Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: can't login with curl in forum (mierdatutis mi)

From: Hans Henrik Bergan via curl-users <curl-users_at_cool.haxx.se>
Date: Thu, 21 May 2020 00:36:39 +0200

logging in there isn't a job for curl, it includes HTML parsing, and you
cannot hardcode the csrf token, `c13a08a29` in your login request is a CSRF
token, and it is a 1-time token, it was only valid the 1 time your browser
used it to login, and will never be valid again, you must always fetch a
fresh token from http://labsk.net/index.php?action=login on every login
attempt, also your login url is dynamic, you cannot hardcode that either,
you try to send the login request to
http://labsk.net/index.php?action=login2 , but the real login url is
dynamic and looks something like
http://labsk.net/index.php?PHPSESSID=im8gn4gdhp3ukketm93dthcu9p&action=login2
(with PHPSESSID being dynamic)

use a scripting language, like PHP, Python, Perl, or anything with a
wrapper for libcurl and libxml2, here's a sample login in PHP using php's
libcurl+ libxml2 wrappers,
<?php
$ch = curl_init();
curl_setopt_array($ch, array(
    CURLOPT_URL => 'http://labsk.net/index.php?action=login',
    CURLOPT_ENCODING => '',
    // setting CURLOPT_COOKIEFILE to emptystring enables the cookie engine
    CURLOPT_COOKIEFILE=>'',
    CURLOPT_RETURNTRANSFER=>1,
));
$html=curl_exec($ch);
$domd=@DOMDocument::loadHTML($html);
$loginForm=$domd->getElementById("frmLogin");
// should look like:
http://labsk.net/index.php?PHPSESSID=3l9tva6dtgvnge1aqhrl24p8gp&action=login2
$loginUrl=$loginForm->getAttribute("action");
//var_dump($loginUrl) & die();
$loginParams=[];
foreach($loginForm->getElementsByTagName("input") as $input){

$loginParams[$input->getAttribute("name")]=$input->getAttribute("value");
}
// should look like:
array (
    'user' => '',
    'passwrd' => '',
    'cookielength' => '120',
    'cookieneverexp' => '',
    '' => 'Ingresar',
    'd071bb5935' => 'b98cf923a5962f4184c3d020a65c0ca1',
    'hash_passwrd' => '',
);
assert(isset($loginParams['user']) && isset($loginParams['passwrd']));
$loginParams["user"]="login_at_email.com";
$loginParams["passwrd"]="password";
curl_setopt_array($ch,array(
    CURLOPT_URL=>$loginUrl,
    CURLOPT_POST=>1,
    CURLOPT_POSTFIELDS=>http_build_query($loginParams)
));
$loginHTML=curl_exec($ch);
$domd=@DOMDocument::loadHTML($loginHTML);
$xp=new DOMXPath($domd);
// <p class="error">Nombre de usuario no existente.</p>
$loginError=$xp->query("//p[contains(@class,'error')]");
if($loginError->length){
    $loginError=$loginError->item(0)->textContent;
}else{
    $loginError="";
}
print_r(["loginError"=>$loginError]);
die();
?>

that script outputs:

Array
(
    [loginError] => Nombre de usuario no existente.
)

presumably because user_at_email.com is not a real email address.

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-05-21