PHP cURL

can someone tell me what's wrong with this code?

i'm still very novice with cURL, and not great with PHP either. it's meant to log me into HBH.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>richo's curl page</title> </head> <body> <p>blah blah blah</p>

<? $url="http://www.hellboundhackers.org/index.php"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt ($ch, CURLOPT_POST, 1); curl_setopt ($ch, CURLOPT_POSTFIELDS, "user_name=richohealey&user_pass=mypass"); #curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt'); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); $store = curl_exec ($ch); $content = curl_exec ($ch); # This returns HTML curl_close ($ch); echo $content; ?> </body> </html>

should my user and pass be in ''

Assuming the field names are correct, I believe so.

hmm, i took the field names stright from the index.php source, so they should be right, i've tried with them as user_name='richohealey'&user_pass='password' and without the ' marks.

i'm totally stumped

Ah, another thing, you need to use the urlencode() function on your variables (Your username and your password).

I personally don't have enough time to look, but check out http://www.higherpass.com/php/tutorials/Using-Curl-To-Query-Remote-Servers/2/ and compare the code to yours, and check what's not kosher with it.

now that i've fixed that, i get a big header, with all the cookie details, and lines that say set-cookie FUsion user etc.. so it's loggin in , and getting the cookie data, but it isn't running that portion. anyone know why?

ok. i have it narrowed down. the header is

HTTP/1.1 302 Found Date: Wed, 04 Oct 2006 23:30:14 GMT Server: Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.3 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a X-Powered-By: PHP/4.4.3 Set-Cookie: fusion_visited=TRUE; expires=Thu, 04 Oct 2007 23:30:14 GMT; path=/ Set-Cookie: fusion_user=my fusion user; expires=Thu, 05 Oct 2006 02:30:15 GMT; path=/ Location: index.php Transfer-Encoding: chunked Content-Type: text/html HTTP/1.1 200 OK Date: Wed, 04 Oct 2006 23:30:15 GMT Server: Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.3 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a X-Powered-By: PHP/4.4.3 Transfer-Encoding: chunked Content-Type: text/html

and the line curl_setopt($ch, CURLOPT_HEADER, 1);

in the script is what causes it. if i hash it out i get nothing. obvu\iously it is just reading the header, how do i force it to do something with it. is it something about my cookie lines?

$params = array();
$params['user_name'] = "WhiteAcid";
$params['user_pass'] = "***";
$params['login'] = "Login";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.hellboundhackers.org/news.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');


$post_result = curl_exec($ch);

if (curl_errno($ch))
{
	echo curl_error($ch);
}
curl_close($ch);
echo $post_result;
?>```

That'll work. Wireshark does wonders when debugging curl code. HBH has a really wierd loggin in mechanism where you go to news.php, to index.php and back to news.php. Hence the FOLLOWLOCATION and the COOKIEJAR parts are crucial.

Obviously you can comment out the CURLOPT_RETURNTRANSFER line if you don't care about the reply, in which case CURLOPT_HEADER is also totally pointless.

I love you.

i don't even care who you are i want to have your babie, even though i'm a guy.

anyway, i stil get that header at the top. i don't care. thanks heaps.

To remove the header remove the line: markupcurl_setopt($ch, CURLOPT_HEADER, true);

And I've been around on the site for a while, just not very active.

yeah i realised that it got rid of the header at the top, i wan't sure how to make it turn the cokie info in the header in to actual cookeis. thanks heaps guys.

ok…. now i've got more questions. how do i get it to fing a specific part of a file? i'm doing real11 and can log into HBH, log into firm get to the backup page…. can i get it to look for the <hr> tags? and what is the change in syntax for get? does it just change to GET_DATA…. etc in place of post?

oh yeah get is when it's something.php?blah=blah…. so now i just need to know how to fish out the number. can i write a foreach() loop, that should divide it intp lines right….

Sorry… would have replied sooner but this was just too damn funny.

To find an <hr> tag just use strpos($post_results,'<hr>');

To use GET either set curl_setopt($ch, CURLOPT_POST, true); to false or remove the line. Also remove the line: curl_setopt($ch, CURLOPT_POSTFIELDS, $params);

Then (before the curl block) add something like:

$qs = '?';
foreach ($params as $i => $p)
{
    $qs .= $i . '=' . $p . '&';
}
$qs = substr($qs,0,strlen($qs)-1);

Then change: curl_setopt($ch, CURLOPT_URL, "http://www.hellboundhackers.org/news.php"); to: curl_setopt($ch, CURLOPT_URL, "http://www.hellboundhackers.org/news.php".$qs);

As for that last part about fishing out the number? I'm not quite sure what you mean.

ha ha i just did it using a whole bunch of concanted $result[strlen($result)-182] . etc…..

crude but it's worked!

so with the the cookiejar and cookiefile tags it should keep track of who i am right… so now i just have to crack the app and write a PHP script to do the same thing and input it. wicked.

thanks heaps, i should be right now. on the other hand i might be back here in 5 mins.