The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 17, 2019, 11:55:48 PM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: PHP, cURL, and Cookies  (Read 4824 times)
cdc
Expert
****
Offline Offline

Posts: 105


View Profile
« on: April 21, 2007, 02:03:40 AM »

I have a function located in an external file that gets included in several of my scripts. The function's purpose is to submit a form:

Code:
function hitForm($loginURL, $loginFields, $referer="") {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
        curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
        curl_setopt($ch, CURLOPT_URL, $loginURL);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_REFERER, $referer);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_TIMEOUT, 400);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $loginFields);
        $ret = curl_exec($ch);
        curl_close($ch);
        return $ret;
}

Now this has worked on thousands of sites, but I'm currently running into an issue with one site. The site is telling me that I don't have cookies enabled when I try to submit the form.

I've tried opening up the permissions on cookies.txt, but that didn't seem to do anything. I should also mention that all the scripts that are using this function are located in their own directories and therefore have their own cookies.txt files. I've never had this problem with my other two dozen scripts, however.

Any idea of something I should be looking at? It's not a huge deal if I have to skip this site, but I did already do some work so I'd like to have it included.
« Last Edit: April 21, 2007, 11:30:51 AM by perkiset » Logged

Will code for food.
thedarkness
Lifer
*****
Offline Offline

Posts: 585



View Profile
« Reply #1 on: April 21, 2007, 02:31:13 AM »

Corect me if I'm wrong dude but wouldn't you have to "GET" a page from the site to allow it to set the cookie/s (maybe you do that elsewhere)? If that's not the issue then maybe check you have write permission on the directory where cookies.txt will live.

HTH,
td
Logged

"I want to be the guy my dog thinks I am."
 - Unknown
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #2 on: April 21, 2007, 11:32:18 AM »

I think TD is right on - the site would not expect you to be posting without having first GOTten a page, which would have contained <the cookie> that they want to see on the post.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
cdc
Expert
****
Offline Offline

Posts: 105


View Profile
« Reply #3 on: April 21, 2007, 12:54:36 PM »

Yes, I tried that as well, but still no luck. I moved on. I'm guessing that site is broken considering my code works for the other 10,000 sites.

I just wanted to make sure I wasn't missing something obvious that would keep coming up to bite me in the ass.

Thanks.
Logged

Will code for food.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #4 on: April 21, 2007, 12:59:45 PM »

I don't think so... but I am not good with cURL because I don't trust other libs by default.

I will post my personal WebRequest PHP class a bit later today - it's what I use because I can put it anywhere that at least has php4.3 an nothing else.

/p
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
nop_90
Global Moderator
Lifer
*****
Offline Offline

Posts: 2203


View Profile
« Reply #5 on: April 21, 2007, 05:32:16 PM »

I agree with perks that i do not trust other libs by default.
Then again i don't trust myself by default.

Like the time i was posting on a certain social network imformation of how lonely people could find casual sex partners.
(Part of my way of helping less fortunate people).
This certain network on functions like add friend, send message etc did not have a session key.
And you where able to inject JS into the page.

Anyway i went to sleep one nite. And I had a dream.
In my dream I was coding, but i determined that my method of imformation propagation was inefficient.
It would be much more effective if the person who visit my profile, would add the same imformation to his profile,
and then notify 10 of his friends. In my dream it worked great, in like 2 days i contacted like all people on this social network  ROFLMAO
Then i remember "don't talk about xss it is icky and will get u in trouble"
Fortunately it was all a dream Smiley

Certain sites if you do not have a legit useragent string will return bogus message like
"system is down"
"system error XXXXXXX, please send e-mail to _______ describing problem"
Other places in the post they have "control chars" which you can not see, but if are not included return an error.
Another places has tons of JS and then modifies form with JS. (not sure if this is to screw u over).

If ur code works on other sites but not this one, and if u can post using browser, some sort of nasty going on Smiley
Logged
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #6 on: April 21, 2007, 05:42:46 PM »

At the core, however, if you see all the headers and content coming at you, and respond the correct way, the server will not know that you are a bot not a browser CAVEAT: Some of us have spent a lot of time both defeating this very point, so this is not true in all circumstances.

But, for the most part people will not be a Nutballs or Nop and have their systems locked down so tight that your bots cannot get in. All that being said, if it's only one out of 10K then who gives a shit  ROFLMAO

/p
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
thedarkness
Lifer
*****
Offline Offline

Posts: 585



View Profile
« Reply #7 on: April 21, 2007, 06:07:45 PM »

if it's only one out of 10K then who gives a shit

purists..... who have to know... it's funny  ROFLMAO but kinda sad too  Cry

td
Logged

"I want to be the guy my dog thinks I am."
 - Unknown
mailrouter
n00b
*
Offline Offline

Posts: 2


View Profile
« Reply #8 on: May 11, 2007, 05:45:56 PM »

Open a site in FF with LiveHTTP headers installed. Check out what information your browser sends them and replicate it in your script.
Try again
« Last Edit: May 11, 2007, 05:48:47 PM by mailrouter » Logged

No links in signatures please
basura
Rookie
**
Offline Offline

Posts: 13


View Profile
« Reply #9 on: June 14, 2007, 08:50:55 AM »

I have a function located in an external file that gets included in several of my scripts. The function's purpose is to submit a form:

Code:
function hitForm($loginURL, $loginFields, $referer="") {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
        curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
        curl_setopt($ch, CURLOPT_URL, $loginURL);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_REFERER, $referer);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_TIMEOUT, 400);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $loginFields);
        $ret = curl_exec($ch);
        curl_close($ch);
        return $ret;
}

Now this has worked on thousands of sites, but I'm currently running into an issue with one site. The site is telling me that I don't have cookies enabled when I try to submit the form.

I've tried opening up the permissions on cookies.txt, but that didn't seem to do anything. I should also mention that all the scripts that are using this function are located in their own directories and therefore have their own cookies.txt files. I've never had this problem with my other two dozen scripts, however.

Any idea of something I should be looking at? It's not a huge deal if I have to skip this site, but I did already do some work so I'd like to have it included.




Spamm on Social Networks are really interesting, and as describes mailrouter, you can get the values that request the page instead and make headers in PHP with the correct information.

I suggest you to use a "Explorer PHP simulator browser" like Snoopy, a PHP class that allows a lot of "good" job to post on some social networks...maybe sends emails, private messages and a lot of "texts" with interests links in it...Wink

I think cdc, your dream it could become true in Social Ingeniery, trying to locate usefull keywords from his/her profiles and then trying to make a neccesity in this subject, this way its a help to this subject to get a better "state" in life...in his/her life by buying "something" provided by the link...

And its not difficult to make his/her friends do the same, marketing plus spam techniques plus clever programming its the KEY of success..

Slime
Logged

No links in signatures please
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #10 on: June 14, 2007, 08:56:32 AM »

 Applause

I think you're going to do quite well here Slime...
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!