Stut wrote: > admin@xxxxxxxxxxxxxxxxxxx wrote: >> WHY! Would you even want to pull that data first off? It would be out >> dated as of the next transaction anyway. >> Secondly if you can curl the data from the server, and get your account >> information! I suggest you change banks. Could it be that I try to use if a customer has paid? WHY would that be wrong? > > With that attitude you'll end up keeping your money under your bed. > Anything my browser can do curl can do. > >> Bad decision I think to make this attempt. > > Why? If Ronald decides to access *his* account using a method other > than a browser, what is he doing wrong? The only downside to it is if > he's storing his authentication credentials somewhere so it can be an > automated process. Aside from that possibility I don't see the bad here. > >> You can bet I will be watching your networks for an attempt on >> authentication failures. >> Because that request does not sound RIGHT to me. >> >> inetnum: 59.124.0.0 - 59.127.255.255 >> netname: HINET-NET >> country: TW >> descr: CHTD, Chunghwa Telecom Co.,Ltd. >> descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd. >> descr: Taipei Taiwan 100 >> >> >> Interland, Inc. MAXIM-NETBLK-1 (NET-216-65-0-0-1) 216.65.0.0 - >> 216.65.127.255 >> Poke Internet Services MAX-CUSTNET-348 (NET-216-65-86-0-1) >> 216.65.86.0 - 216.65.86.255 > NOW THAT is a strong word. Are you really a sysadmin? or are you just a worker in an IT firm? Have you signed a contract? or are you anyway just the cleaner there? I am not sure what are you trying to do here. Is this a list about php? It seems to me that you are from the http://veryevil.org site? How many systems have you already hacked? How many systems have you already damaged? Are you proud of that? Go to my website (easy to find it out which one, right?) There you will find the bank account number and the bank name. Good Luck! I wish you a happy jail term!!! NO answer please. PLEASE no answer! Please go back to your room and think at least ten times what you actually told us now about yourself! > Wow. Look everyone, he knows how to look up the owner of an IP > address. Phear his mad sysadmin skillz! > > Seriously, I highly doubt Ronald is going to try anything against your > systems. Just curious about something... what would you do if he did > try something? Call your mother and have a little cry? > >> -----Original Message----- >> From: Ronald Wiplinger [mailto:ronald@xxxxxxxxx] Sent: Friday, >> November 16, 2007 11:38 PM >> To: PHP General list >> Subject: bank query and curl >> >> I have a bank account and would like to query the last transactions. >> >> I can do that now via web and think that I can convert this procedure to >> a list of curl requests and finally put the result into a database on my >> server. >> Fortunately this bank account does not allow transactions, just viewing >> the account. >> >> Is there a guide available how to start this project? > > I would suggest the curl documentation. In order to duplicate what a > browser does you basically just need to make sure you persist cookies > between requests. Depending on what the site you're accessing does it > may not be particularly trivial to do this. You may end up needing to > parse each page that's returned to get the right URL to use for the > next request, but it shouldn't get any more complicated than that. > I found in the meantime some code to play with. I also found a tutorial I followed, but it was only to pull some web sites. The challenge is to select so many things on the following pages. > As I mentioned above I would strongly recommend that you do not store > your authentication credentials anywhere. If you need this to be an > automated system don't bother - it's not worth the risk. That is the point I do not understand. Where is the risk? The bank information is stored on the customers web site anyway, in order that their user can pay. The only thing what is not there is the login information. I believe if we can use the out of the path credentials like we access the sql server it should be same secure. The bank does not allow transactions, it is only for viewing the last 100 days transactions. > > Oh, and don't underestimate the damage that can be caused by someone > gaining access to this account. Just because you can't carry out > transactions through the site doesn't mean the information it gives > you access to can't be used for evil purposes. > > One last thing... you may find yourself getting blocked from the banks > site if you make too many failed requests. You may want to pick > another site while you learn how curl works. > Well, I will not try more than 3 times in a row with curl and than with the browser. Thanks for the hint though. bye Ronald -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php