I am trying to log into a site using cURL. The site requires entry of a captcha. If I extract as html just the form used for login, put that extract on my own site and execute it - I can log in.
If I capture the real login site using cURL, extract the name of the captcha image, display that image in my own form along with all of the other feilds of the login form, manually enter the cpatch image, and then post the forms using cURL, the login fails.
Follows is the html form that works:
<form action="http://www.gindis.com/modules.php?name=Account&file=index&op=loginckm" method="post"><table><tr><td width="260"></td><td align="center" height="25" colspan="3"><B>Username:</B><input type="text" name="username" size="10" maxlength="25"></td><td width="260"></td></tr><tr><td width="260"></td><td align="center" height="25" colspan="3"><B>Password:</B><input type="password" name="user_password" size="10" maxlength="20"></td><td width="260"></td></tr><tr><td width="260"></td><td align="center" height="25" colspan="3"><B>Type Security Code: </B><input type="text" NAME="gfx_check" SIZE="7" MAXLENGTH="6" autocomplete="off"></td><td width="260"></td></tr><tr><td width="260"></td><td align="center" height="25" colspan="3"><img src='http://www.gindis.com/modules.php?name=Account&file=index&op=gfx&random_num=338183' border='1' alt='Security Code' title='Security Code'></td><td width="260"></td></tr><tr><td width="260"></td><td align="center" height="25"><input type="hidden" NAME="random_num" value="338183"><input style="WIDTH: 120px; FONT-SIZE: 12; BORDER-BOTTOM-COLOR: black; COLOR: white; BACKGROUND-COLOR: #1A1A28; BORDER-BOTTOM-STYLE: solid" type="submit" value="Login"></form>
Here is my cURL code: First to get the login page:
$URL="http://www.gindis.com/modules.php?name=Account";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $URL);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_header,1);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
$content=curl_exec($ch);
$rand_loc=strpos($content,"random_num=");
$randnum=substr($content,$rand_loc+11,6);
echo $randnum;
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>Code Image</td>
<td><img src='http://www.gindis.com/modules.php?name=Account&file=index&op=gfx&random_num=<? echo $randnum; ?>'></td>
</tr>
<tr>
<td>Enter Code</td>
<td><form action="test3.php" method="post"><input name="code" type="text" /><input name="rdm" type="text" value='<? echo $randnum; ?>'/><input name="Login" type="submit" /></form></td>
</tr>
</table>
And here is the actual post to the game server:
$ch = curl_init();
$data=array('username'=>'XXX','user_password'=>'XXX','gfx_check'=>$code,'random_num'=>$rdm);
$vars=null;
foreach($data as $key=>$value)
if($key && $value)
$vars.=$key."=".urlencode($value)."&";
// echo $vars;
$agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)";
$URL="http://www.gindis.com/modules.php?name=Account&file=index&op=loginckm";
//$URL="http://www.cookwannabe.com/USA/test4.php";
curl_setopt($ch, CURLOPT_URL, $URL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $vars);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_UNRESTRICTED_AUTH,1);
//curl_setopt($ch, CURLOPT_REFERER,"http://gindis.com/");
curl_setopt($ch, curlopt_headers,1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
$result=curl_exec($ch);
Any help will be greatly appreciated.
