2

I was wondering if you could help me out with a bit of code for a cCURL request using PHP, I'm trying to retrieve data from the fpl api that would show my league standings. The url for the league standings api is - https://fantasy.premierleague.com/api/leagues-classic/my_league_id/standings/?page_new_entries=1&page_standings=1 I can see the data via the browser but when I try to retrieve it with a curl request with PHP it comes back with a 403 error with the message "Authentication credentials were not provided". That would mean that I would need login credentials to retrieve it.

After looking into it using dev tools and postman, I now know that I need to get a csrf token by logging in then save the token to use when I make the request for the league standings. I have no idea how to go about this, I kind of do but I would really appreciate if someone could give it a go for me.

What I would need to do is make a POST request to https://users.premierleague.com/accounts/login/ with this form data -

"login"         => "my_email",
"password"      => "my_password",
"app"           => "plfpl-web",
"redirect_uri"  => "https://fantasy.premierleague.com/",

After making the request I would need to capture the csrf token cookie, which I believe would be in the hidden input with the name - "csrfmiddlewaretoken" and save it in a variable.

Once getting the token and saving it, I would then make a GET request to https://fantasy.premierleague.com/api/leagues-classic/my_league_id/standings/ with placing the csrf token variable that I saved into the headers and then json decode that data so I'm able to echo out the league details.

I'm pretty sure that's how to do it but I'm not that great at PHP and was wondering if there is any savour out there that could help a brother out. Any help would be much appreciated :)

I've started with the first part, making the initial post request, but have had no luck in returning the token. Here's my code so far -

<?php

$cookie = "cookies.txt";
$url = 'https://users.premierleague.com/accounts/login/';

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$response = curl_exec($ch);
curl_close($ch);

// var_dump($response);

$dom = new DOMDocument;
@$dom->loadHTML($response);

$tags = $dom->getElementsByTagName('input');
for($i = 0; $i < $tags->length; $i++) {
    $grab = $tags->item($i);
    if($grab->getAttribute('name') === 'csrfmiddlewaretoken') {
        $token = $grab->getAttribute('value');
    }
}

echo $token;

?>
Steven McCabe
  • 61
  • 6
  • For you to use stackoverflow, you need to provide YOUR code, and we might be able to fix it. But we won't code it for you. – Borjante Jul 04 '19 at 12:58
  • Fair enough. I'll include the code that I have worked on so far, it doesn't return anything though. – Steven McCabe Jul 04 '19 at 13:03
  • 1
    Your general attempt looks correct. Did you output $response to make sure you weren't redirected and the token is actually there? – Fels Jul 04 '19 at 13:28
  • I did, it just comes back with a false boolean :( – Steven McCabe Jul 04 '19 at 13:31
  • 1
    Did you try the option curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); just in case there will be a rewrite happen. Postman will go over it, but curl not. – sebkrueger Jul 04 '19 at 13:44
  • Still nothing with adding curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); I'm afraid. I do appreciate you guys trying to help though. – Steven McCabe Jul 04 '19 at 13:49
  • Managed to get the first part working. I used curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); and just like magic, it worked :) Going to try the second part now ;) – Steven McCabe Jul 04 '19 at 20:59
  • Possible duplicate of [PHP - SSL certificate error: unable to get local issuer certificate](https://stackoverflow.com/questions/28858351/php-ssl-certificate-error-unable-to-get-local-issuer-certificate) – Dharman Jul 05 '19 at 20:31

1 Answers1

1
<?php

// id of the league to show
$league_id  = "your_league_id";

// set the relative path to your txt file to store the csrf token
$cookie_file = realpath('your_folder_dir_to_the_txt_file/cookie.txt');

// login url
$url = 'https://users.premierleague.com/accounts/login/';

// make a get request to the official fantasy league login page first, before we log in, to grab the csrf token from the hidden input that has the name of csrfmiddlewaretoken
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie_file);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie_file);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$response = curl_exec($ch);

$dom = new DOMDocument;
@$dom->loadHTML($response);

// set the csrf here
$tags = $dom->getElementsByTagName('input');
for($i = 0; $i < $tags->length; $i++) {
    $grab = $tags->item($i);
    if($grab->getAttribute('name') === 'csrfmiddlewaretoken') {
        $token = $grab->getAttribute('value');
    }
}

// now that we have the token, use our login details to make a POST request to log in along with the essential data form header fields
if(!empty($token)) {
    $params = array(
        "csrfmiddlewaretoken"   => $token,
        "login"                 => "your_email_address",
        "password"              => "your_password",
        "app"                   => "plfpl-web",
        "redirect_uri"          => "https://fantasy.premierleague.com/",
    );

    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

    /**
     * using CURLOPT_SSL_VERIFYPEER below is only for testing on a local server, make sure to remove this before uploading to a live server as it can be a security risk.
     * If you're having trouble with the code after removing this, look at the link that @Dharman provided in the comment section.
     */
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    //***********************************************^

    $response = curl_exec($ch);

    // set the header field for the token for our final request
    $headers = array(
        'csrftoken ' . $token,
    );
}

// finally, we now have everything we need to make the GET request to retrieve the league standings data. Enjoy :)
$fplUrl = 'https://fantasy.premierleague.com/api/leagues-classic/' . $league_id . '/standings/';
curl_setopt($ch, CURLOPT_URL, $fplUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);

if(!empty($token)) {
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
}

$response = curl_exec($ch);
$league_data = json_decode($response, true);
curl_close($ch);

echo '<pre class="card">';
    print_r($league_data);
echo '</pre>';

?>
Steven McCabe
  • 61
  • 6
  • 1
    Thanks for bringing this up, @Dharman I'll only be using this for testing just now but once I go live I'll be removing it but it's definitely something others, who are looking at my code, should know about so I'll that into the comments. I'll look at the link you've provided. Thanks again :) – Steven McCabe Jul 06 '19 at 03:08
  • Have you changed anything since this was posted ? because i tried this code elaborately and i still get the ' [detail] => Authentication credentials were not provided.' error – SnK Aug 19 '19 at 14:29