Trying to connect to ASPX site using CURL?
Introduction
The possible reason why your script is not working are as follows
- Missing
__VIEWSTATE
- Missing
__EVENTVALIDATION
- Invalid User Agent
- Using
ctl00$ctl00$ucMarketPlaceSupportNavigation$txtMPTopSignInPasswordTextNormal
for password instead ofctl00$ctl00$ucMarketPlaceSupportNavigation$txtMPTopSignInPassword
- Incomplete Post Field
- Duplicate Curl Request
- Missing Coolie in Login process
A Typical server request
A full long request looks like this
POST http://www.kalahari.com/marketplace/default.aspx HTTP/1.1Host: www.kalahari.comConnection: keep-aliveContent-Length: 2584Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Origin: http://www.kalahari.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.160 Safari/537.22Content-Type: application/x-www-form-urlencodedReferer: http://www.kalahari.com/marketplace/default.aspxAccept-Encoding: gzip,deflate,sdchAccept-Language: en-US,en;q=0.8Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3Cookie: ASP.NET_SessionId=t2dopenbp5zdfojmg1sd4m55; VISITORID=ECE2335BD47344E29A3D24E04FA31777; mpshopperid=A2E19BEB4D77484A89B9CD64BBB9C294; sign_up_track=sign_up; shopperName=; signin=0; kalahariShopperId=9D0B941AADCC48CA8ACB071C840A9CEB; __utma=46148088.1484253925.1363278451.1363278451.1363278451.1; __utmb=46148088.8.10.1363278451; __utmc=46148088; __utmz=46148088.1363278451.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); surfLang=ENG; prefLanguage=en-ZA; _chartbeat2=fn9a2z0breekvh98.1363278407516.1363278713879.00000000000001__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTEzODYxODcwMTMPZBYCZg9kFgJmD2QWAgIBD2QWCAICD2QWBAIDDw8WAh4LTmF2aWdhdGVVcmwFNH4vcGlwZWxpbmUvc2lnbmluLmFzcHg%2FUmV0dXJuVVJMPS9zZWN1cmUvbWFya2V0cGxhY2VkZAIHDxYCHgdWaXNpYmxlaBYCAgEPDxYCHwFoZGQCBA9kFgICAQ9kFgICAQ8WAh8BaBYCAgEPZBYQAgEPDxYGHghDc3NDbGFzcwULYWN0aXZlX2xpbmseB0VuYWJsZWRnHgRfIVNCAgJkZAIDDw8WBh8CBQVsaW5rcx8DZx8EAgJkZAIFDw8WBh8CBQ1kaXNhYmxlX2xpbmtzHwNoHwQCAmRkAgcPDxYGHwIFDWRpc2FibGVfbGlua3MfA2gfBAICZGQCCQ8PFgYfAgUNZGlzYWJsZV9saW5rcx8DaB8EAgJkZAILDw8WBh8CBQ1kaXNhYmxlX2xpbmtzHwNoHwQCAmRkAg0PDxYGHwIFDWRpc2FibGVfbGlua3MfA2gfBAICZGQCDw8PFgYfAgUNZGlzYWJsZV9saW5rcx8DaB8EAgJkZAIFD2QWAgIBD2QWBgIJDxAPZBYCHgdvbkNsaWNrBYQBamF2YXNjcmlwdDpWYWxpZGF0ZUxvZ2luUmFkaW9CdG5ZZXMoY3RsMDBfY3RsMDBfY3BsaE1haW5fY3BsaENvbnRlbnRfcmRsUGFzc3dvcmRZZXMsY3RsMDBfY3RsMDBfY3BsaE1haW5fY3BsaENvbnRlbnRfcmRsUGFzc3dvcmRObyk7ZGRkAgsPEA9kFgIfBQWDAWphdmFzY3JpcHQ6VmFsaWRhdGVMb2dpblJhZGlvQnRuTm8oY3RsMDBfY3RsMDBfY3BsaE1haW5fY3BsaENvbnRlbnRfcmRsUGFzc3dvcmRZZXMsY3RsMDBfY3RsMDBfY3BsaE1haW5fY3BsaENvbnRlbnRfcmRsUGFzc3dvcmRObyk7ZGRkAhUPD2QWAh8FBdMBamF2YXNjcmlwdDpWYWxpZGF0ZUxvZ2luKCdjdGwwMF9jdGwwMF9jcGxoTWFpbl9jcGxoQ29udGVudF9sYmxSZXN1bHQnLGN0bDAwX2N0bDAwX2NwbGhNYWluX2NwbGhDb250ZW50X3R4dFBhc3N3b3JkLGN0bDAwX2N0bDAwX2NwbGhNYWluX2NwbGhDb250ZW50X3JkbFBhc3N3b3JkWWVzLGN0bDAwX2N0bDAwX2NwbGhNYWluX2NwbGhDb250ZW50X3JkbFBhc3N3b3JkTm8pO2QCBg9kFgICBQ8PFgIfAAUafi9waXBlbGluZS9vcmRlcl9saXN0LmFzcHhkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAwUvY3RsMDAkY3RsMDAkY3BsaE1haW4kY3BsaENvbnRlbnQkcmRsUGFzc3dvcmRZZXMFLmN0bDAwJGN0bDAwJGNwbGhNYWluJGNwbGhDb250ZW50JHJkbFBhc3N3b3JkTm8FLmN0bDAwJGN0bDAwJGNwbGhNYWluJGNwbGhDb250ZW50JHJkbFBhc3N3b3JkTm99%2FwuPOuNOonYg5XWvf3RGR1YVkw%3D%3D&__EVENTVALIDATION=%2FwEWDQLsuI7QDgKnpLoxApD7nfEPAvLAqqUGAp35%2FakJAqGiqqYPAsXC5NUHAsHJ5OMCAovxoc8LArq0mqAKApm%2BrVoC9dLe0Q8C5IvEsAlYqPIdcrZvBZcvYav7ATMf4Nhbfg%3D%3D&ctl00%24ctl00%24ucMarketPlaceSupportNavigation%24txtMPTopSignInEmail=XXXXXXXXXX%40rmqkr.net&ctl00%24ctl00%24ucMarketPlaceSupportNavigation%24txtMPTopSignInPasswordTextNormal=Password&ctl00%24ctl00%24ucMarketPlaceSupportNavigation%24txtMPTopSignInPassword=XXXXXXXXXX&ctl00%24ctl00%24ucMarketPlaceSupportNavigation%24btnSigninTop=Sign+in&ctl00%24ctl00%24cplhMain%24cplhContent%24txtEmail=Email+address&ctl00%24ctl00%24cplhMain%24cplhContent%24rdlPasswordYes=rdlPasswordYes&ctl00%24ctl00%24cplhMain%24cplhContent%24txtPasswordTextNormal=Password&ctl00%24ctl00%24cplhMain%24cplhContent%24txtPassword=&ctl00%24ctl00%24cplhMain%24cplhContent%24hdnEmailDefault=Email+address&ctl00%24ctl00%24cplhMain%24cplhContent%24hdnPasswordDefault=Password
To Use Curl
$url = "http://www.kalahari.com/marketplace/default.aspx";$ckfile = tempnam("/tmp", "CURLCOOKIE");$useragent = 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2';$username = "XXXXXXXXXX";$password = "XXXXXXXXXX";$f = fopen('log.txt', 'w'); // file to write request header for debug purpose/** Get __VIEWSTATE & __EVENTVALIDATION */$ch = curl_init($url);curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);$html = curl_exec($ch);curl_close($ch);preg_match('~<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="(.*?)" />~', $html, $viewstate);preg_match('~<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="(.*?)" />~', $html, $eventValidation);$viewstate = $viewstate[1];$eventValidation = $eventValidation[1];/** Start Login process */$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile);curl_setopt($ch, CURLOPT_HEADER, FALSE);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);curl_setopt($ch, CURLOPT_REFERER, $url);curl_setopt($ch, CURLOPT_VERBOSE, 1);curl_setopt($ch, CURLOPT_STDERR, $f);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);// Collecting all POST fields$postfields = array();$postfields['__EVENTTARGET'] = "";$postfields['__EVENTARGUMENT'] = "";$postfields['__VIEWSTATE'] = $viewstate;$postfields['__EVENTVALIDATION'] = $eventValidation;$postfields['ctl00$ctl00$ucMarketPlaceSupportNavigation$txtMPTopSignInEmail'] = $username;$postfields['ctl00$ctl00$ucMarketPlaceSupportNavigation$txtMPTopSignInPasswordTextNormal'] = "Password";$postfields['ctl00$ctl00$ucMarketPlaceSupportNavigation$txtMPTopSignInPassword'] = $password;$postfields['ctl00$ctl00$ucMarketPlaceSupportNavigation$btnSigninTop'] = 'Sign in';$postfields['ctl00$ctl00$cplhMain$cplhContent$txtEmail'] = 'Email address';$postfields['ctl00$ctl00$cplhMain$cplhContent$rdlPasswordYes'] = 'Password';$postfields['ctl00$ctl00$cplhMain$cplhContent$txtPassword'] = '';$postfields['ctl00$ctl00$cplhMain$cplhContent$hdnEmailDefault'] = 'Email address';$postfields['ctl00$ctl00$cplhMain$cplhContent$hdnPasswordDefault'] = 'Password';curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);$ret = curl_exec($ch); // Get result after login page.print $ret;
Tested and works perfectly fine ...
I wanted to give it a try and got your code working, see below. I have some var_dump and comments in the code as to what I am doing.
<?php$username = 'test@example.com';$password = 'example';$loginUrl = 'http://www.kalahari.com/marketplace/default.aspx';//on windows server you need full path or its not even used.$cookie = dirname(__FILE__) . '\cookies1.txt';$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $loginUrl );curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE );curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE );curl_setopt($ch, CURLOPT_COOKIEJAR , $cookie);curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);curl_setopt($ch, CURLOPT_HEADER, FALSE );curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);$ret = curl_exec($ch); //access login page//check the contents of the cookie file. the sessionID, visitorID and kalaharishooperID should be the same with each refresh.var_dump(implode('', file($cookie)));//now get the viewstate from the value//could be better with regex or anything, but this works.$content = explode('value="', stristr($ret, 'id="__VIEWSTATE"'));$viewstate = substr($content[1], 0, strpos($content[1], '"'));var_dump($viewstate);//now get the EVENTVALIDATION from the value//could be better with regex or anything, but this works.$content = explode('value="', stristr($ret, 'id="__EVENTVALIDATION"'));$validation = substr($content[1], 0, strpos($content[1], '"'));var_dump($validation);//define post fields //i removed all fields that are not required for the post$postfields = array( "__VIEWSTATE" => rawurlencode($viewstate), "__EVENTVALIDATION" => rawurlencode($validation), "ctl00%24ctl00%24ucMarketPlaceSupportNavigation%24txtMPTopSignInEmail" => rawurlencode($username), "ctl00%24ctl00%24ucMarketPlaceSupportNavigation%24txtMPTopSignInPasswordTextNormal" => "Password", "ctl00%24ctl00%24ucMarketPlaceSupportNavigation%24txtMPTopSignInPassword" => rawurlencode($password), "ctl00%24ctl00%24ucMarketPlaceSupportNavigation%24btnSigninTop" => "Sign+in",);var_dump($postfields); //I created the string myself for the post, else I got an error because we already encoded the variable names.$p = "";foreach($postfields as $k=>$v) { $p .= $k.'='.$v.'&';}//do the new postcurl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $p);$ret = curl_exec($ch);//Get result after login page. //this contains 'You have entered an invalid password' so it works as expected.var_dump($ret);?>
This is a most likely a CRSF token. You will have the call the page then use the value returned in your logon request. DropBox uses a similar process. If you grab the dropbox uploader script from https://github.com/jakajancar/DropboxUploader/ you can see how it does this.