retreiving data form another site

Krik

This is a project a friend asked me to see if I could figure out. And I have kind of got something working it is just a very manual solution and I think a more automated solution would be nicer. And while I should have just thrown in the towel, curiosity has me. Beside what a better way to learn something.

Basically I need to get bit of data off another website. It's public data just not set up very well for viewing the data or customizing it. I should point out the data can change minute by minute.

If I visit the site and view the source I am given an XML file. Which is no problem to parse. But if I load the page using cURL I get HTML and javascript, no XML, which parsing gets quite a bit more difficult.

Of course the url does point to an XML file and if that were that simple I could use file_get_contents(), but it's not. The url looks like this http://www.externalsite.com/data.xml?f=first+id&s=second+id

The way it looks is they are using the parameters in the url to write the XML file that I see when I view the source. But apparently that is not how the data is actually being passed to my browser.

So how would I get the XML output?

Now that is the first part of the question.

And the second part will probably push the limits. While most the data is publicly available there is some that one must log into. While perfectly harmless for any one look at, they set it up that way for some unknown reason.

So on top of the first question I am wondering how one might set it up so a person that is grabbing that data could submit their login information?

Hope that explains it fairly well if not feel free to ask questions.

Piranha

To me it seems like you try to use data that you don't own. I have reported it.

Krik

Yes I don't own it but it is made available to any who can figure out how to retrieve it. I would bet right now that sites data is available, in part, on 100's of web sites.

The proof is in the XML data that they let you have access to versus just leaving raw HTML for you to sort through. It is almost like an RSS feed except it for the entire site.

But adding to my question it seems I can get the HTML and javascript using file_get_contents(), fopen(), and cURL. But it appears cURL may allow you to pass login information to the page. Haven't figured that all out yet. But as said before I am wondering how to get the XML output they show when you go directly to their site and view the pages source.

Weedpacket

Krik wrote:
I would bet right now that sites data is available, in part, on 100's of web sites.

Irrelevant.

Have you verified that what you're wanting to use the data for is compatible with the site's AUP?

Krik

Let me try to clear this up, I get the sense some may think I am trying to access or display important information. The site is some online game, not sure how it all works, but the contents of this site is junk information. There isn't any information on the site worth anything to anybody, but those that may play the game. If they shut down the site tomorrow, no body is hurt by it, maybe some upset customers, but no harm done.

They have a few parts of it that users must login to see certain data. I imagine it is more of a convenience for them than a security issue. After all how can fictional characters and fictional whatever need to be secure.

According to their Legal Documents, Policies, ToU, and EULA"(that's a lot of reading) they do allow the use of their data as long as you are not reselling it. And I am not reselling it just thought I would help my buddy out.

If I need written permission to use it or something I guess its not impossible to get more likely just unnecessary.

EDIT
Was just doing more research making sure I wasn't in error I found they list all the sites (that have been submitted) that use their data. And they have a fan site package they make available to anyone. Nothing impressive in it but there is a lot of graphics and links to some minor portions of the data. If they are so lackadaisical about others using it I can't image my little thing is of any importance.

Weedpacket

Krik wrote:
After all how can fictional characters and fictional whatever need to be secure.

I dunno; ask Disney.

they do allow the use of their data as long as you are not reselling it. And I am not reselling it just thought I would help my buddy out.

That's okay, then.

I'm going to guess that perhaps the site returns different data based on what is sent in the request's Accept: or User-Agent: headers. Or maybe it's sending XML and an XSLT stylesheet to go with it. You haven't really given us enough to tell.

they set it up that way for some unknown reason.

You could just ask.

Krik

Ok, going to revive this thread as I am still working on this and I thought it better here than going through a whole new batch of inquiries.

Now your all going to get a good laugh, at my expense. Here I thought that fictional characters and fictional junk didn't need security. Come to find out, some users (not all, its an optional feature) have two-part authentication to get in to their game accounts. I think my brain short circuited on that and now I can't figure out why I am having a strange issue.

First my original question of how to get the XML was tied to the use of CURLOPT_USERAGENT. Their site checks your browser to see if your browser can support XML.

<?php
if (isset($_POST['submit'])) {

$username = $_POST['username'];
$password = $_POST['password'];
$authenticate = $_POST['authenticate'];

$loginvars = "accountName=" . $username . "&password=" . $password;

define(WOW_LOGIN_URL, 'https://www.blizzard.com/login/login.xml?referer=http%3A%2F%2Fwww.wowarmory.com%2Fvault%2Fguild-bank-log.xml%3Fr%3DThe%2BRealm%26n%3DThe%2BGuild&loginType=com');

$ch = curl_init(WOW_LOGIN_URL);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $loginvars);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, '../hidden/cookie.txt');
$results = curl_exec($ch);
curl_close($ch);


if (strstr($results, "Invalid account name or password")) {
	echo "Invalid account name or password<br>";
}
elseif (strstr($results, "Account name required")) {
	echo "Invalid account name or password<br>";
}
elseif (strstr($results, "Password required")) {
	echo "Invalid account name or password<br>";
}
elseif (strstr($results, "Authenticator code required")) {
	echo "Invalid Authenticator code<br>";
}
elseif (strstr($results, "Login failed")) {
	echo "Invalid account name or password<br>";
}
elseif (strstr($results, "Authenticator Code")) {
	$loginauth = "authValue=" . $authenticate;

	$ch = curl_init(WOW_LOGIN_URL);
	curl_setopt($ch, CURLOPT_COOKIEFILE, '../hidden/cookie.txt');
	curl_setopt($ch, CURLOPT_POST, 1);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $loginauth);
	curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1");
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($ch, CURLOPT_HEADER, 0);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	curl_setopt($ch, CURLOPT_COOKIEJAR, '../hidden/cookie.txt');
	$results = curl_exec($ch);
	curl_close($ch);

	echo $results;
}
else {
	echo $results;
}
}
else {
?>
<html>
<body>
<form action="banklog.php" id="loginForm" method="post">

Account Name <input id="username"name="username" type="text" /><br>

Password <input id="password" name="password" type="password" /><br>

Authenticator <input id="authenticate" name="authenticate" type="text" /><br>

<input type="submit" name="submit" value="Submit">

</form>
</body>
</html>
<?php
}
?>

Now I can get the above code to work if the person is using the second form of authentication. But it will not get the XML for those that don't use the second form of authentication as I can not put the CURLOPT_USERAGENT in the first cURL options as it breaks the second cURL function, not allowing that user to finish logging in.

Any ideas on how to fix that?

PS
Sorry the code is a bit disheveled its just for testing and once working will be incorporated into the working environment.