//
you're reading...
Source Code

Dynamic Post of Login Form from PHP

When you write a lot of bots for different people and projects, sometimes it can be a huge help to not have to worry about the little things. Writing a routine to emulate user login is one of my greatest annoyances. With that in mind, I wrote this a few months back.

Dynamic Post of Login Form from PHP

require_once('simple_html_dom.php');

function postString($dataArray) 
{
	$tempString;
	foreach($dataArray as $key => $value) 
	{
		if(strlen(trim($value)) > 0) 
		{
			$value = is_array($value) ? $value : urlencode($value);
			$tempString[] = $key . "=" . $value;
		}
		else 
		{
			$tempString[] = $key;
		}
	}
	$queryString = join('&', $tempString);
	return $queryString;
}

function get_data($url) 
{
	$ch = curl_init();
	$timeout = 5;
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
	curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
	curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
	$data = curl_exec($ch);
	curl_close($ch);
	return $data;
}

function post_data($url, $postArray)
{	
	$ch = curl_init();
	curl_setopt( $ch,CURLOPT_URL, $url);
	curl_setopt( $ch,CURLOPT_POSTFIELDS, postString($postArray));
	curl_setopt( $ch,CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
	curl_setopt( $ch,CURLOPT_SSL_VERIFYPEER, false);
	curl_setopt( $ch,CURLOPT_COOKIEJAR, "cookie.txt");
	curl_setopt( $ch,CURLOPT_COOKIEFILE, "cookie.txt");
	$result = curl_exec($ch);
	curl_close($ch);	
	return $result;
}

function login($url, $username, $password)
{
	$html= new simple_html_dom();
	$html->load(get_data($url));
	$formFields;
	$formUrl;
	$formMethod;
	foreach($html->find('form') as $form) 
	{
		if(strstr(strtolower($form->innertext), "password"))
		{
			$formUrl = $form->action;
			$formMethod = $form->method;
			foreach ($form->find('input') as $input)
			{
				if($input->type == "hidden")
				{
					$formFields[$input->name] = $input->value;
				}
				else
				{
					if($input->value == "" && strstr(strtolower($input->name), "u"))
					{
						$formFields[$input->name] = $username;
					}
					else if($input->value == "" && strstr(strtolower($input->name), "p"))
					{
						$formFields[$input->name] = $password;
					}
					else if($input->name != "")
					{
						$formFields[$input->name] = $input->value;
					}
				}
			}
		}
	}
	
	$html->clear();
    unset($html);

	return post_data($formUrl, $formFields);
}

login('http://url/of/page/containing/login/form/', 'username', 'password');
Advertisements

About Pythorian

Exploration and Production oriented security consultant for securing IT infrastructures relating to natural resources.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: