using fsockopen to login to another website

dodger82

Hi, I'm trying to get my script to open another page, Advanced Information Networksand then login using a specific login and password, open a specified file (updated daily) and process it into my database.

now i'm not a total noob, i can handle reading the file and so forth, but can't log into their website. i've tried posting the username and password using fsockopen (the headers i don't entirely understand), but met with some funky and undesired results.

is there something i'm missing? i spent hours searching, and only found 100 login scripts, not scripts to login elsewhere. i fear the problem may be that the website is trying to send back a cookie for the login. i've got myself in a bit of a mess. if anyone could help straighten this out, i'm sure it can't be that rare, i'd be eternally grateful (or at least grateful for as long as i could remember 😃).

Dave

rehfeld

take a look at curl

http://www.php.net/curl

your going to need to be able to handle cookies, redirect headers etc...

dodger82

:eek: how could i have missed that! i'm feeling pretty stupid, that solves all my problems (or at least this login problem :p), thank you a tonne!

Shrike

I've just been using PEAR's HTTP_Request class, which is just fantastic for this kind of thing. It allows you to generate GET and POST requests, and see the content and headers of the response, all in one easy to use object.

dodger82

Ok, i'm running this code:

<?php

$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIEJAR, "waimak01cookie");
curl_setopt($ch, CURLOPT_URL,"http://www.advancedinformation.net/client.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "username=paulsaunders132&password=&challenge=f0be908051754a0804f901847f534789&response=fb58065d421a8637559c927c99cc909a");

curl_exec ($ch); // execute the curl command

curl_close ($ch);
unset($ch);

$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEFILE, "waimak01cookie");
curl_setopt($ch, CURLOPT_URL,"http://www.advancedinformation.net/client.php");

$buf2 = curl_exec ($ch);

curl_close ($ch);

echo "<PRE>".htmlentities($buf2);

?>

one thing to note is that the page doesn't actually post the password, it uses an md5 challenge and response, so i did it by hand as you can see.

now, it's not logging in, but i've noticed that there is no file called "waimak01" in that directory on the server. what might be going on here? i'm not 100% clued up on encryption, but it's possible the problem is there. how might i go about getting my program to parse the page and run the javascript? i'm pretty sure that's not going to work though, getting php to parse javascript, ha, i just realised what a crazy notion that is :p sigh 🙁

any ideas?

rehfeld

your not properly replicating thier js function

  function doChallengeResponse() {
    str = document.login.username.value + ":" +
          MD5(document.login.password.value) + ":" +
          document.login.challenge.value;
    	  document.login.response.value = MD5(str);
    	  document.login.password.value = "";
    	  document.login.submit();
  }

notice they are using :

between certain values

just be glad they arent using a random seen generated on the server before they md5 it and then send it back to the server. thats what i do on my login pages 🙂

dodger82

i wish it were that simple, you really got my hopes up though 😃

the colons are being put into the string str, making it username:password:challenge, and then the response is the md5 of that whole string, giving the challange and response challenge=f0be908051754a0804f901847f534789&response=fb58065d421a8637559c927c99cc909a"

to verify this i edited the javascript in that page locally, and instead of submitting the form, i alerted the values to be submitted, and they co-incided with what's in my script.

back to square one 🙁

I have to say thank you hugely for taking the time to look at it for me, i mean even looking into the pages source, thank you! 😉