2

I need to create a tool that will post a ASP.NET login form using PHP so that I can gather details from the user's summary page that is displayed after they are logged in.

Because the site uses ASP.NET and the form has __VIEWSTATE and __EVENTVALIDATION hidden fields, as I understand it, I must get those values first, then submit them in the POST to the login form for this to work.

I am new to PHP. The script that I have created should do the following:

1) GET the login form and grab __VIEWSTATE and __EVENTVALIDATION

2) POST to the login form with appropriate post data.

3) GET the summary.htm page that should be accessible now that I am authenticated.

What is actually happening is unclear to me. After POSTing to the login form, I receive a cookie, but can't tell if that cookie indicates I am authenticated. When I try to GET the summary.htm page I am redirected back to the login page as if I am not authenticated.

I am new to PHP and I am hoping that someone out there who is farmiliar with it might be able to see something obvious that I am missing.

Here is the code:

<?php

require_once  ("Includes/simple_html_dom.php");

ini_set('display_errors', 'On');
error_reporting(E_ALL);

// Create curl connection
$url = 'https://www.mysite.com/account/login.htm';
$cookieFile = 'cookie.txt';
$ch = curl_init();

// We must request the login page and get the ViewState and EventValidation hidden values
// and pass those along in the post request.

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setOpt($ch, CURLOPT_REFERER, 'https://www.mysite.com/account/login.htm');
curl_setopt($ch, CURLOPT_HTTPHEADER,array('Origin: https://www.mysite.com', 'Host: www.mysite.com'));


$curl_scraped_page = curl_exec($ch);

// Grab ViewState and EventValidation data
$html = str_get_html($curl_scraped_page);
$viewState = $html->find("#__VIEWSTATE", 0);
$eventValidation = $html->find("#__EVENTVALIDATION", 0);
$previousPage = $html->find("#__PREVIOUSPAGE", 0);


//create array of data to be posted
// This matches exactly what I am seeing being posted when looking at Fiddler
$post_data['__EVENTTARGET'] = '';
$post_data['__EVENTARGUMENT'] = '';
$post_data['__VIEWSTATE'] = $viewState->value;
$post_data['__EVENTVALIDATION'] = $eventValidation->value;
$post_data['__PREVIOUSPAGE'] = $previousPage->value;
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$LoginFields$txtUsername'] = 'bsmith';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$LoginFields$txtPassword'] = 'Weez442';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$LoginFields$chkLoginPersist'] = 'on';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$btnLogin'] = 'Login >';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateTopHeader$IncludeHeader$LoginModal$LoginFields$txtModalUsername'] = '';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateTopHeader$IncludeHeader$LoginModal$LoginFields$txtModalPassword'] = '';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateTopHeader$IncludeHeader$SearchForm$inputText'] = '';

//traverse array and prepare data for posting (key1=value1)
foreach ( $post_data as $key => $value) {
    $post_items[] = rawurlencode($key) . '=' . rawurlencode($value);
}

//create the final string to be posted using implode()
$post_string = implode ('&', $post_items);

//Set options for post
curl_setOpt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch,CURLOPT_HTTPHEADER,array('Origin: https://www.mysite.com', 'Host: www.mysite.com', 'Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);
curl_setopt($ch, CURLOPT_URL, $url);   
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFile);
curl_setOpt($ch, CURLOPT_REFERER, 'https://www.mysite.com/account/login.htm');

// Perform our post request
$curl_scraped_page = curl_exec($ch);

echo $curl_scraped_page;

// Now get our account summary page
$urlAcctSummary = "https://www.mysite.com/my-account/summary.htm";
//Set options
curl_setOpt($ch, CURLOPT_HTTPGET, TRUE);
curl_setOpt($ch, CURLOPT_POST, FALSE);
curl_setopt($ch, CURLOPT_URL, $urlAcctSummary);   
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFile); 

$curl_scraped_page = curl_exec($ch);

echo $curl_scraped_page;

curl_close($ch);

?>
Tod Birdsall
  • 17,877
  • 4
  • 38
  • 40

1 Answers1

2

I figured it out. I tweaked the code in several ways, but I believe the root of my problem was that ASP.NET wants to set a session cookie from the very first GET request and I only specified the CURLOPT_COOKIEJAR on the POST request and CURLOPT_COOKIEFILE in the final GET request.

Once I put CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE in the very first GET request it worked as designed.

Here is what my code looks like after moving those around:

<?php

require_once  ("Includes/simple_html_dom.php");

ini_set('display_errors', 'On');
error_reporting(E_ALL);

// Create curl connection
$url = 'https://www.mysite.com/account/login.htm';
$cookieFile = 'cookie.txt';
$ch = curl_init();

// We must request the login page and get the ViewState and EventValidation hidden values
// and pass those along in the post request.

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setOpt($ch, CURLOPT_REFERER, 'https://www.mysite.com/account/login.htm');
curl_setopt($ch, CURLOPT_HTTPHEADER,array('Origin: https://www.mysite.com', 'Host: www.mysite.com'));
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFile);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFile);


$curl_scraped_page = curl_exec($ch);

// Grab ViewState and EventValidation data
$html = str_get_html($curl_scraped_page);
$viewState = $html->find("#__VIEWSTATE", 0);
$eventValidation = $html->find("#__EVENTVALIDATION", 0);
$previousPage = $html->find("#__PREVIOUSPAGE", 0);


//create array of data to be posted
// This matches exactly what I am seeing being posted when looking at Fiddler
$post_data['__EVENTTARGET'] = '';
$post_data['__EVENTARGUMENT'] = '';
$post_data['__VIEWSTATE'] = $viewState->value;
$post_data['__EVENTVALIDATION'] = $eventValidation->value;
$post_data['__PREVIOUSPAGE'] = $previousPage->value;
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$LoginFields$txtUsername'] = 'bsmith';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$LoginFields$txtPassword'] = 'Weez442';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$LoginFields$chkLoginPersist'] = 'on';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$btnLogin'] = 'Login >';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateTopHeader$IncludeHeader$LoginModal$LoginFields$txtModalUsername'] = '';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateTopHeader$IncludeHeader$LoginModal$LoginFields$txtModalPassword'] = '';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateTopHeader$IncludeHeader$SearchForm$inputText'] = '';

//traverse array and prepare data for posting (key1=value1)
foreach ( $post_data as $key => $value) {
    $post_items[] = rawurlencode($key) . '=' . rawurlencode($value);
}

//create the final string to be posted using implode()
$post_string = implode ('&', $post_items);

//Set options for post
curl_setOpt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch,CURLOPT_HTTPHEADER,array('Origin: https://www.mysite.com', 'Host: www.mysite.com', 'Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);
curl_setopt($ch, CURLOPT_URL, $url);   
curl_setOpt($ch, CURLOPT_REFERER, 'https://www.mysite.com/account/login.htm');

// Perform our post request
$curl_scraped_page = curl_exec($ch);

echo $curl_scraped_page;

// Now get our account summary page
$urlAcctSummary = "https://www.mysite.com/my-account/summary.htm";
//Set options
curl_setOpt($ch, CURLOPT_HTTPGET, TRUE);
curl_setOpt($ch, CURLOPT_POST, FALSE);
curl_setopt($ch, CURLOPT_URL, $urlAcctSummary);   
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

$curl_scraped_page = curl_exec($ch);

echo $curl_scraped_page;

curl_close($ch);

?>
Tod Birdsall
  • 17,877
  • 4
  • 38
  • 40
  • Hello, your code works great, but I need have dopostback pages as your summary url, I tried alot of options but no luck, when after login I want to send post everything goes wrong. $post_data['__EVENTTARGET'] = 'grdInbox'; $post_data['__EVENTARGUMENT'] = 'Page%241'; Do you have any experience on dopostback pagination datas, what should I do after login? I will be really really happy if you help me. Thanks ! – Mehmet Uyarovic Mar 06 '16 at 20:03