2

Here's my problem. A few months ago, I wrote a PHP script to get connected to my account on a website. I was using CURL to get connected and everything was fine. Then, they updated the website and now I am no longer able to get connected. The problem is not with CURL, as I do not get any error from CURL, but it is the website itself which tells me that I am not able.

Here's my script :

<?php
require('simple_html_dom.php');


//Getting the website main page
$url = "http://www.kijiji.ca/h-ville-de-quebec/1700124";
$main = file_get_html($url);
$links = $main -> find('a');
//Finding the login page
foreach($links as $link){
    if($link -> innertext == "Ouvrir une session"){
        $page = $link;
    }
}
$to_go = "http://www.kijiji.ca/".$page->href;


//Getting the login page
$main = file_get_html($to_go);
$form = $main -> find("form");
//Parsing the page for the login form
foreach($form as $f){
    if($f -> id == "login-form"){
        $cform = $f;
    }
}
$form = str_get_html($cform);

//Getting my post data ready
$postdata = "";
$tot = count($form->find("input"));
$count = 0;

/*I've got here a foreach loop to find all the inputs in the form. As there are hidden input for security, I make my script look for all the input and get the value of each, and then add them in my post data. When the name of the input is emailOrNickname or password, I enter my own info there, then it gets added to the post data*/


foreach($form -> find("input") as $input){
    $count++;
    $postdata .= $input -> name;
    $postdata .= "=";
    if($input->name == "emailOrNickname"){
        $postdata.= "my email address ";
    }else if($input->name == "password"){
        $postdata.= "my password";
    }else{
        $postdata .= $input -> value;
    }
    if($count<$tot){
        $postdata .= "&";
    }
}

//Getting my curl session
$ch = curl_init();
curl_setopt_array($ch, array(
    CURLOPT_URL => $to_go,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => $postdata,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_COOKIESESSION => true,
    CURLOPT_COOKIEJAR => 'cookie.txt'
));
$result = curl_exec ($ch);
curl_close ($ch);
echo $result;
?>

CURL nor PHP return any error. In fact, it returns the webpage of the website, but this webpage tells me that there's an error that occurred, as if there was missing some post data.

What do you think can cause that ? Could it be some missing curl_setopts ? I've got no idea, do you have any ?

user3602532
  • 21
  • 3
  • 1
    you're building your own postdata, and probably not doing it correctly. curl can take an array. make `$postdata` an array of key=value pairs, then pass the entire array to curl. – Marc B Aug 28 '14 at 19:04
  • Thank you for your quick answer. Unfortunately, I already tried putting my postdata as an array, it doesn't work either. – user3602532 Aug 28 '14 at 19:16
  • have you made sure you input ALL fields and didn't miss some funny hidden fields? try setting the referrer to the loginscript from their site – Soundz Aug 28 '14 at 19:24
  • Thank Soundz for your answer, I checked all the fields on the website, I have all of them. My script even takes all the input tags within the form tags, so there should not be any problem, unless forms can be sent with other fields that aren't within the form tags. – user3602532 Aug 28 '14 at 19:34

2 Answers2

0

$form = $main -> find("form") finds first occurrence of element

and that is <form id="SearchForm" action="/b-search.html">

you will need to change that into $form = $main->find('#login-form')

vertazzar
  • 1,053
  • 7
  • 10
  • Thank you for your fast answer. Unfortunately, I tried it and it didn't seem to solve the problem. In fact, when you parse with `$form = $main -> find("form")`, it will return all the
    . It's why I have a foreach loop afterward to find the correct form.
     – user3602532 Aug 28 '14 at 19:15
  • oh, didn't see the loop below, however i would use directly #login-form, it's a lot faster. You should however try to debug / var_dump array that you are sending, maybe some of the information is not sent properly – vertazzar Aug 28 '14 at 19:16
  • also look into http://stackoverflow.com/questions/5224790/curl-post-format-for-curlopt-postfields – vertazzar Aug 28 '14 at 19:19
  • Hi again Vertazzar, Thank you so much for your time. I tried using the urlencode(), still no result. I also tried send my post data as an array using this code `$postdata = array(); foreach($form -> find("input") as $input){ unset($to_send); if($input->name == "emailOrNickname"){ $to_send = "my email address"; }else if($input->name == "password"){ $to_send = "my password"; }else{ $to_send = $input -> value; } $postdata[$input -> name] = $to_send; }` still no result. Thank you so much again for your time vertazzar – user3602532 Aug 28 '14 at 19:45
  • it is possible that the server checks cookies (i see that they have CSRF check, which probably stores CSRF value in session which then compares to submitted value name="ca.kijiji.xsrf.token"), see the post below, @hindmost explained it – vertazzar Aug 28 '14 at 21:52
  • I believe this might be the reason. I'll work my script out to check – user3602532 Aug 29 '14 at 01:35
0

Most likely the problem is that the site (server) checks cookies. This process mainly consists of two phases:

1) When you visit the site first time on some page, e.g. on the login page, the server sets cookies with some data.

2) On each subsequent page visit or POST request the server checks cookies it has set.

So you have to reproduce this process in your script which mean you have to use CURL to get any page from the site, including the login page which should be getting by CURL, not file_get_html.

Furthemore you have to set both CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE options to the same absolute path value ('cookies.txt' is a relative path) on each request. This is necessary in order to enable cookies auto-handling (session maintaining) within entire series of requests (including redirects) the script will perform.

hindmost
  • 7,125
  • 3
  • 27
  • 39
  • I believe you are on on something. It seems pretty logical to me. I'll work my script out and update you later. – user3602532 Aug 29 '14 at 01:34