Solved

Google Mail (Gmail) - Auto login

Posted on 2012-04-03
31
3,434 Views
Last Modified: 2012-08-04
I am writing a script to scrap contact information & messages of my friends in several accounts. I would like to know if someone knows a good way to auto-login to gmail account so that i can automate the process.

Hintco
0
Comment
Question by:hintco
  • 13
  • 13
  • 2
  • +2
31 Comments
 
LVL 25

Expert Comment

by:Lee Savidge
ID: 37799869
I would doubt this is possible for security reasons. I would personally connect all the accounts to Thunderbird or Outlook or some other email client capable of allowing multiple accounts, set all the settings to download all the email rather than store on the server and delete all the mail locally. Then sync the contacts and delete them all locally and allow the sync back to the server.
0
 
LVL 29

Expert Comment

by:Olaf Doschke
ID: 37799908
In general google offers oauth access to services, take a look at https://developers.google.com/accounts/docs/OAuth2
If you're unfamiliar with any API yet, it's perhaps not the easiest thing to start with. Then I'd go with a mail client to downloa mails or adress books etc. and gather all the infos.

Bye, Olaf.
0
 
LVL 1

Author Comment

by:hintco
ID: 37800106
i want a script like this script in other question with facebook
Auto-Login Facebook
0
 
LVL 20

Expert Comment

by:Proculopsis
ID: 37800126
This is what I use, paste twice into address bar or put it into a shortcut:

javascript:u="simon@gmail.com";p="PASSWORD_HERE";if(!(document.forms["gaia_loginform"])){document.location.replace("https://accounts.google.com/ServiceLoginAuth");}else{with(document.forms["gaia_loginform"]){elements["Email"].value=u;elements["Passwd"].value=p;elements["PersistentCookie"].checked=true;submit();void(0);}}


0
 
LVL 1

Author Comment

by:hintco
ID: 37800195
can i but this script in PHP page if i can give me an example.
thanks
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 37800482
Google gives you APIs for everything you're trying to do. Here's sample PHP code for handling the authentication side of things (the samples should give you access to a list of mails in a GMail account):

http://code.google.com/p/google-mail-xoauth-tools/wiki/PhpSampleCode

Once you've got the authorization down, then it's just a matter of using the Google Contact APIs:

https://developers.google.com/google-apps/contacts/v3/#deleting_contacts
0
 
LVL 20

Expert Comment

by:Proculopsis
ID: 37800504
I don't know about php but .NET has a WebBrowser Control which can be used for screen scraping by setting the url property with the above.

Do you have such a control in php?
0
 
LVL 1

Author Comment

by:hintco
ID: 37800802
i want a script like this script
Auto-Login Facebook
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 37800861
Hi hintco,

I understand you want that kind of script, but not all websites are the same. I would caution against trying to use a script like that Facebook one because if it doesn't use an API, then the slightest change from Google could break the script. Or the script might work only a small percentage of the time because the login parameters and tokens are changing. The APIs that Google gives you are designed -exactly- for what you're asking to do. The links I gave you should be exactly what you need - I do not believe there is a small script like that Facebook one that will work for Gmail.
0
 
LVL 1

Author Comment

by:hintco
ID: 37800971
The slightest change from Google could break the script

Open in new window

Ok, I know that i want the script temporarily not permanent
if gmail changes its parameter i will change them or if it can automatically check the parameters and assign them it will be smarty.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 37801126
That was more of a side comment - the real issue is that I don't think there is one like what you are asking for. The authentication process and interaction with Gmail is complicated (which is why there are APIs to begin with - to make it uncomplicated). I'm not trying to rain on your parade - if there was a small script like that, I would give it to you and then tell you that it wouldn't be a permanent thing, but as far as I know, there just is no script like that. Only the APIs.
0
 
LVL 1

Author Comment

by:hintco
ID: 37804730
I'm sure that there is a script done this job, if there isn't  can i act with API like GMAIL in PHP with all facilities can i redraw the GMAIL page using GMAIL APIs.
Give me example code run in PHP.
thanks
0
 
LVL 1

Author Comment

by:hintco
ID: 37804823
And i want php script for yahoo mail & hotmail also, bec. my friends use them frequently.
thanks
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 37805504
Hi hintco,

The first link I provided has sample PHP code. The APIs will give you the capability of interacting with all mail items and the contacts. Please check the links. Trying to copy and paste code here will not do you any good, because that code will depend on files that you get in the downloads in that first link.

If you want PHP scripts for Yahoo and Hotmail, I would suggest opening up separate questions for each one, since they are each different topics.
0
 
LVL 1

Author Comment

by:hintco
ID: 37805684
Ok, thank u but i still want a php script for gmail like facebook link above, bec. this solution (APIs) doesn't achieve my need.

Any other suggestion or solutions.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 34

Expert Comment

by:gr8gonzo
ID: 37806521
Please be more specific about why it does not meet your needs. The APIs are THE way to interact with Gmail, and the PHP scripts are there, so I am confused as to why you do not use those scripts.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 37806530
Did you actually try the samples in that link? I don't see how you could have tried them and determined that they do not give you access to the items you are asking for...
0
 
LVL 1

Author Comment

by:hintco
ID: 37809574
I want my friends login in my website with there accounts in gmail and when they click the inbox button in my website redirect them to gmail with auto login (gmail inbox).
It's clear now or not.

I want some script give me my goal.
Thanks
0
 
LVL 1

Author Comment

by:hintco
ID: 37809590
There is a strong point in this field that i wrote the script in .net and it work very fine.
Why in php i can't or it's difficult.

All programming languages have similar capabilities i think so.
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 250 total points
ID: 37811645
Hintco, you're asking for different things.

1. If you want to use PHP to access mail and contacts (which is what your original question suggested), then you need to use the APIs.

2. If you want your friends to be able to click on a link to log into Gmail in their browser, then Proculopsis and Olaf have already given you the answers. If you want to do it server-side with PHP, then you have to use federated login (OAuth, that Olaf suggested). If you want to do it with Javascript (which would accomplish exactly the user experience you want), then Proculopsis has given you a solution.

I can build you a script that mimics that exact Facebook auto-login script, but I guarantee you that it will not work because GMail's authentication process is very different and relies on client-side dependencies (Javascript), which is why it would work in .NET - because it has the browser component that is leveraging the Internet Explorer engine on the backend.

Here is that script, which uses exactly the same method that the FB login uses (perform a request to get the cookies, authenticate, grab the resulting cookies, and then finally redirect with the final cookies). The method is technically successful, but will fail because of the failed dependencies and redirect to the Gmail home page:

<?php

// Get this file from http://simplehtmldom.sourceforge.net/
require("simple_html_dom.php");

/* EDIT EMAIL AND PASSWORD */
$EMAIL = "gmail username here";
$PASSWORD = "password here";

$params = array(
	"continue" => "http://mail.google.com/mail/",
	"Email" => $EMAIL,
	"GALX" => "", // Get from login page
	"Passwd" => $PASSWORD,
	"PersistentCookie" => "yes",
	"checkConnection" => "",
	"checkedDomains" => "youtube",
	"dnConn" => "",
	"dsh" => "", // Get from login page
	"ltmpl" => "default",
	"pstMsg" => "0",
	"rm" => "false",
	"rmShown" => "1",
	"scc" => "1",
	"secTok" => "",
	"service" => "mail",
	"signIn" => "Sign in",
	"timeStmp" => "",
);

// Get login page and pull cookie and <input>s
$loginPageHTML = cURL("https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2");

	// Extract cookies and dynamic input values
	$cookies = getCookies($loginPageHTML);

	$dom = str_get_html($loginPageHTML);
	$params["dsh"] = $dom->find('input[name=dsh]',0)->value;
	$params["GALX"] = $dom->find('input[name=GALX]',0)->value;

// Post
$loginAttemptHTML = cURL("https://accounts.google.com/ServiceLoginAuth",true,$cookies,$params);

	// Reset cookie and build again
	$cookies = getCookies($loginAttemptHTML);
 
/*
NOW TO JUST OPEN ANOTHER URL EDIT THE FIRST ARGUMENT OF THE FOLLOWING FUNCTION.
TO SEND SOME DATA EDIT THE LAST ARGUMENT.
*/
echo cURL("http://mail.google.com/",null,$cookies,null);


function getCookies($doc,$hasHTML = true)
{
	// Extract just header if there's HTML
	if($hasHTML)
	{
		$doc = array_shift(explode("\r\n\r\n",$doc));
	}
	
	// Build cookies
	$cookies = "";
	$lines = explode("\n",$doc);
	foreach($lines as $line)
	{
		if(substr($line,0,11) == "Set-Cookie:")
		{
			$cookies .= trim(substr($line,11)) . ";";
		}
	}
		
	return $cookies;
}

function cURL($url, $header=NULL, $cookie=NULL, $p=NULL)
{
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_HEADER, $header);
	// curl_setopt($ch, CURLOPT_NOBODY, $header);
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
	curl_setopt($ch, CURLOPT_COOKIE, $cookie);
	curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	 
	if ($p) {
		curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
		curl_setopt($ch, CURLOPT_POST, 1);
		curl_setopt($ch, CURLOPT_POSTFIELDS, $p);
	}
	$result = curl_exec($ch);
	 
	if ($result) {
		return $result;
	} else {
		return curl_error($ch);
	}
	curl_close($ch);
}

?>

Open in new window

0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 37811681
Also, if you want it to be something where your friends would log into their inbox, then why would you want it to be temporary?

Keep in mind that Gmail is actively trying to prevent this kind of automated login because it is insecure. The federated login (OAuth) is the forced approach because it is much safer for the user.
0
 
LVL 1

Author Comment

by:hintco
ID: 37820750
Thank u very much gr8gonzo, Finally u get it my goal well.
yes, i want this script exactly but when i test it, it didn't work.

why???
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 37821209
It is because Google keeps it from working because it is not secure. That is why I said it would fail - I knew it would not work even though it mimics all of the login behavior. I would not be surprised if the Facebook script stopped working some day. When you have a script like this, it makes it easier for hackers to try to break into someone's account. Google knows this and that is why they try to tell you to use OAuth. Other websites are also changing over to this type of approach to try to keep these types of autologin scripts from working.
0
 
LVL 1

Author Comment

by:hintco
ID: 37850018
Thank u gr8gonzo, but i try to grap the gmail page by saving it by firefox browser and run it in localhost, then try to login it will confirm u and redirect u to the inbox.
This give me the idea to make an auto login to gmail by php script, and i'm still believe that there is a chance to do it.

Can anyone help me in my believe to get it real ?
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 37850649
Yes, that works because it is still depending on the browser to handle authentication. PHP is not doing any of the authentication. When you save a page in Firefox, you are saving the final, rendered HTML page. If you have a session active, then if you click on a link in that final HTML page that takes you to Gmail, you will be logged in because of the browser session. If you don't have an active session, you'll still be taken to Gmail and prompted to log in.

Again, there is no possibility of doing exactly what you want with PHP. The closest approach to what you want is using the approach offered by Proc, but that is Javascript, not PHP. It should still offer the feel of what you are trying to accomplish. If it doesn't work for you, then you'll have to explain why you need the same effect in PHP instead of Javascript, so we can figure out more of what you want.
0
 
LVL 1

Author Comment

by:hintco
ID: 37860965
Thank u gr8gonzo for keeping in touch with me.

I want any solution to achieve my goal either javascript or javascript ,ajax and jquery anything
but all the solution above didn't work for me even Proc solution didn't work.

Can i got any solution run correctly ?
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 37861273
It looks like Proc's solution won't work anymore because the code needs to run ON Gmail's site, and there's no way to automatically execute it in that context. I tried to modify his code a little bit to work in a different way, but Google has set headers to disallow iframing, and put in special code to hash passwords and take other security measures to prevent automatic logins via Javascript or server-side scripts.

Like I said at the beginning, you're just not going to be able to do this. You used to be able to do it a few years back before they made the security changes, but they've introduced all sorts of security checks to break these scripts.

Remember, they are focused on preventing break-in attempts. If you were a hacker trying to steal passwords, for example, then you could create a page that LOOKED like the gmail login and would allow users to log in, so they wouldn't know the difference, but you could be stealing their passwords. Gmail has been working to prevent this.

So there IS an answer to your question, but the answer is no, you just can't do this.
0
 
LVL 1

Author Comment

by:hintco
ID: 37951528
Ok, but i can't believe this idea because this site passpack.com do the same goal that i want.
This website for store username and password. There is option to sign in to other accounts like gmail, yahoo etc..,  There have a button, if i click that button, that will redirect to gmail login page with username and password.

Please help me, Thanks in advance.
0
 
LVL 29

Assisted Solution

by:Olaf Doschke
Olaf Doschke earned 250 total points
ID: 37952918
First of all, they integrate as a browser toolbar, that's giving more control. Actually you need to dowenload and install something, don't you. This doesn't work online, really, it works as a browser plug in. They also seem to make use of a feature built in to most browsers anyway: automatic repetition of input into form fields. Logins are mainly also simple HTML forms with certain input tags for your login name and password.

I would rather use some desktop password safe tool, eg there is password safe, Kaspersky password manager, or KeePass as portableApp.

I recommended using oAuth, I still do, services like http://www.ifttt.com go that route.

Do you have a twitter account, then go to https://twitter.com/settings/applications and you can see which apps you granted access and can revoke access there (kind of log off). Or with google you can find this at https://accounts.google.com/b/0/IssuedAuthSubTokens once you're logged in to your google account.

This is giving you the control and you don't hand out your password for that. That's how it should be done. passpack.com might look as trustworhty as they want, I won't hand out my password to third parties.

With desktop password safes and spyware/antivirus protection and firewall I am quite confident, they only store my passwords local, that's ok, better than writing them into a txt file. The most important ones I even don't store there.

Bye, Olaf.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 37965388
Olaf is correct. They are not using the same technology as you are talking about. Whenever you require someone to download and install something, you are gaining access to a LOT more power. That is why it can work as a .NET browser component - because you are not running it the same way as a server-side component, which has limitations.

I don't know what else to tell you. You have several experts all telling you that it cannot be done the way you are asking because a company with billions of dollars has spent the money to make sure it cannot be done that way for security purposes (and I've even given you the script that WOULD work if it COULD be done that way). We're giving you the correct ways to do it. If you don't believe us, then you're going to be wasting a lot of your own time trying.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 38257817
Wow, a C grade after all that...? If you don't believe us or didn't like that our answers weren't exactly what you originally wanted, that's fine, but that shouldn't dock the grade you give to the answer if the answer is accurate and thorough. Note to self: stay away from hintco's questions.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now