is sent in browser inspector. Replace $postinfo with the correct post data to ensure you are sending the right data. "email" and "Password" as the $postdata might not work for the site you are trying to login into. If you have trouble, post the inspector's data that is reported in the network tab and I'll try and help.

    $username = "email@example.com";
    $password = "MyPassword123";

    $dir = $_SERVER['DOCUMENT_ROOT']."/ctemp";

    $path = tempnam(sys_get_temp_dir(), 'MyTempCookie');

    $url = "https://www.example.com/dashboard/";
    $postinfo = "email=".$username."&Password=".$password;

    $cookie_file_path = $path."/cookie.txt";

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_NOBODY, false);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
    //for certain features, set the cookie the site has - this is optional
    curl_setopt($ch, CURLOPT_COOKIE, "cookiename=0");
    curl_setopt($ch, CURLOPT_USERAGENT,
        "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_REFERER, $_SERVER['REQUEST_URI']);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);

    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postinfo);
    curl_exec($ch);

    curl_setopt($ch, CURLOPT_URL, $url);
    $html_data = curl_exec($ch);
    curl_close($ch);
    echo $html_data;

Here at the end I'm simply just echoing the return html data. But you can do whatever you want with it and search for the data inside the response that you need.

Edit:
Just saw that the site has a recaptcha for their login process. Logging in via cURL is going to be far more complex now since they present the recaptcha code to you in an image. Might want to look into tutorials on spoofing recaptcha data. Good luck.

Login to remote site with PHP cURL and fetch site data

in your cpanel code, username and password is not urlencoded, so if they contain & or = or spaces or tabs or ÆØÅ or a bunch of other characters, you'll send the wrong credentials, and won't get logged in. it's just because you were lucky and your password didn't contain any special characters, that your cpanel login code ever worked, fix that with urlencode() while you're at it. also, don't use CURLOPT_CUSTOMREQUEST for GET requests (use CURLOPT_HTTPGET instead, but that's the default mode anyway), nor for POST requests (use CURLOPT_POST instead). as for manheim.com , seems you do the same urlencode mistake as with cpanel. but more importantly, your authenticity_token is hardcoded. that's never going to work, that authenticity_token is tied to your browser, unique to your browser's session cookie id, and probably expired long ago. hardcoding it won't work. instead, make a GET request to https://www.manheim.com/ , in the headers you'll get an unique session cookie id, you must send this cookie in all future requests, because if you don't, it'll be like switching a browser, and this website is weird, if you don't already have a cookie session id, you can't see the login page, if you try, you'll get http-header-redirected to a bogus url, then make a GET request with the cookie id to https://www.manheim.com/login/ , then in the html, you'll get an unique authenticity_token tied to your cookie session id. parse out the authenticity_token from the html, and add them to the POST body of your next request to https://www.manheim.com/login/authenticate, together with the static data (username & password & submit), and make sure they're all urlencoded, then you should get logged in. and to continue to get the logged in page, keep sending the same cookie session id, because your login is tied to that id, and if you don't send it, the web server won't remember that you're logged in, and you'll get some "you need to login to see this page" error.

here's an example implementation (using the hhb_curl from https://github.com/divinity76/hhb_.inc.php/blob/master/hhb_.inc.php as a convenience wrapper around curl_ functions, turning silent errors into exceptions, handling cookies, and a lot more)

<?php
declare(strict_types = 1);
require_once ('hhb_.inc.php');
hhb_init(); // better error reporting
const USERNAME = '?';
const PASSWORD = '??';
$hc = new hhb_curl ( '', true );

header ( "content-type: text/plain;charset=utf8" );
$hc->exec ( 'https://www.manheim.com/' ); // getting a cookie session id
$html = $hc->exec ( 'https://www.manheim.com/login/' )->getResponseBody (); // getting authenticity_token , required for logging in
$domd = @DOMDocument::loadHTML ( $html );
$xp = new DOMXPath ( $domd );
$token = $xp->query ( '//input[@name="authenticity_token"]' )->item ( 0 )->getAttribute ( "value" );
$hc->setopt_array ( array (
        CURLOPT_URL => 'https://www.manheim.com/login/authenticate',
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => http_build_query ( array (
                'utf8' => '✓',
                'authenticity_token' => $token,
                'user' => array (
                        'username' => USERNAME,
                        'password' => PASSWORD 
                ),
                'submit' => 'Login' 
        ) ) 
) )->exec ();
$html = $hc->getResponseBody ();
$domd = @DOMDocument::loadHTML ( $html );
$xp = new DOMXPath ( $domd );
$errmsg = $xp->query ( '//*[contains(@class,"msgError")]' );
if ($errmsg->length > 0) {
    echo 'Error logging in: ' . $errmsg->item ( 0 )->textContent;
} else {
    echo 'logged in!';
}
hhb_var_dump ( $token, $hc->getStdErr (), $hc->getStdOut () );

right now, it prints:
Error logging in:
The username and password you entered do not match any accounts on record. Please make sure that you have correctly entered your username and password. Both are case-sensitive and should not contain any special characters. If you have forgotten your username or password, please use our username retrieval or password retrieval tools.

but if you change out the username and password on line 4 and 5, it will probably log in instead, and say logged in! (then print a bunch of debug data)

  • ps, in the code above, i used http_build_query instead of urlencode() to do the urlencoding. when there's several variables to encode, giving an array to a single http_build_query call will often result in prettier code than manually urlencode()'ing everything :)

Using PHP CURL to login to a remote web site

EDIT: The URL you specified is wrong, it should be:

https://vp1-voiceportal.megapath.com/servlet/com.broadsoft.clients.oam.servlets.Login

And not:

https://vp1-voiceportal.megapath.com/Login/servlet/com.broadsoft.clients.oam.servlets.Login

It looks like you need to follow redirects and specify the cookie file (for reading), try:

$ch = curl_init(); 
curl_setopt ($ch, CURLOPT_URL, $url); 
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); 
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); 
curl_setopt ($ch, CURLOPT_TIMEOUT, 60); 
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); 
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie); 
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie); 
curl_setopt ($ch, CURLOPT_REFERER, $url); 

curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata); 
curl_setopt ($ch, CURLOPT_POST, 1); 
$result = curl_exec ($ch); 

echo $result;  

curl_close($ch);

It's also a good practice so specify an absolute (and writable) path to the cookie file.

Login to site with PHP cURL

Does it have to be via cURL?

Have you considered leveraging a library like Guzzle?
They have good documentation that covers scenarios as you have described.
https://docs.guzzlephp.org/en/stable/quickstart.html#post-form-requests

Something like the below but could be laid out better

use GuzzleHttp\Client;
use GuzzleHttp\Exception\BadResponseException;

$client = new Client(['base_uri' => 'https://url_site/', 'cookies' => true]);

// Login
try {
    $client->request(
        'POST',
        'login/',
        [
            'form_params' => [
                'username' => $username,
                'password' => $password,
            ],
        ]
    );
} catch (BadResponseException $e) {
    echo "Error Logging On for User {$username}";
    exit;
}

// Navigate
$response = $client->request('GET', '/statistics');
$content = $response->getBody()->getContents();
file_put_contents('~/file.txt', $content);

Related Topics

PHP Function Overloading

Get Table Column Names in MySQL

Preparing For Removal of Mcrypt in PHP 7.2

Remove New Lines from String and Replace With One Empty Space

Getting the Names of All Files in a Directory With PHP

Difference Between PHP Echo and PHP Return in Plain English

Best Solution to Protect PHP Code Without Encryption

Select Count(*) from Table of MySQL in PHP

File_Get_Contents("PHP://Input") or $Http_Raw_Post_Data, Which One Is Better to Get the Body of Json Request

Why Is Require_Once So Bad to Use

Get Url Query String Parameters

Example of How to Use Bind_Result VS Get_Result

MySQLi_Real_Escape_String() Expects Exactly 2 Parameters, 1 Given

PHP Curl Custom Headers

Running MySQL *.SQL Files in PHP

Execute PHP Script in Cron Job

PHP: Custom Error Handler - Handling Parse & Fatal Errors

Check File Extension in Upload Form in PHP


Leave a reply



Submit