Tuesday, August 6, 2013

Auto Login using PHP stream_context_create() and file_get_contents()


The following is just a rough idea of how to log in to a website using PHP. If the target website is owned by you, you should know how it is done. If not, you may need to contact the web administrator before doing so. The web site owner may not like it. The main idea here is to make the login and grab the data out with just one push button to save all the hassels to log in manually. It is advised to make it completely legal before you even try it:

$postdata = http_build_query(
 array(
     'postUserName' => 'yourLoginID',
     'postPassword' => 'yourPassword'
 )
);

$postOptions = array('http' =>
 array(
     'method' => 'POST',
     'header' => 'Cookie: PHPSESSID='.$sessid,
     'content' => $postdata,
     'user_agent'=> $_SERVER['HTTP_USER_AGENT']
 )
);

$context = stream_context_create($postOptions);

$return = file_get_contents("http://yourtargetloginURL.com/targetlogin.php?condition=login", false, $context);
. // check $return if it is compressed. If so, uncompressed it before anything
. // check $return HTML for success/fail login
. // set cookie for successful login
...



For those in green, it depends on your own login environment. Every login situation is different. Some requires certain cookie to be set prior to anything else. Finally, make sure it is legal before you go ahead.

No comments:

Post a Comment