PHP: cURL w/ CSRF token

Question

N.B: I have viewed Login with PHP curl and CSRF token and cURL CSRF Token, Login with CURL php and CSRF token and then some before posting.

I am creating a system which has a function (if it works) to analyse data from another website. This website requires login with a user, password & csrf token. See below for the code.

  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
  curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);

  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  $response = curl_exec($ch);
  if (curl_errno($ch)) die(curl_error($ch));

  $doc = new DOMDocument();
  $doc->loadHTML($response);
  $token = $doc->getElementsByTagName("csrf")->attributes->getNamedItem("value")->value[0];



    echo "TOKEN: {$token} ";
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
  curl_setopt($ch, CURLOPT_POST, true);

  $params = array(
    'username' => $username,
    'password' => $password,
    'csrf' => $token
  );
  curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));

  curl_exec($ch);

  if (curl_errno($ch)) print curl_error($ch);


    curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postinfo);
    $html = curl_exec($ch);
    print("<br />HTML: ".$html);
if (curl_errno($ch)) print curl_error($ch);
    curl_close($ch);

I have slightly modified scripts from the above questions but am receiving these errors:

Warning: DOMDocument::loadHTML(): htmlParseEntityRef: expecting ';' in Entity, line: 24 in /home/dlip/subdomains$/eportaltest.website.com/public_html/ticket_load.php on line 18

Warning: DOMDocument::loadHTML(): Unexpected end tag : form in Entity, line: 76 in /home/dlip/subdomains$/eportaltest.website.com/public_html/ticket_load.php on line 18

Warning: DOMDocument::loadHTML(): Tag nav invalid in Entity, line: 124 in /home/dlip/subdomains$/eportaltest.website.com/public_html/ticket_load.php on line 18

Warning: DOMDocument::loadHTML(): Tag section invalid in Entity, line: 140 in /home/dlip/subdomains$/eportaltest.website.com/public_html/ticket_load.php on line 18

Warning: DOMDocument::loadHTML(): error parsing attribute name in Entity, line: 176 in /home/dlip/subdomains$/eportaltest.website.com/public_html/ticket_load.php on line 18

Following instructions on the above questions, I've tried also using

$doc->loadHTML(htmlentities($response))

to no avail.

Does anyone have any clue whats going wrong? I understand it may be to do with the website, but how do I get around it?

Thanks :)

Do you get the csrf token? Reason you see these warnings is that the site you try to parse has invalid HTML. — OptimusCrime, Feb 13 '17 at 21:40
Nope. Do you think it would just be easier to explode the page and just take the bit I need in this case? — DLipscombe, Feb 13 '17 at 21:42

score 0 · Answer 1 · edited May 23 '17 at 11:47

Bit of a dirty answer but it works so that's ok with me...

Used this answer: https://stackoverflow.com/a/21804537/7508539

And rolled it like so:

  $token = trim(get_string_between($response,'<input type="hidden" name="csrf" value="','" />'));

Will probably have to explode the bits I need on their site now, but at least I know how to tackle it now rather than sitting staring aimlessly at errors I can't fix.

Are there any 'non-hack' ways of fixing this?

PHP: cURL w/ CSRF token

1 Answers1