0

I have a problem trying to login into https://digitalgamingleague.co.za using cURL from PHP. The main part of the code is below. I really have no idea how to use cURL, therefore, anyhelp will be greatly appreciated.

$username = get_option( 'wp_dgl_dgl_username' );
$password = get_option( 'wp_dgl_dgh_password' );

if (is_null($username) or is_null($password))
{
    return "Please check the settings!";
}

//set the directory for the cookie using defined document root var
$dir = plugin_dir_path( __FILE__ );
//build a unique path with every request to store 
//the info per user with custom func. 
$path = $dir;

$cookie_file_path = $path."/cookies.txt";

$url="https://www.digitalgamingleague.co.za/"; 

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);

$start = curl_exec($ch);
$startinfo = curl_getinfo($ch);
$starterror = curl_error($ch);
curl_close($ch);

//login form action url
$url="https://www.digitalgamingleague.co.za/login/"; 
$postinfo = "password=" . $password . "&username=" . $username . "&remember=1&_from=https://digitalgamingleague.co.za/api/&_csrf=";

$request_headers = [
    'Accept: */*',
    'Accept-Encoding: gzip, deflate',
    'Content-Type: application/x-www-form-urlencoded',
];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

//curl_setopt($ch, CURLOPT_HEADER, true);
//curl_setopt($ch, CURLOPT_NOBODY, false);
curl_setopt($ch, CURLOPT_URL, $url);
//curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
//set the cookie the site has for certain features, this is optional
//curl_setopt($ch, CURLOPT_COOKIE, "cookiename=0");
//curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7");
//curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
//curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
//curl_setopt($ch, CURLOPT_REFERER, $_SERVER['REQUEST_URI']);
//curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

//curl_setopt($ch, CURLOPT_AUTOREFERER, true);
//curl_setopt($ch, CURLOPT_FAILONERROR, true);
//curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers);
//curl_setopt($ch, CURLOPT_ENCODING, "");
//curl_setopt($ch, CURLINFO_HEADER_OUT, true);

//curl_setopt($ch, CURLOPT_MAXREDIRS , 30);

//curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postinfo);
$login = curl_exec($ch);
$logininfo = curl_getinfo($ch);
$loginerror = curl_error($ch);
curl_close($ch);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);

//page with the content I want to grab
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, "");
//curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_URL, "https://www.digitalgamingleague.co.za/api/cups");
//do stuff with the info with DomDocument() etc
$cups_raw = curl_exec($ch);

$info = curl_getinfo($ch);
$error = curl_error($ch);
curl_close($ch);
    return "<strong>Start</strong>: <br>" . $start . "<br><em>Info</em>: <br>" . $startinfo . "<br><em>Error</em>: <br>" . $starterror . "<br><strong>Login</strong>: <br>" . $login . "<br><em>Info</em>: <br>" . $logininfo . "<br><em>Error</em>: <br>" . $loginerror . "<br><strong>Cups</strong>: <br>" . $cups_raw . "<br><em>Info</em>: <br>" . $info . "<br><em>Error</em>: <br>" . $error;

The Mostly Source Code

Improve this question

2 Answers 2

Reset to default
2

you do a couple of mistakes,

  • you do not url encode username/password, and even the hardcoded from parameter is improperly encoded (it should actually be &from=https%3A%2F%2Fdigitalgamingleague.co.za%2Fapi%2F%26_csrf%3D ) , fix that. either by using urlencode(), or better yet, by using http_build_query.

  • you say to the server that you accept gzip and deflate encodings, but you provide no code to decode it, should the server decide to use any of those encodings. best way to handle that is to set CURLOPT_ENCODING to emptystring, and curl will automatically accept-encoding: <all encodings that libcurl was compiled with here>, and if needed, decode it for you.

  • you set the 'Content-Type: application/x-www-form-urlencoded', header manually, that is not required, and error-prone, libcurl will automatically detect x-www-form-urlencoded encodings, and set the header, if you encode the url properly (but you do not - see the case about urlencoding above)

  • you need a session cookie and a csrf token before you can send the login request, else the server will reject your request, thinking its a CSRF hacking attempt, and you provide no code to obtain a csrf token. you should probably use a html parser (like DOMDocument) to extract it.

  • the server actually responds with a http 302 Found redirect response, if the login was successful, but you provide no code to handle http redirect responses. easiest way to handle those, is to set CURLOPT_FOLLOWLOCATION - which is present in your code, but only in comments.

  • you don't provide any referrer header when logging in, that may be required, you should provide it. best way to enable that, is with CURLOPT_AUTOREFERER

here's a working example, using the hhb_curl class from https://github.com/divinity76/hhb_.inc.php/blob/master/hhb_.inc.php (and the [email protected] account is just a dummy account i created for testing, there's no harm in it being compromised, which obviously happens when i post the credentials here.)

<?php
declare(strict_types = 1);
require_once ('hhb_.inc.php');
$hc = new hhb_curl ();

$hc->_setComfortableOptions ();
$hc->exec ( 'https://digitalgamingleague.co.za/login' ); // << getting a referer, csrf token, and a session.
$domd = @DOMDocument::loadHTML ( $hc->getResponseBody () );
$csrf = NULL;

// extract the csrf token..
foreach ( $domd->getElementsByTagName ( "form" ) as $form ) {
    if ($form->getAttribute ( "action" ) === '/login') {
        foreach ( $form->getElementsByTagName ( "input" ) as $input ) {
            if ($input->getAttribute ( "name" ) === '_csrf') {
                $csrf = $input->getAttribute ( "value" );
                break 2;
            }
        }
    }
}
if ($csrf === NULL) {
    throw new \RuntimeException ( 'failed to extract the csrf token!' );
}
$hc->setopt_array ( array (
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => http_build_query ( array (
                '_csrf' => $csrf,
                'from' => '${param.from}', // << no idea what that's supposed to mean, probably a web dev error
                'username' => '[email protected]',
                'password' => '[email protected]',
                'rememberMe' => 1 
        ) ) 
) );

$hc->exec ( 'https://digitalgamingleague.co.za/login' );
hhb_var_dump ( $hc->getStdErr (), $hc->getResponseBody () );
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

When you write a client for an api (or a server) you have to do by hands the work done by your browser: keep headers and add all of them in your requests.

Improve this answer

1 Comment

common exceptions include content-encoding, don't set that header manually, unless you really intend to handle those encoding manually (but why would you? you can get curl to send the header and decode it automatically by setting CURLOPT_ENCODING), and content-type, don't set that manually if you intend to use application/x-www-form-urlencoded or multipart/form-data encoding, that's error prone compared to having curl setting it automatically. and theUser-Agent header. its safer to set CURLOPT_USERAGENT, so you don't forget on the next request

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.