Solved

auto login to website and fillout form

Posted on 2013-06-24
17
736 Views
Last Modified: 2013-12-20
I am looking to write a script that can login to a website and fill out a form and submit it.
I don't really care how it's done whether php or js or a combination of them.

I'm just looking for some guidance to get this going.

Thanks,
Tony
0
Comment
Question by:askurat1
  • 5
  • 4
  • 4
  • +2
17 Comments
 
LVL 15

Expert Comment

by:Jagadishwor Dulal
Comment Utility
Auto login is a risk work you have to concern about this.  However I am going to refer you some  example site for your concept.
http://www.bitrepository.com/php-autologin.html
http://php.about.com/od/advancedphp/qt/php_cookie.htm
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
Sounds you want to login to someone else's site and fill out the form automatically.  You should know that since that is a common way to generate spam in web site forms, that you will be blocked on a lot of sites these days.
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 166 total points
Comment Utility
You would need to use the CURL library to perform the login - after that it depends on the site you are connecting to

If you know what the form looks like - and it is unlikely to change you can simply POST / GET the form data to the server side process (depending on the method attribute of the form).  Again you can use the CURL library for this

OR

You can generate a duplicate form on your site with prepopulated fields and use JScript to submit it.

It depends on your specific circumstances. If the form requires a captcha then you are pretty much sunk.

If your request is a legitimate requirement to automate a process then go for it - if you are trying to write a bot to spam people then I would strongly recommend you reconsider.
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 334 total points
Comment Utility
Please post the URL of the site you want to address.  Please post the exact login credentials we can use to test the login script.  It's not rocket science, but there may be form tokens, or OAuth, or similar things, and speculating about the particulars is a waste of time.

While you may be able to do this, you may want to consider whether it is advisable to do this.  If you're interested in a formal way to receive information from a publisher or communicate with a web service, I suggest you ask the author of the service for an API.  That is the way things like this are done in the real world.

If the author / publisher will not give you access via an API and you decide to go ahead with the automated access to the login form, this script may serve as a starting point for your work.

<?php // RAY_curl_login.php
error_reporting(E_ALL);
echo "<pre>";

// THE REPLACEMENTS (CASE SENSITIVE) ARE THE LOGIN CREDENTIALS FOR THE SITE
$replacements["UserName"] = 'YourUID';
$replacements["Password"] = 'YourPWD';

// READ THE PAGE WITH THE LOGIN FORM
$baseurl = 'http://www.YourSite.com';
$ch = curl_init();

// SET THE CURL OPTIONS - SEE http://php.net/manual/en/function.curl-setopt.php
curl_setopt($ch, CURLOPT_POST, FALSE);
curl_setopt($ch, CURLOPT_URL, $baseurl);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR,  'cookie.txt');
curl_setopt($ch, CURLOPT_FAILONERROR, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_TIMEOUT, 3);

// CALL THE WEB PAGE
$htm = curl_exec($ch);
$err = curl_errno($ch);
$inf = curl_getinfo($ch);

// IF ERRORS - SEE http://curl.haxx.se/libcurl/c/libcurl-errors.html
if ($htm === FALSE)
{
    echo PHP_EOL . "CURL GET FAIL: $baseurl CURL_ERRNO=$err ";
    var_dump($inf);
    die();
}


// REMOVE THE END-OF-LINE CHARACTERS
$htm = str_replace(PHP_EOL, NULL, $htm);

// ISOLATE THE FORM
$form   = explode("<form",$htm);
$form   = explode("</form>",$form[1]);
$inputs = explode("<input",$form[0]);
$post   = "";

foreach($inputs as $key => $val)
{
    // IDENTIFY THE ACTION SCRIPT
    $action = strpos($val, "action");
    if($action !== false)
    {
        // EXTRACT THE ACTION SCRIPT NAME FROM THE FORM INPUT
        $actstart = strpos($val, "\"", $action+1);
        $actend   = strpos($val, "\"", $actstart+1);
        $posturl  = substr($val, $actstart+1, ($actend-$actstart-1));
        continue;
    }

    // IDENTIFY THE INPUT FIELDS BY NAME AND VALUE PAIRS
    $name = strpos($val, "name");
    if($name !== false)
    {
        // EXTRACT THE NAME FROM THE FORM INPUT
        $namestart = strpos($val, "\"", $name+1);
        $nameend   = strpos($val, "\"", $namestart+1);
        $strname   = substr($val, $namestart+1, ($nameend-$namestart-1));

        // EXTRACT THE VALUE
        $value = strpos($val, "value");
        if($value !== false)
        {
            $valuestart = strpos($val, "\"", $value+1);
            $valueend   = strpos($val, "\"", $valuestart+1);
            $strvalue   = substr($val, $valuestart+1, ($valueend-$valuestart-1));
        }

        // IF NO VALUE TRY TO REPLACE
        else
        {
            foreach ($replacements as $k => $v)
            {
                if ($k == $strname) $strvalue = $v;
            }
        }
        $post .= "&" . $strname . "=" . urlencode($strvalue);
    }
}

// DATA EXTRACTION COMPLETE -- WAIT A RESPECTABLE PERIOD OF TIME
sleep(1);

// DECLOP LEFTMOST AMPERSAND
$post = substr($post,1);

// SET THE LOGIN URL
$posturl = $baseurl . '/' . $posturl;

// NOW POST THE DATA WE HAVE FILLED IN
curl_setopt($ch, CURLOPT_URL, $posturl);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

// CALL THE WEB PAGE
$xyz = curl_exec($ch);
$err = curl_errno($ch);
$inf = curl_getinfo($ch);

// IF ERRORS - SEE http://curl.haxx.se/libcurl/c/libcurl-errors.html
if ($xyz === FALSE)
{
    echo PHP_EOL . "CURL POST FAIL: $posturl CURL_ERRNO=$err ";
    var_dump($inf);
}

// NOW ON TO THE NEXT PAGE, USING THE GET METHOD
curl_setopt($ch, CURLOPT_URL, 'http://www.YourSite.com/nextpage');
curl_setopt($ch, CURLOPT_POST, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, '');

$xyz = curl_exec($ch);
$err = curl_errno($ch);
$inf = curl_getinfo($ch);

// IF ERRORS - SEE http://curl.haxx.se/libcurl/c/libcurl-errors.html
if ($xyz === FALSE)
{
    echo PHP_EOL . "CURL 2ND GET FAIL: $posturl CURL_ERRNO=$err ";
    var_dump($inf);
}

// SHOW OFF THE DATA AFTER THE LOGIN
echo ($xyz);

Open in new window

0
 
LVL 8

Author Comment

by:askurat1
Comment Utility
I am just trying to auto generate and register a device on apple's developer website.
Here is the link: https://daw.apple.com/cgi-bin/WebObjects/DSAuthWeb.woa/wa/login?appIdKey=d4f7d769c2abecc664d0dadfed6a67f943442b5e9c87524d4587a95773750cea&path=%2F%2Faccount%2Fios%2Fdevice%2FdeviceList.action

I'm obviously not going to give my login info but it should take you to the login page to see what needs to be filled out.

I can also get whatever info is needed once logged in to test.
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 334 total points
Comment Utility
Stripped of the "fluff" here is the HTML form that controls the login.
<form method="post" action="/cgi-bin/WebObjects/DSAuthWeb.woa/636/wo/of1t2tmRqitcsw111SA1qg/0.1.3.1.1.2.1.1.3.1.1">
<input type="text"     name="theAccountName" />
<input type="password" name="theAccountPW" />
<input type="image"    src="/AppleConnect/US-EN/spacer.gif" />
<input type="image"    src="/AppleConnect/US-EN/adc09_forgot_password.png" />
<input type="image"    src="/AppleConnect/US-EN/adc09_signin.png" />
<input type="hidden"   name="theAuxValue" />
<input type="hidden"   name="wosid" value="of1t2tmRqitcsw111SA1qg" />
</form>

Open in new window

From the look of the extensive JavaScript and the hidden variables, I would surmise that Apple has gone to considerable effort to prevent any automated login.  And there is this statement in the Terms of Use.
Your Use of the Site

You may not use any “deep-link”, “page-scrape”, “robot”, “spider” or other automatic device, program, algorithm or methodology, or any similar or equivalent manual process, to access, acquire, copy or monitor any portion of the Site or any Content, or in any way reproduce or circumvent the navigational structure or presentation of the Site or any Content, to obtain or attempt to obtain any materials, documents or information through any means not purposely made available through the Site. Apple reserves the right to bar any such activity.

You may not attempt to gain unauthorized access to any portion or feature of the Site, or any other systems or networks connected to the Site or to any Apple server, or to any of the services offered on or through the Site, by hacking, password “mining” or any other illegitimate means.

You may not probe, scan or test the vulnerability of the Site or any network connected to the Site, nor breach the security or authentication measures on the Site or any network connected to the Site. You may not reverse look-up, trace or seek to trace any information on any other user of or visitor to the Site, or any other customer of Apple, including any Apple account not owned by you, to its source, or exploit the Site or any service or information made available or offered by or through the Site, in any way where the purpose is to reveal any information, including but not limited to personal identification or information, other than your own information, as provided for by the Site.

You agree that you will not take any action that imposes an unreasonable or disproportionately large load on the infrastructure of the Site or Apple’s systems or networks, or any systems or networks connected to the Site or to Apple.

You agree not to use any device, software or routine to interfere or attempt to interfere with the proper working of the Site or any transaction being conducted on the Site, or with any other person’s use of the Site.

You may not forge headers or otherwise manipulate identifiers in order to disguise the origin of any message or transmittal you send to Apple on or through the Site or any service offered on or through the Site. You may not pretend that you are, or that you represent, someone else, or impersonate any other individual or entity.

You may not use the Site or any Content for any purpose that is unlawful or prohibited by these Terms of Use, or to solicit the performance of any illegal activity or other activity which infringes the rights of Apple or others.
So instead of trying to create a phony automated login, just contact Apple directly and ask them for an API.
0
 
LVL 8

Author Comment

by:askurat1
Comment Utility
Thanks for the response.

Do they have an api for something like this?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 8

Author Comment

by:askurat1
Comment Utility
If I were to use the script you gave me what changes would need to be made?
0
 
LVL 51

Expert Comment

by:Julian Hansen
Comment Utility
You would need to change the following

URL
Name of username field if not userame
Name of password field if not password
Fill in your username
Fill in your password

That should do it.
0
 
LVL 8

Author Comment

by:askurat1
Comment Utility
I made the changes but it doesn't seem to work.
0
 
LVL 51

Expert Comment

by:Julian Hansen
Comment Utility
That is not useufl - you need to

a) Show us what you did
b) Tell us what did not work
  - what did you observer
  - what errors were there (if any)

We can only help you if you give us information. One line responses that it did not work does not take us forward.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
... but it doesn't seem to work.
The last time I checked, that is not an error message, so we cannot diagnose the problem based on this alone.  We would need the SSCCE that shows what you tried and what happened.  Then we could reproduce the failure and test alternatives.

But to the practical aspects of this... Why are you asking EE if Apple has an API?  Why not just ask Apple?  They are the canonical source of the information you're seeking.  Show Apple this thread (you may need to copy and paste) and ask for their help!
0
 
LVL 8

Author Comment

by:askurat1
Comment Utility
My apologies. Here is what I tried:

<?php // RAY_curl_login.php
error_reporting(E_ALL);
echo "<pre>";

// THE REPLACEMENTS (CASE SENSITIVE) ARE THE LOGIN CREDENTIALS FOR THE SITE
$replacements["theAccountName"] = 'username';
$replacements["theAccountPW"] = 'password';

// READ THE PAGE WITH THE LOGIN FORM
$baseurl = 'https://daw.apple.com/cgi-bin/WebObjects/DSAuthWeb.woa/wa/login?appIdKey=d4f7d769c2abecc664d0dadfed6a67f943442b5e9c87524d4587a95773750cea&path=%2F%2Faccount%2Flogin.action';
$ch = curl_init();

// SET THE CURL OPTIONS - SEE http://php.net/manual/en/function.curl-setopt.php
curl_setopt($ch, CURLOPT_POST, FALSE);
curl_setopt($ch, CURLOPT_URL, $baseurl);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR,  'cookie.txt');
curl_setopt($ch, CURLOPT_FAILONERROR, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_TIMEOUT, 3);

// CALL THE WEB PAGE
$htm = curl_exec($ch);
$err = curl_errno($ch);
$inf = curl_getinfo($ch);

// IF ERRORS - SEE http://curl.haxx.se/libcurl/c/libcurl-errors.html
if ($htm === FALSE)
{
    echo PHP_EOL . "CURL GET FAIL: $baseurl CURL_ERRNO=$err ";
    var_dump($inf);
    die();
}


// REMOVE THE END-OF-LINE CHARACTERS
$htm = str_replace(PHP_EOL, NULL, $htm);

// ISOLATE THE FORM
$form   = explode("<form",$htm);
$form   = explode("</form>",$form[1]);
$inputs = explode("<input",$form[0]);
$post   = "";

foreach($inputs as $key => $val)
{
    // IDENTIFY THE ACTION SCRIPT
    $action = strpos($val, "action");
    if($action !== false)
    {
        // EXTRACT THE ACTION SCRIPT NAME FROM THE FORM INPUT
        $actstart = strpos($val, "\"", $action+1);
        $actend   = strpos($val, "\"", $actstart+1);
        $posturl  = substr($val, $actstart+1, ($actend-$actstart-1));
        continue;
    }

    // IDENTIFY THE INPUT FIELDS BY NAME AND VALUE PAIRS
    $name = strpos($val, "name");
    if($name !== false)
    {
        // EXTRACT THE NAME FROM THE FORM INPUT
        $namestart = strpos($val, "\"", $name+1);
        $nameend   = strpos($val, "\"", $namestart+1);
        $strname   = substr($val, $namestart+1, ($nameend-$namestart-1));

        // EXTRACT THE VALUE
        $value = strpos($val, "value");
        if($value !== false)
        {
            $valuestart = strpos($val, "\"", $value+1);
            $valueend   = strpos($val, "\"", $valuestart+1);
            $strvalue   = substr($val, $valuestart+1, ($valueend-$valuestart-1));
        }

        // IF NO VALUE TRY TO REPLACE
        else
        {
            foreach ($replacements as $k => $v)
            {
                if ($k == $strname) $strvalue = $v;
            }
        }
        $post .= "&" . $strname . "=" . urlencode($strvalue);
    }
}

// DATA EXTRACTION COMPLETE -- WAIT A RESPECTABLE PERIOD OF TIME
sleep(1);

// DECLOP LEFTMOST AMPERSAND
$post = substr($post,1);

// SET THE LOGIN URL
$posturl = $baseurl . '/' . $posturl;

// NOW POST THE DATA WE HAVE FILLED IN
curl_setopt($ch, CURLOPT_URL, $posturl);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

// CALL THE WEB PAGE
$xyz = curl_exec($ch);
$err = curl_errno($ch);
$inf = curl_getinfo($ch);

// IF ERRORS - SEE http://curl.haxx.se/libcurl/c/libcurl-errors.html
if ($xyz === FALSE)
{
    echo PHP_EOL . "CURL POST FAIL: $posturl CURL_ERRNO=$err ";
    var_dump($inf);
}

// NOW ON TO THE NEXT PAGE, USING THE GET METHOD
curl_setopt($ch, CURLOPT_URL, 'https://developer.apple.com/account/ios/device/deviceList.action');
curl_setopt($ch, CURLOPT_POST, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, '');

$xyz = curl_exec($ch);
$err = curl_errno($ch);
$inf = curl_getinfo($ch);

// IF ERRORS - SEE http://curl.haxx.se/libcurl/c/libcurl-errors.html
if ($xyz === FALSE)
{
    echo PHP_EOL . "CURL 2ND GET FAIL: $posturl CURL_ERRNO=$err ";
    var_dump($inf);
}

// SHOW OFF THE DATA AFTER THE LOGIN
echo ($xyz);

Open in new window


Obviously I put in my actual username and password.

I attached some screen shots of what I am getting when I run this.

It seems to me like it's not entering the username and password but I could be wrong.

i'm not exactly sure what I am looking for.

top of pagemiddle of pagebottom of page
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
As I wrote above, ...
this script may serve as a starting point for your work
It's not a black box -- it requires meticulously detailed customization -- this effort you're undertaking is going to take a lot of time and effort.  And if it succeeds at all, I expect that Apple will be unhappy and will take steps to "break" the script you have developed.

Two suggestions, and these will be my last on the subject.

1. Contact Apple for help.
2. Hire a professional developer.

Best regards, and best of luck with your project, ~Ray
0
 
LVL 51

Expert Comment

by:Julian Hansen
Comment Utility
It looks like the site is redirecting to the actual login. If you are using curl you should be doing a server side connection to the page - which should not show in the browser.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
In this tutorial viewers will learn how to embed Flash content in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <object> tag to embed Flash content.: To specify that the object is Flash content, d…
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now