Login with PHP and cURL

PS: becuase this Libcurl technique may be still useful, I do republished it again, but for application this example on mysapce.com, Ithink its old for that.

I was trying to automate logging into MySpace with PHP and cURL, and I had some problems. For some reason, it kept kicking me back to the homepage rather than the logged in page… and finally I figured out why. I’ll post the code up here for anyone else who has a similar issue.

Basically, to automate the MySpace login system, you need these steps:

  • First setup your cURL session with a cookie file and a cookie jar. They’re obviously required. You will also NEED to specify a user agent… that’s what got me. MySpace checks your user-agent, and if it doesn’t match a known one, they abort your login process.
      
// setup and configure
$ch = curl_init();
$randnum = rand(1,9999999);
curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookiejar-$randnum");
curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookiejar-$randnum");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 
(Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 
Firefox/2.0.0.1");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 0);
  • Visit the myspace.com homepage, and scrape the security token, which is made into the URL where the login form submits (the form action):
 // get homepage for login page token
curl_setopt($ch, CURLOPT_URL,"http://www.myspace.com");
$page = curl_exec($ch);
//
// find it....
//
preg_match("/MyToken=([^"]+)"/",$page,$token);
$token = $token[1];
  • Next actually post your information and submit the login form. You must forge the referer as myspace.com, and you must specify the content type in the HTTP header as “application/x-www-form-urlencoded”. Notice my last appending line on $poststring is a bunch of semi-encoded values… that is the rest of the form MySpace sends with your login. It’s a required line for their internals, don’t omit it.
// do login
curl_setopt($ch, CURLOPT_URL,"http://login.myspace.com/index.cfm?fuseaction=login.process&MyToken={$token}");
curl_setopt($ch, CURLOPT_REFERER, "http://www.myspace.com");
curl_setopt($ch, CURLOPT_HTTPHEADER, Array("Content-Type: application/x-www-form-urlencoded"));
curl_setopt($ch, CURLOPT_POST, 1);
$postfields = "email=" . urlencode($YOUR_EMAIL);
$postfields .= "&password=" . urlencode($YOUR_PASSWORD);
$postfields .= '&ctl00%24Main%24SplashDisplay%24login%24loginbutton.x=38&ctl00%24Main%24SplashDisplay%24login%24loginbutton.y=15';
curl_setopt($ch, CURLOPT_POSTFIELDS,$postfields);
$page = curl_exec($ch);
  • The next page you’ll hit is a 302 redirect to the internal login page. This might be handled automatically, but I’m going to scrape the redirect url and pass it manually, as a precaution.
 // find redirect url
preg_match("/replace\("([^"]+)"/",$page,$redirpage);
$redirpage = $redirpage[1];
//
// do the redirect
//
curl_setopt($ch, CURLOPT_REFERER,"http://login.myspace.com/index.cfm?fuseaction=login.process&MyToken={$token}");
curl_setopt($ch, CURLOPT_URL,$redirpage);
curl_setopt($ch, CURLOPT_POST, 0);
$page = curl_exec($ch);
  • Now you should be at the logged in page. I run a quick check that it didn’t bounce us back to the login page for an invalid username or password before proceeding:
 // check login error
if(strpos($page,"You Must Be Logged-In to do That!") !== false){
// login error
return 2;
}

Congratulations, you’re now logged into MySpace. I fought with this for a while because I didn’t know they check the user-agent (most sites don’t care), and I was getting really strange results when trying to log in.

From this point, you can do whatever you want, such as send messages, post bulletins, modify your profile, etc. For requesting the modify-your-profile page, here’s the code:

 // find edit profile link (with token attached)
preg_match("/ id="ctl00_Main_ctl00_Welcome1_EditMyProfileHyperLink" href="([^"]+)"/",$page,$redirpage);
$redirpage = $redirpage[1];
//
// go there (edit profile)
//
curl_setopt($ch, CURLOPT_URL, $redirpage);
$page = curl_exec($ch);

Simple!

And before you finish, don’t forget to clean up by closing curl and deleting the cookie file you made:

 // clean up
curl_close($ch);
@unlink("/tmp/cookiejar-$randnum");

I’d recommend getting the Live HTTP Headers Firefox Add-on if you don’t have it already, as it makes debugging these processes much easier.

Here’s the entire source code uncut:

 $ch = curl_init();
//
// setup and configure
//
$randnum = rand(1,9999999);
curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookiejar-$randnum");
curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookiejar-$randnum");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 0);
//
// get homepage for login page token
//
curl_setopt($ch, CURLOPT_URL,"http://www.myspace.com");
$page = curl_exec($ch);
//
// find it....
//
preg_match("/MyToken=([^"]+)"/",$page,$token);
$token = $token[1];
//
// do login
//
curl_setopt($ch, CURLOPT_URL,"http://login.myspace.com/index.cfm?fuseaction=login.process&MyToken={$token}");
curl_setopt($ch, CURLOPT_REFERER, "http://www.myspace.com");
curl_setopt($ch, CURLOPT_HTTPHEADER, Array("Content-Type: application/x-www-form-urlencoded"));
curl_setopt($ch, CURLOPT_POST, 1);
$postfields = "email=" . urlencode($YOUR_EMAIL);
$postfields .= "&password=" . urlencode($YOUR_PASSWORD);
$postfields .= '&ctl00%24Main%24SplashDisplay%24login%24loginbutton.x=38&ctl00%24Main%24SplashDisplay%24login%24loginbutton.y=15';
curl_setopt($ch, CURLOPT_POSTFIELDS,$postfields);
$page = curl_exec($ch);
//
// find redirect url
//
preg_match("/replace\("([^"]+)"/",$page,$redirpage);
$redirpage = $redirpage[1];
// do the redirect
curl_setopt($ch, CURLOPT_REFERER,"http://login.myspace.com/index.cfm?fuseaction=login.process&MyToken={$token}");
curl_setopt($ch, CURLOPT_URL,$redirpage);
curl_setopt($ch, CURLOPT_POST, 0);
$page = curl_exec($ch);
//
// check login error
//
if(strpos($page,"You Must Be Logged-In to do That!") !== false){
// login error
return 2;
}
//
// LOGGED IN, now let's play
//
// find edit profile link (with token attached)
//
preg_match("/ id="ctl00_Main_ctl00_Welcome1_EditMyProfileHyperLink" href="([^"]+)"/",$page,$redirpage);
$redirpage = $redirpage[1];
//
// go there (edit profile)
//
curl_setopt($ch, CURLOPT_URL, $redirpage);
$page = curl_exec($ch);
//
echo $page; // do whatever you need to do
//
// clean up
//
curl_close($ch);
@unlink("/tmp/cookiejar-$randnum");

Author: Harry maugans of harrymaugans.com

You may also like...

Leave a Reply