Re: I can't cURL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, June 29, 2005 9:31 am, Jon said:
> I was able to modify the ebay login example that was provided on
> http://curl.haxx.se/libcurl/php/examples/ to login to a billing portal
> that
> I am trying to access. by doing that I am able to open the home.asp page.
> What I am wanting is to be able to keep my logon and open billing.asp as
> if
> I had clicked on the link.  the link on the page is just a standard link
>
> <A HREF="billing.asp">Billing Reports</A></U>
>
> when I add a third part to the hacked  example
>
> // 3- Try to get billing page
> $GetThisURL = "*******/billing.asp";
> $reffer = "*******/home.asp";
>
> $ch = curl_init();
> curl_setopt($ch, CURLOPT_URL,$GetThisURL);
> curl_setopt($ch, CURLOPT_USERAGENT, $agent);
> curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
> curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
> curl_setopt($ch, CURLOPT_REFERER, $reffer);
> curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
> curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);

I never got the cURL CookieJar stuff to work, personally.

That may be problems with file permissions on my jar, but...

Anyway, just to know and understand what is going on, I suggest you PRINT
OUT the headers of the document you are retrieving.

If there are Cookies, use PHP to parse their headers, collect up the
Cookies, and send them back.

This is also better in that you can catch stupid Cookies such as:
  Cookies that are clearly tied into their advertising crapola
  Cookies that are clearly tied into their webstats crapola
  Cookies that are used to "share" your surfing habits with others

Odds are really good you can *NOT* send back those Cookies and the site
will still work, without you giving them information that's really none of
their business in the first place.

Don't set FOLLOWLOCATION either, as it might be fooling you by skipping
through some Location: headers but bypassing some Cookie headers.

So then the Cookies are getting ignored because cURL is following the
Location: headers too fast.

Which is how some browsers behave anyway, so the site would be broken for
those browsers if you tested with them...

> $result= curl_exec ($ch);
> curl_close ($ch);
>
> all I am able to get is the login page again.  I don't have any idea what
> to
> even try since I have never used cURL before.  One thing that I know is
> that
> by clicking on billing.asp link the server does some stuff and you end up
> at
> billing_histories.asp.  Does that mean that I should be looing for some
> sort
> of GET or POST operation that I am not seeing?

It's more likely some Location: headers coming out.

ASP Developers (and ASP itself) tend to bounce users around a LOT through
HTTP Location headers.

God only knows why.

My best theory is Microsoft *wants* to waste HTTP connections to make
hardware seem insufficient to make users buy more hardware which means
more licen$e$ sold of MS software.

> This javascript is also on the homepage.  Does this somehow affect what I
> am
> trying to do?  If so is there a way to work around it?
>
> <SCRIPT LANGUAGE=javascript>
> <!--
> function respond(n) {
>  frmSpecialDelivery.action = document.all.SubmitPage.value +
> "?respond=yes&which=" + n + "&returnto=" + document.all.calledfrom.value
>  frmSpecialDelivery.submit();
> }
> function sendit() {
>  frmEmail.action = document.all.SubmitPage.value + "?sendmail=yes&which="
> +
> document.all.id.value + "&returnto=" + document.all.calledfrom.value
>  frmEmail.submit()
> }
> function closeit() {
>  window.location = document.all.calledfrom.value
>
> }
>
> function initialize() {
>  document.location="filedownload.asp?DFID=" + "&returnto=" +
> document.all.calledfrom.value
> }
> -->
> </SCRIPT>

Possibly, especially that document.location crap.

But you don't show any JavaScript where this gets CALLED, so it could be a
red herring.

You'd have to examing any JavaScript tied to the link you click on to see
what it does, and which functions it calls, and if it's some of the above
functions, walk through what they do.

Keep in mind that you can save THEIR HTML on YOUR computer, and change
their JavaScript to have a bunch of alert() statements like:
function respond(n){
alert("Called respond with arg: " + n);
.
.
.
}

So you can always eventually puzzle through what their JavaScript is doing.

The code on their server is a bit more of a Black Box.

You can only figure out what it does by poking at it and seeing what happens.

Ah, the joys of hacking through somebody's really crappy login scripts.

Does it feel like you're in the jungle with a machete that has dream-like
turned into a wet noodle yet?  It will, soon.

But then you manage to hack your way through, and it feels real good.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux