Google Mail (Gmail) - Auto login

I am writing a script to scrap contact information & messages of my friends in several accounts. I would like to know if someone knows a good way to auto-login to gmail account so that i can automate the process.

Hintco
LVL 1
hintcoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee SavidgeCommented:
I would doubt this is possible for security reasons. I would personally connect all the accounts to Thunderbird or Outlook or some other email client capable of allowing multiple accounts, set all the settings to download all the email rather than store on the server and delete all the mail locally. Then sync the contacts and delete them all locally and allow the sync back to the server.
0
Olaf DoschkeSoftware DeveloperCommented:
In general google offers oauth access to services, take a look at https://developers.google.com/accounts/docs/OAuth2
If you're unfamiliar with any API yet, it's perhaps not the easiest thing to start with. Then I'd go with a mail client to downloa mails or adress books etc. and gather all the infos.

Bye, Olaf.
0
hintcoAuthor Commented:
i want a script like this script in other question with facebook
Auto-Login Facebook
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

ProculopsisCommented:
This is what I use, paste twice into address bar or put it into a shortcut:

javascript:u="simon@gmail.com";p="PASSWORD_HERE";if(!(document.forms["gaia_loginform"])){document.location.replace("https://accounts.google.com/ServiceLoginAuth");}else{with(document.forms["gaia_loginform"]){elements["Email"].value=u;elements["Passwd"].value=p;elements["PersistentCookie"].checked=true;submit();void(0);}}


0
hintcoAuthor Commented:
can i but this script in PHP page if i can give me an example.
thanks
0
gr8gonzoConsultantCommented:
Google gives you APIs for everything you're trying to do. Here's sample PHP code for handling the authentication side of things (the samples should give you access to a list of mails in a GMail account):

http://code.google.com/p/google-mail-xoauth-tools/wiki/PhpSampleCode

Once you've got the authorization down, then it's just a matter of using the Google Contact APIs:

https://developers.google.com/google-apps/contacts/v3/#deleting_contacts
0
ProculopsisCommented:
I don't know about php but .NET has a WebBrowser Control which can be used for screen scraping by setting the url property with the above.

Do you have such a control in php?
0
hintcoAuthor Commented:
i want a script like this script
Auto-Login Facebook
0
gr8gonzoConsultantCommented:
Hi hintco,

I understand you want that kind of script, but not all websites are the same. I would caution against trying to use a script like that Facebook one because if it doesn't use an API, then the slightest change from Google could break the script. Or the script might work only a small percentage of the time because the login parameters and tokens are changing. The APIs that Google gives you are designed -exactly- for what you're asking to do. The links I gave you should be exactly what you need - I do not believe there is a small script like that Facebook one that will work for Gmail.
0
hintcoAuthor Commented:
The slightest change from Google could break the script

Open in new window

Ok, I know that i want the script temporarily not permanent
if gmail changes its parameter i will change them or if it can automatically check the parameters and assign them it will be smarty.
0
gr8gonzoConsultantCommented:
That was more of a side comment - the real issue is that I don't think there is one like what you are asking for. The authentication process and interaction with Gmail is complicated (which is why there are APIs to begin with - to make it uncomplicated). I'm not trying to rain on your parade - if there was a small script like that, I would give it to you and then tell you that it wouldn't be a permanent thing, but as far as I know, there just is no script like that. Only the APIs.
0
hintcoAuthor Commented:
I'm sure that there is a script done this job, if there isn't  can i act with API like GMAIL in PHP with all facilities can i redraw the GMAIL page using GMAIL APIs.
Give me example code run in PHP.
thanks
0
hintcoAuthor Commented:
And i want php script for yahoo mail & hotmail also, bec. my friends use them frequently.
thanks
0
gr8gonzoConsultantCommented:
Hi hintco,

The first link I provided has sample PHP code. The APIs will give you the capability of interacting with all mail items and the contacts. Please check the links. Trying to copy and paste code here will not do you any good, because that code will depend on files that you get in the downloads in that first link.

If you want PHP scripts for Yahoo and Hotmail, I would suggest opening up separate questions for each one, since they are each different topics.
0
hintcoAuthor Commented:
Ok, thank u but i still want a php script for gmail like facebook link above, bec. this solution (APIs) doesn't achieve my need.

Any other suggestion or solutions.
0
gr8gonzoConsultantCommented:
Please be more specific about why it does not meet your needs. The APIs are THE way to interact with Gmail, and the PHP scripts are there, so I am confused as to why you do not use those scripts.
0
gr8gonzoConsultantCommented:
Did you actually try the samples in that link? I don't see how you could have tried them and determined that they do not give you access to the items you are asking for...
0
hintcoAuthor Commented:
I want my friends login in my website with there accounts in gmail and when they click the inbox button in my website redirect them to gmail with auto login (gmail inbox).
It's clear now or not.

I want some script give me my goal.
Thanks
0
hintcoAuthor Commented:
There is a strong point in this field that i wrote the script in .net and it work very fine.
Why in php i can't or it's difficult.

All programming languages have similar capabilities i think so.
0
gr8gonzoConsultantCommented:
Hintco, you're asking for different things.

1. If you want to use PHP to access mail and contacts (which is what your original question suggested), then you need to use the APIs.

2. If you want your friends to be able to click on a link to log into Gmail in their browser, then Proculopsis and Olaf have already given you the answers. If you want to do it server-side with PHP, then you have to use federated login (OAuth, that Olaf suggested). If you want to do it with Javascript (which would accomplish exactly the user experience you want), then Proculopsis has given you a solution.

I can build you a script that mimics that exact Facebook auto-login script, but I guarantee you that it will not work because GMail's authentication process is very different and relies on client-side dependencies (Javascript), which is why it would work in .NET - because it has the browser component that is leveraging the Internet Explorer engine on the backend.

Here is that script, which uses exactly the same method that the FB login uses (perform a request to get the cookies, authenticate, grab the resulting cookies, and then finally redirect with the final cookies). The method is technically successful, but will fail because of the failed dependencies and redirect to the Gmail home page:

<?php

// Get this file from http://simplehtmldom.sourceforge.net/
require("simple_html_dom.php");

/* EDIT EMAIL AND PASSWORD */
$EMAIL = "gmail username here";
$PASSWORD = "password here";

$params = array(
	"continue" => "http://mail.google.com/mail/",
	"Email" => $EMAIL,
	"GALX" => "", // Get from login page
	"Passwd" => $PASSWORD,
	"PersistentCookie" => "yes",
	"checkConnection" => "",
	"checkedDomains" => "youtube",
	"dnConn" => "",
	"dsh" => "", // Get from login page
	"ltmpl" => "default",
	"pstMsg" => "0",
	"rm" => "false",
	"rmShown" => "1",
	"scc" => "1",
	"secTok" => "",
	"service" => "mail",
	"signIn" => "Sign in",
	"timeStmp" => "",
);

// Get login page and pull cookie and <input>s
$loginPageHTML = cURL("https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2");

	// Extract cookies and dynamic input values
	$cookies = getCookies($loginPageHTML);

	$dom = str_get_html($loginPageHTML);
	$params["dsh"] = $dom->find('input[name=dsh]',0)->value;
	$params["GALX"] = $dom->find('input[name=GALX]',0)->value;

// Post
$loginAttemptHTML = cURL("https://accounts.google.com/ServiceLoginAuth",true,$cookies,$params);

	// Reset cookie and build again
	$cookies = getCookies($loginAttemptHTML);
 
/*
NOW TO JUST OPEN ANOTHER URL EDIT THE FIRST ARGUMENT OF THE FOLLOWING FUNCTION.
TO SEND SOME DATA EDIT THE LAST ARGUMENT.
*/
echo cURL("http://mail.google.com/",null,$cookies,null);


function getCookies($doc,$hasHTML = true)
{
	// Extract just header if there's HTML
	if($hasHTML)
	{
		$doc = array_shift(explode("\r\n\r\n",$doc));
	}
	
	// Build cookies
	$cookies = "";
	$lines = explode("\n",$doc);
	foreach($lines as $line)
	{
		if(substr($line,0,11) == "Set-Cookie:")
		{
			$cookies .= trim(substr($line,11)) . ";";
		}
	}
		
	return $cookies;
}

function cURL($url, $header=NULL, $cookie=NULL, $p=NULL)
{
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_HEADER, $header);
	// curl_setopt($ch, CURLOPT_NOBODY, $header);
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
	curl_setopt($ch, CURLOPT_COOKIE, $cookie);
	curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	 
	if ($p) {
		curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
		curl_setopt($ch, CURLOPT_POST, 1);
		curl_setopt($ch, CURLOPT_POSTFIELDS, $p);
	}
	$result = curl_exec($ch);
	 
	if ($result) {
		return $result;
	} else {
		return curl_error($ch);
	}
	curl_close($ch);
}

?>

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gr8gonzoConsultantCommented:
Also, if you want it to be something where your friends would log into their inbox, then why would you want it to be temporary?

Keep in mind that Gmail is actively trying to prevent this kind of automated login because it is insecure. The federated login (OAuth) is the forced approach because it is much safer for the user.
0
hintcoAuthor Commented:
Thank u very much gr8gonzo, Finally u get it my goal well.
yes, i want this script exactly but when i test it, it didn't work.

why???
0
gr8gonzoConsultantCommented:
It is because Google keeps it from working because it is not secure. That is why I said it would fail - I knew it would not work even though it mimics all of the login behavior. I would not be surprised if the Facebook script stopped working some day. When you have a script like this, it makes it easier for hackers to try to break into someone's account. Google knows this and that is why they try to tell you to use OAuth. Other websites are also changing over to this type of approach to try to keep these types of autologin scripts from working.
0
hintcoAuthor Commented:
Thank u gr8gonzo, but i try to grap the gmail page by saving it by firefox browser and run it in localhost, then try to login it will confirm u and redirect u to the inbox.
This give me the idea to make an auto login to gmail by php script, and i'm still believe that there is a chance to do it.

Can anyone help me in my believe to get it real ?
0
gr8gonzoConsultantCommented:
Yes, that works because it is still depending on the browser to handle authentication. PHP is not doing any of the authentication. When you save a page in Firefox, you are saving the final, rendered HTML page. If you have a session active, then if you click on a link in that final HTML page that takes you to Gmail, you will be logged in because of the browser session. If you don't have an active session, you'll still be taken to Gmail and prompted to log in.

Again, there is no possibility of doing exactly what you want with PHP. The closest approach to what you want is using the approach offered by Proc, but that is Javascript, not PHP. It should still offer the feel of what you are trying to accomplish. If it doesn't work for you, then you'll have to explain why you need the same effect in PHP instead of Javascript, so we can figure out more of what you want.
0
hintcoAuthor Commented:
Thank u gr8gonzo for keeping in touch with me.

I want any solution to achieve my goal either javascript or javascript ,ajax and jquery anything
but all the solution above didn't work for me even Proc solution didn't work.

Can i got any solution run correctly ?
0
gr8gonzoConsultantCommented:
It looks like Proc's solution won't work anymore because the code needs to run ON Gmail's site, and there's no way to automatically execute it in that context. I tried to modify his code a little bit to work in a different way, but Google has set headers to disallow iframing, and put in special code to hash passwords and take other security measures to prevent automatic logins via Javascript or server-side scripts.

Like I said at the beginning, you're just not going to be able to do this. You used to be able to do it a few years back before they made the security changes, but they've introduced all sorts of security checks to break these scripts.

Remember, they are focused on preventing break-in attempts. If you were a hacker trying to steal passwords, for example, then you could create a page that LOOKED like the gmail login and would allow users to log in, so they wouldn't know the difference, but you could be stealing their passwords. Gmail has been working to prevent this.

So there IS an answer to your question, but the answer is no, you just can't do this.
0
hintcoAuthor Commented:
Ok, but i can't believe this idea because this site passpack.com do the same goal that i want.
This website for store username and password. There is option to sign in to other accounts like gmail, yahoo etc..,  There have a button, if i click that button, that will redirect to gmail login page with username and password.

Please help me, Thanks in advance.
0
Olaf DoschkeSoftware DeveloperCommented:
First of all, they integrate as a browser toolbar, that's giving more control. Actually you need to dowenload and install something, don't you. This doesn't work online, really, it works as a browser plug in. They also seem to make use of a feature built in to most browsers anyway: automatic repetition of input into form fields. Logins are mainly also simple HTML forms with certain input tags for your login name and password.

I would rather use some desktop password safe tool, eg there is password safe, Kaspersky password manager, or KeePass as portableApp.

I recommended using oAuth, I still do, services like http://www.ifttt.com go that route.

Do you have a twitter account, then go to https://twitter.com/settings/applications and you can see which apps you granted access and can revoke access there (kind of log off). Or with google you can find this at https://accounts.google.com/b/0/IssuedAuthSubTokens once you're logged in to your google account.

This is giving you the control and you don't hand out your password for that. That's how it should be done. passpack.com might look as trustworhty as they want, I won't hand out my password to third parties.

With desktop password safes and spyware/antivirus protection and firewall I am quite confident, they only store my passwords local, that's ok, better than writing them into a txt file. The most important ones I even don't store there.

Bye, Olaf.
0
gr8gonzoConsultantCommented:
Olaf is correct. They are not using the same technology as you are talking about. Whenever you require someone to download and install something, you are gaining access to a LOT more power. That is why it can work as a .NET browser component - because you are not running it the same way as a server-side component, which has limitations.

I don't know what else to tell you. You have several experts all telling you that it cannot be done the way you are asking because a company with billions of dollars has spent the money to make sure it cannot be done that way for security purposes (and I've even given you the script that WOULD work if it COULD be done that way). We're giving you the correct ways to do it. If you don't believe us, then you're going to be wasting a lot of your own time trying.
0
gr8gonzoConsultantCommented:
Wow, a C grade after all that...? If you don't believe us or didn't like that our answers weren't exactly what you originally wanted, that's fine, but that shouldn't dock the grade you give to the answer if the answer is accurate and thorough. Note to self: stay away from hintco's questions.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.