Retrieving contact from yahoo, gmail, msn, hotmail, aol, etc

Posted on 2006-04-06
Last Modified: 2006-11-18
Hi there,

I have seen some site started using this wonderful technology for invitation purpose..

What it does it to prompt user who wanted to send invitation link to his / her contact of friend to enter their yahoo/gmail/hotmail/aol ID and password..

Once done the system able to retrieve contact / address book for the particular account provided IMMEDIATELY!!!!

This shouldn't be done manually as the password entered shall not be stored in any form and shall not be fwd to anyone for manually retrieving purpose..

Anyone familiar with such technology? I tried to look around the web but couldn't find any info so I turn up here...

Question by:Soo
    LVL 6

    Expert Comment

    This is a dangerous practice since you are essentially giving away your yahoo/gmail/hotmail/aol ID and password to a third party.

    Don't hold any illusions that it's some kind of 'pass-through' technology or that your account information isn't really stored anywhere.  You gave away your password and you have to trust that third party to not act maliciously.

    This is like when people use the same username/password for Yahoo and Hotmail.  You are essentially giving your Hotmail credentials to Yahoo employees.  While it's a very bad thing to do, the fact is that lots of people use the same password everywhere.

    In theory, I could create a system that leeches off Yahoo's authentication.  For example, I'd setup with a login screen and tell users to enter their Yahoo ID & password.  Once they submit the form, my server attempts to log in to Yahoo using their credentials.  If it works, they are granted access to  If it fails, they are denied.  This saves me the trouble to creating my own signup system and means that my users don't have to remember yet another password.  When people do this maliciously, it's called 'phishing'.

    Don't do it!  For a better 'single-login' system, check into the OpenID initiative:
    LVL 1

    Author Comment

    That is why Im planning to have both... as an option for user to pick whether or not to use and pratice this pass-through technology or to use the traditional manual method...

    Still hoping for an answer to the pass-through method though... and thank for reply too william...
    LVL 6

    Expert Comment

    Can you restate your question?  The only thing you asked was if anyone was familiar with the technology.  Where you just curious how they did it or were you looking for an algorithm to parse an address book from Yahoo?  or Hotmail?

    Roughly they use an application on the server to apply your login credentials to  For example, it's not difficult to use PHP to submit a form to another server, capture the output, and parse it.
    LVL 1

    Author Comment

    Ok.. basically I need the script which is capable of doing what I meantioned earlier which is to allow user to enter their ID and password and with that am able to retrieve contact or address book from that particular given account provided the login information given is the correct set.

    In brief the working script should be able to:
    - Authenticate yahoo/gmail/aol/hotmail ID and Password provided
    - Retrieve the contact list or address book once authenticated into a list of notepad or list those contact directly on webpage
    - Password preferred to be encrypted

    LVL 6

    Accepted Solution

    Developing a script for a specific service would take a long time.  Each site would have a different set of hurdles to overcome.  The script for Yahoo would look completely different than the script for GMail.  Although, in general, it would look like this:

    Retrieve the login form Yahoo
    Scrape the form for any hidden fields with random numbers, etc. (Yahoo uses these to deter hackers)
    Fill in somebody's username/password
    Post the form back to Yahoo
    Save any cookies that Yahoo sets
    Retrieve the address book (one page at a time) using the cookies from Yahoo
    Scrape the returned pages for names and addresses

    The specific algorithms for scraping pages and which pages to request will obviously vary from one service to the next.

    I can provide example PHP code for performing an HTTP POST.

    function http($host, $write)
        $response = '';
        if ($fp = fsockopen($host, 80))  
            fwrite($fp, $write);
            while (! feof($fp)) $response .= fgets($fp, 1024);
    function http_post($host, $page, $post)
        $write = "POST $page HTTP/1.1\r\n" .
           "User-Agent: unknown\r\n" .
           "Connection: Close\r\n" .
           "Host: $host\r\n" .  
           "Content-Length: " . strlen($post) . "\r\n" .
           "Content-Type: application/x-www-form-urlencoded\r\n" .
           "\r\n" . $post . "\r\n\r\n";
        return(http($host, $write));

    /* Example usage */
    $username = 'someuser';
    $password = 'theirpass';
    $host = '';
    $page = '/foo/bar';
    $post = 'username='.$username.'&password='.$password;
    $response = http_post($host, $page, $post);

    Now parse through the response string and extract the data you need.
    LVL 6

    Expert Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    When pages do not download correctly, and you don't know why, the first thing you do is to look at the HTML source code of that page, but not all the downloaded files appear always clearly. If your source includes a javascript that computes the name…
    Both Easy and Powerful How easy is PHP? (  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
    This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
    The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now