Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

auto login to website and fillout form

Posted on 2013-06-24
17
Medium Priority
?
1,115 Views
Last Modified: 2013-12-20
I am looking to write a script that can login to a website and fill out a form and submit it.
I don't really care how it's done whether php or js or a combination of them.

I'm just looking for some guidance to get this going.

Thanks,
Tony
0
Comment
Question by:askurat1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 4
  • +2
17 Comments
 
LVL 15

Expert Comment

by:Jagadishwor Dulal
ID: 39273778
Auto login is a risk work you have to concern about this.  However I am going to refer you some  example site for your concept.
http://www.bitrepository.com/php-autologin.html
http://php.about.com/od/advancedphp/qt/php_cookie.htm
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39273883
Sounds you want to login to someone else's site and fill out the form automatically.  You should know that since that is a common way to generate spam in web site forms, that you will be blocked on a lot of sites these days.
0
 
LVL 59

Assisted Solution

by:Julian Hansen
Julian Hansen earned 664 total points
ID: 39273948
You would need to use the CURL library to perform the login - after that it depends on the site you are connecting to

If you know what the form looks like - and it is unlikely to change you can simply POST / GET the form data to the server side process (depending on the method attribute of the form).  Again you can use the CURL library for this

OR

You can generate a duplicate form on your site with prepopulated fields and use JScript to submit it.

It depends on your specific circumstances. If the form requires a captcha then you are pretty much sunk.

If your request is a legitimate requirement to automate a process then go for it - if you are trying to write a bot to spam people then I would strongly recommend you reconsider.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 1336 total points
ID: 39274519
Please post the URL of the site you want to address.  Please post the exact login credentials we can use to test the login script.  It's not rocket science, but there may be form tokens, or OAuth, or similar things, and speculating about the particulars is a waste of time.

While you may be able to do this, you may want to consider whether it is advisable to do this.  If you're interested in a formal way to receive information from a publisher or communicate with a web service, I suggest you ask the author of the service for an API.  That is the way things like this are done in the real world.

If the author / publisher will not give you access via an API and you decide to go ahead with the automated access to the login form, this script may serve as a starting point for your work.

<?php // RAY_curl_login.php
error_reporting(E_ALL);
echo "<pre>";

// THE REPLACEMENTS (CASE SENSITIVE) ARE THE LOGIN CREDENTIALS FOR THE SITE
$replacements["UserName"] = 'YourUID';
$replacements["Password"] = 'YourPWD';

// READ THE PAGE WITH THE LOGIN FORM
$baseurl = 'http://www.YourSite.com';
$ch = curl_init();

// SET THE CURL OPTIONS - SEE http://php.net/manual/en/function.curl-setopt.php
curl_setopt($ch, CURLOPT_POST, FALSE);
curl_setopt($ch, CURLOPT_URL, $baseurl);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR,  'cookie.txt');
curl_setopt($ch, CURLOPT_FAILONERROR, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_TIMEOUT, 3);

// CALL THE WEB PAGE
$htm = curl_exec($ch);
$err = curl_errno($ch);
$inf = curl_getinfo($ch);

// IF ERRORS - SEE http://curl.haxx.se/libcurl/c/libcurl-errors.html
if ($htm === FALSE)
{
    echo PHP_EOL . "CURL GET FAIL: $baseurl CURL_ERRNO=$err ";
    var_dump($inf);
    die();
}


// REMOVE THE END-OF-LINE CHARACTERS
$htm = str_replace(PHP_EOL, NULL, $htm);

// ISOLATE THE FORM
$form   = explode("<form",$htm);
$form   = explode("</form>",$form[1]);
$inputs = explode("<input",$form[0]);
$post   = "";

foreach($inputs as $key => $val)
{
    // IDENTIFY THE ACTION SCRIPT
    $action = strpos($val, "action");
    if($action !== false)
    {
        // EXTRACT THE ACTION SCRIPT NAME FROM THE FORM INPUT
        $actstart = strpos($val, "\"", $action+1);
        $actend   = strpos($val, "\"", $actstart+1);
        $posturl  = substr($val, $actstart+1, ($actend-$actstart-1));
        continue;
    }

    // IDENTIFY THE INPUT FIELDS BY NAME AND VALUE PAIRS
    $name = strpos($val, "name");
    if($name !== false)
    {
        // EXTRACT THE NAME FROM THE FORM INPUT
        $namestart = strpos($val, "\"", $name+1);
        $nameend   = strpos($val, "\"", $namestart+1);
        $strname   = substr($val, $namestart+1, ($nameend-$namestart-1));

        // EXTRACT THE VALUE
        $value = strpos($val, "value");
        if($value !== false)
        {
            $valuestart = strpos($val, "\"", $value+1);
            $valueend   = strpos($val, "\"", $valuestart+1);
            $strvalue   = substr($val, $valuestart+1, ($valueend-$valuestart-1));
        }

        // IF NO VALUE TRY TO REPLACE
        else
        {
            foreach ($replacements as $k => $v)
            {
                if ($k == $strname) $strvalue = $v;
            }
        }
        $post .= "&" . $strname . "=" . urlencode($strvalue);
    }
}

// DATA EXTRACTION COMPLETE -- WAIT A RESPECTABLE PERIOD OF TIME
sleep(1);

// DECLOP LEFTMOST AMPERSAND
$post = substr($post,1);

// SET THE LOGIN URL
$posturl = $baseurl . '/' . $posturl;

// NOW POST THE DATA WE HAVE FILLED IN
curl_setopt($ch, CURLOPT_URL, $posturl);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

// CALL THE WEB PAGE
$xyz = curl_exec($ch);
$err = curl_errno($ch);
$inf = curl_getinfo($ch);

// IF ERRORS - SEE http://curl.haxx.se/libcurl/c/libcurl-errors.html
if ($xyz === FALSE)
{
    echo PHP_EOL . "CURL POST FAIL: $posturl CURL_ERRNO=$err ";
    var_dump($inf);
}

// NOW ON TO THE NEXT PAGE, USING THE GET METHOD
curl_setopt($ch, CURLOPT_URL, 'http://www.YourSite.com/nextpage');
curl_setopt($ch, CURLOPT_POST, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, '');

$xyz = curl_exec($ch);
$err = curl_errno($ch);
$inf = curl_getinfo($ch);

// IF ERRORS - SEE http://curl.haxx.se/libcurl/c/libcurl-errors.html
if ($xyz === FALSE)
{
    echo PHP_EOL . "CURL 2ND GET FAIL: $posturl CURL_ERRNO=$err ";
    var_dump($inf);
}

// SHOW OFF THE DATA AFTER THE LOGIN
echo ($xyz);

Open in new window

0
 
LVL 8

Author Comment

by:askurat1
ID: 39274772
I am just trying to auto generate and register a device on apple's developer website.
Here is the link: https://daw.apple.com/cgi-bin/WebObjects/DSAuthWeb.woa/wa/login?appIdKey=d4f7d769c2abecc664d0dadfed6a67f943442b5e9c87524d4587a95773750cea&path=%2F%2Faccount%2Fios%2Fdevice%2FdeviceList.action

I'm obviously not going to give my login info but it should take you to the login page to see what needs to be filled out.

I can also get whatever info is needed once logged in to test.
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1336 total points
ID: 39274850
Stripped of the "fluff" here is the HTML form that controls the login.
<form method="post" action="/cgi-bin/WebObjects/DSAuthWeb.woa/636/wo/of1t2tmRqitcsw111SA1qg/0.1.3.1.1.2.1.1.3.1.1">
<input type="text"     name="theAccountName" />
<input type="password" name="theAccountPW" />
<input type="image"    src="/AppleConnect/US-EN/spacer.gif" />
<input type="image"    src="/AppleConnect/US-EN/adc09_forgot_password.png" />
<input type="image"    src="/AppleConnect/US-EN/adc09_signin.png" />
<input type="hidden"   name="theAuxValue" />
<input type="hidden"   name="wosid" value="of1t2tmRqitcsw111SA1qg" />
</form>

Open in new window

From the look of the extensive JavaScript and the hidden variables, I would surmise that Apple has gone to considerable effort to prevent any automated login.  And there is this statement in the Terms of Use.
Your Use of the Site

You may not use any “deep-link”, “page-scrape”, “robot”, “spider” or other automatic device, program, algorithm or methodology, or any similar or equivalent manual process, to access, acquire, copy or monitor any portion of the Site or any Content, or in any way reproduce or circumvent the navigational structure or presentation of the Site or any Content, to obtain or attempt to obtain any materials, documents or information through any means not purposely made available through the Site. Apple reserves the right to bar any such activity.

You may not attempt to gain unauthorized access to any portion or feature of the Site, or any other systems or networks connected to the Site or to any Apple server, or to any of the services offered on or through the Site, by hacking, password “mining” or any other illegitimate means.

You may not probe, scan or test the vulnerability of the Site or any network connected to the Site, nor breach the security or authentication measures on the Site or any network connected to the Site. You may not reverse look-up, trace or seek to trace any information on any other user of or visitor to the Site, or any other customer of Apple, including any Apple account not owned by you, to its source, or exploit the Site or any service or information made available or offered by or through the Site, in any way where the purpose is to reveal any information, including but not limited to personal identification or information, other than your own information, as provided for by the Site.

You agree that you will not take any action that imposes an unreasonable or disproportionately large load on the infrastructure of the Site or Apple’s systems or networks, or any systems or networks connected to the Site or to Apple.

You agree not to use any device, software or routine to interfere or attempt to interfere with the proper working of the Site or any transaction being conducted on the Site, or with any other person’s use of the Site.

You may not forge headers or otherwise manipulate identifiers in order to disguise the origin of any message or transmittal you send to Apple on or through the Site or any service offered on or through the Site. You may not pretend that you are, or that you represent, someone else, or impersonate any other individual or entity.

You may not use the Site or any Content for any purpose that is unlawful or prohibited by these Terms of Use, or to solicit the performance of any illegal activity or other activity which infringes the rights of Apple or others.
So instead of trying to create a phony automated login, just contact Apple directly and ask them for an API.
0
 
LVL 8

Author Comment

by:askurat1
ID: 39276263
Thanks for the response.

Do they have an api for something like this?
0
 
LVL 8

Author Comment

by:askurat1
ID: 39276617
If I were to use the script you gave me what changes would need to be made?
0
 
LVL 59

Expert Comment

by:Julian Hansen
ID: 39277100
You would need to change the following

URL
Name of username field if not userame
Name of password field if not password
Fill in your username
Fill in your password

That should do it.
0
 
LVL 8

Author Comment

by:askurat1
ID: 39278469
I made the changes but it doesn't seem to work.
0
 
LVL 59

Expert Comment

by:Julian Hansen
ID: 39279048
That is not useufl - you need to

a) Show us what you did
b) Tell us what did not work
  - what did you observer
  - what errors were there (if any)

We can only help you if you give us information. One line responses that it did not work does not take us forward.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39280264
... but it doesn't seem to work.
The last time I checked, that is not an error message, so we cannot diagnose the problem based on this alone.  We would need the SSCCE that shows what you tried and what happened.  Then we could reproduce the failure and test alternatives.

But to the practical aspects of this... Why are you asking EE if Apple has an API?  Why not just ask Apple?  They are the canonical source of the information you're seeking.  Show Apple this thread (you may need to copy and paste) and ask for their help!
0
 
LVL 8

Author Comment

by:askurat1
ID: 39281427
My apologies. Here is what I tried:

<?php // RAY_curl_login.php
error_reporting(E_ALL);
echo "<pre>";

// THE REPLACEMENTS (CASE SENSITIVE) ARE THE LOGIN CREDENTIALS FOR THE SITE
$replacements["theAccountName"] = 'username';
$replacements["theAccountPW"] = 'password';

// READ THE PAGE WITH THE LOGIN FORM
$baseurl = 'https://daw.apple.com/cgi-bin/WebObjects/DSAuthWeb.woa/wa/login?appIdKey=d4f7d769c2abecc664d0dadfed6a67f943442b5e9c87524d4587a95773750cea&path=%2F%2Faccount%2Flogin.action';
$ch = curl_init();

// SET THE CURL OPTIONS - SEE http://php.net/manual/en/function.curl-setopt.php
curl_setopt($ch, CURLOPT_POST, FALSE);
curl_setopt($ch, CURLOPT_URL, $baseurl);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR,  'cookie.txt');
curl_setopt($ch, CURLOPT_FAILONERROR, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_TIMEOUT, 3);

// CALL THE WEB PAGE
$htm = curl_exec($ch);
$err = curl_errno($ch);
$inf = curl_getinfo($ch);

// IF ERRORS - SEE http://curl.haxx.se/libcurl/c/libcurl-errors.html
if ($htm === FALSE)
{
    echo PHP_EOL . "CURL GET FAIL: $baseurl CURL_ERRNO=$err ";
    var_dump($inf);
    die();
}


// REMOVE THE END-OF-LINE CHARACTERS
$htm = str_replace(PHP_EOL, NULL, $htm);

// ISOLATE THE FORM
$form   = explode("<form",$htm);
$form   = explode("</form>",$form[1]);
$inputs = explode("<input",$form[0]);
$post   = "";

foreach($inputs as $key => $val)
{
    // IDENTIFY THE ACTION SCRIPT
    $action = strpos($val, "action");
    if($action !== false)
    {
        // EXTRACT THE ACTION SCRIPT NAME FROM THE FORM INPUT
        $actstart = strpos($val, "\"", $action+1);
        $actend   = strpos($val, "\"", $actstart+1);
        $posturl  = substr($val, $actstart+1, ($actend-$actstart-1));
        continue;
    }

    // IDENTIFY THE INPUT FIELDS BY NAME AND VALUE PAIRS
    $name = strpos($val, "name");
    if($name !== false)
    {
        // EXTRACT THE NAME FROM THE FORM INPUT
        $namestart = strpos($val, "\"", $name+1);
        $nameend   = strpos($val, "\"", $namestart+1);
        $strname   = substr($val, $namestart+1, ($nameend-$namestart-1));

        // EXTRACT THE VALUE
        $value = strpos($val, "value");
        if($value !== false)
        {
            $valuestart = strpos($val, "\"", $value+1);
            $valueend   = strpos($val, "\"", $valuestart+1);
            $strvalue   = substr($val, $valuestart+1, ($valueend-$valuestart-1));
        }

        // IF NO VALUE TRY TO REPLACE
        else
        {
            foreach ($replacements as $k => $v)
            {
                if ($k == $strname) $strvalue = $v;
            }
        }
        $post .= "&" . $strname . "=" . urlencode($strvalue);
    }
}

// DATA EXTRACTION COMPLETE -- WAIT A RESPECTABLE PERIOD OF TIME
sleep(1);

// DECLOP LEFTMOST AMPERSAND
$post = substr($post,1);

// SET THE LOGIN URL
$posturl = $baseurl . '/' . $posturl;

// NOW POST THE DATA WE HAVE FILLED IN
curl_setopt($ch, CURLOPT_URL, $posturl);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

// CALL THE WEB PAGE
$xyz = curl_exec($ch);
$err = curl_errno($ch);
$inf = curl_getinfo($ch);

// IF ERRORS - SEE http://curl.haxx.se/libcurl/c/libcurl-errors.html
if ($xyz === FALSE)
{
    echo PHP_EOL . "CURL POST FAIL: $posturl CURL_ERRNO=$err ";
    var_dump($inf);
}

// NOW ON TO THE NEXT PAGE, USING THE GET METHOD
curl_setopt($ch, CURLOPT_URL, 'https://developer.apple.com/account/ios/device/deviceList.action');
curl_setopt($ch, CURLOPT_POST, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, '');

$xyz = curl_exec($ch);
$err = curl_errno($ch);
$inf = curl_getinfo($ch);

// IF ERRORS - SEE http://curl.haxx.se/libcurl/c/libcurl-errors.html
if ($xyz === FALSE)
{
    echo PHP_EOL . "CURL 2ND GET FAIL: $posturl CURL_ERRNO=$err ";
    var_dump($inf);
}

// SHOW OFF THE DATA AFTER THE LOGIN
echo ($xyz);

Open in new window


Obviously I put in my actual username and password.

I attached some screen shots of what I am getting when I run this.

It seems to me like it's not entering the username and password but I could be wrong.

i'm not exactly sure what I am looking for.

top of pagemiddle of pagebottom of page
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39281665
As I wrote above, ...
this script may serve as a starting point for your work
It's not a black box -- it requires meticulously detailed customization -- this effort you're undertaking is going to take a lot of time and effort.  And if it succeeds at all, I expect that Apple will be unhappy and will take steps to "break" the script you have developed.

Two suggestions, and these will be my last on the subject.

1. Contact Apple for help.
2. Hire a professional developer.

Best regards, and best of luck with your project, ~Ray
0
 
LVL 59

Expert Comment

by:Julian Hansen
ID: 39282148
It looks like the site is redirecting to the actual login. If you are using curl you should be doing a server side connection to the page - which should not show in the browser.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question