-1

I am using file_get_contents function to get the login token of a page to put it in my form and submit the username and password along with the login token to achieve auto-login from my site to another site.

I'm loading the correct page I need, the username and password are correct, but the login token I'm receiving when I use file_get_contents is different from the login token on the actual page and if I copy the login token from the site and paste it in my form. The auto login is working great, but I'm not sure why the login token I am getting with file_get_contents is incorrect.

 <td><?php


$txt1 = file_get_contents($virtualLink, FALSE );

preg_match('/\<input\stype="hidden".*name="logintoken".*value="(.*)".*>/', $txt1, $matchesT3);


    if (count($matchesT3) >1) {
        $vlLoginToken = $matchesT3[1];

    }
    ?>
    <form  action="<?php echo $virtualLink; ?>" method="post" target="_new" id="login" >
           
           
        <input name="logintoken" type="hidden" value="<?php echo $vlLoginToken;?>" />
        <input style="background-color: transparent;" id="username" name="username" type="hidden" value="<?php echo $mailUsername;?>" >
        <input id="password" name="password" type="hidden" value="<?php echo $vlPassword;?>">
        <input style=" width:100px; height:100px;  margin-right:auto; margin-left:auto; display:block; border:none; background-color: transparent;" src="" type="image" alt="" title=""></form>

</td>

EDIT 1: I used this to get session cookie:

file_get_contents($virtualLink);

$cookies = array();
foreach ($http_response_header as $hdr) {
    if (preg_match('/^Set-Cookie:\s*([^;]+)/', $hdr, $matches)) {
        parse_str($matches[1], $tmp);
        $cookies += $tmp;
    }
}

And I got this: Array ( [MoodleSession] => 9a3320b638bff0622dd834951fc8f348 ) How Can I create a stream with this?

Haya
  • 19
  • 5
  • Your question is difficult to understand. Are you saying that `file_get_contents($virtualLink, FALSE);` returns something else than when you use the value of `$virtualLink` in a browser? – KIKO Software Aug 31 '23 at 06:28
  • 1
    Perhaps the token is tied to the requesting IP address? – CBroe Aug 31 '23 at 06:34
  • No, it returns the page I want, it is a basic login page. when I view this page's source, the login form has username, password and a LOGIN TOKEN. This login token is different from the one I'm getting when using file_get_contents. That's why I cannot auto-login to this page. – Haya Aug 31 '23 at 06:36
  • 1
    You are not using the same session when requesting the form through `file_get_contents` and then posting it with a HTML form, resulting in different tokens. You'd need to resort to curl to be able to store and serve the same session cookie to ensure no new token is generated (because you started a new session...) – DarkBee Aug 31 '23 at 06:47
  • @DarkBee Could you please provide a sample code? – Haya Aug 31 '23 at 06:51
  • 1
    Just change your search criteria - Have a look [here](https://stackoverflow.com/questions/45357814/use-browser-cookies-in-php-curl-to-log-in-to-a-website) – DarkBee Aug 31 '23 at 06:52
  • I am not familiar with Curl, isn't there a way to use stream_context_create to achieve what I want? – Haya Aug 31 '23 at 07:16
  • 1
    Sure, but then you would need to write the code to fetch and set the cookies manually... See [here to fetch](https://stackoverflow.com/questions/1797510/file-get-contents-receive-cookies) and [here to send](https://stackoverflow.com/questions/3431160/send-cookie-with-file-get-contents) – DarkBee Aug 31 '23 at 07:20
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/255128/discussion-between-haya-and-darkbee). – Haya Aug 31 '23 at 16:17
  • See the follow up question here: https://stackoverflow.com/questions/77017573/using-php-curl-to-get-login-token – KIKO Software Aug 31 '23 at 16:19

0 Answers0