2

I need to create a tool that will post a ASP.NET login form using PHP so that I can gather details from the user's summary page that is displayed after they are logged in.

Because the site uses ASP.NET and the form has __VIEWSTATE and __EVENTVALIDATION hidden fields, as I understand it, I must get those values first, then submit them in the POST to the login form for this to work.

I am new to PHP. The script that I have created should do the following:

1) GET the login form and grab __VIEWSTATE and __EVENTVALIDATION

2) POST to the login form with appropriate post data.

3) GET the summary.htm page that should be accessible now that I am authenticated.

What is actually happening is unclear to me. After POSTing to the login form, I receive a cookie, but can't tell if that cookie indicates I am authenticated. When I try to GET the summary.htm page I am redirected back to the login page as if I am not authenticated.

I am new to PHP and I am hoping that someone out there who is farmiliar with it might be able to see something obvious that I am missing.

Here is the code:

<?php

require_once  ("Includes/simple_html_dom.php");

ini_set('display_errors', 'On');
error_reporting(E_ALL);

// Create curl connection
$url = 'https://www.mysite.com/account/login.htm';
$cookieFile = 'cookie.txt';
$ch = curl_init();

// We must request the login page and get the ViewState and EventValidation hidden values
// and pass those along in the post request.

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setOpt($ch, CURLOPT_REFERER, 'https://www.mysite.com/account/login.htm');
curl_setopt($ch, CURLOPT_HTTPHEADER,array('Origin: https://www.mysite.com', 'Host: www.mysite.com'));


$curl_scraped_page = curl_exec($ch);

// Grab ViewState and EventValidation data
$html = str_get_html($curl_scraped_page);
$viewState = $html->find("#__VIEWSTATE", 0);
$eventValidation = $html->find("#__EVENTVALIDATION", 0);
$previousPage = $html->find("#__PREVIOUSPAGE", 0);


//create array of data to be posted
// This matches exactly what I am seeing being posted when looking at Fiddler
$post_data['__EVENTTARGET'] = '';
$post_data['__EVENTARGUMENT'] = '';
$post_data['__VIEWSTATE'] = $viewState->value;
$post_data['__EVENTVALIDATION'] = $eventValidation->value;
$post_data['__PREVIOUSPAGE'] = $previousPage->value;
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$LoginFields$txtUsername'] = 'bsmith';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$LoginFields$txtPassword'] = 'Weez442';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$LoginFields$chkLoginPersist'] = 'on';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$btnLogin'] = 'Login >';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateTopHeader$IncludeHeader$LoginModal$LoginFields$txtModalUsername'] = '';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateTopHeader$IncludeHeader$LoginModal$LoginFields$txtModalPassword'] = '';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateTopHeader$IncludeHeader$SearchForm$inputText'] = '';

//traverse array and prepare data for posting (key1=value1)
foreach ( $post_data as $key => $value) {
    $post_items[] = rawurlencode($key) . '=' . rawurlencode($value);
}

//create the final string to be posted using implode()
$post_string = implode ('&', $post_items);

//Set options for post
curl_setOpt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch,CURLOPT_HTTPHEADER,array('Origin: https://www.mysite.com', 'Host: www.mysite.com', 'Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);
curl_setopt($ch, CURLOPT_URL, $url);   
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFile);
curl_setOpt($ch, CURLOPT_REFERER, 'https://www.mysite.com/account/login.htm');

// Perform our post request
$curl_scraped_page = curl_exec($ch);

echo $curl_scraped_page;

// Now get our account summary page
$urlAcctSummary = "https://www.mysite.com/my-account/summary.htm";
//Set options
curl_setOpt($ch, CURLOPT_HTTPGET, TRUE);
curl_setOpt($ch, CURLOPT_POST, FALSE);
curl_setopt($ch, CURLOPT_URL, $urlAcctSummary);   
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFile); 

$curl_scraped_page = curl_exec($ch);

echo $curl_scraped_page;

curl_close($ch);

?>
Improve this question

1 Answer 1

Reset to default
2

I figured it out. I tweaked the code in several ways, but I believe the root of my problem was that ASP.NET wants to set a session cookie from the very first GET request and I only specified the CURLOPT_COOKIEJAR on the POST request and CURLOPT_COOKIEFILE in the final GET request.

Once I put CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE in the very first GET request it worked as designed.

Here is what my code looks like after moving those around:

<?php

require_once  ("Includes/simple_html_dom.php");

ini_set('display_errors', 'On');
error_reporting(E_ALL);

// Create curl connection
$url = 'https://www.mysite.com/account/login.htm';
$cookieFile = 'cookie.txt';
$ch = curl_init();

// We must request the login page and get the ViewState and EventValidation hidden values
// and pass those along in the post request.

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setOpt($ch, CURLOPT_REFERER, 'https://www.mysite.com/account/login.htm');
curl_setopt($ch, CURLOPT_HTTPHEADER,array('Origin: https://www.mysite.com', 'Host: www.mysite.com'));
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFile);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFile);


$curl_scraped_page = curl_exec($ch);

// Grab ViewState and EventValidation data
$html = str_get_html($curl_scraped_page);
$viewState = $html->find("#__VIEWSTATE", 0);
$eventValidation = $html->find("#__EVENTVALIDATION", 0);
$previousPage = $html->find("#__PREVIOUSPAGE", 0);


//create array of data to be posted
// This matches exactly what I am seeing being posted when looking at Fiddler
$post_data['__EVENTTARGET'] = '';
$post_data['__EVENTARGUMENT'] = '';
$post_data['__VIEWSTATE'] = $viewState->value;
$post_data['__EVENTVALIDATION'] = $eventValidation->value;
$post_data['__PREVIOUSPAGE'] = $previousPage->value;
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$LoginFields$txtUsername'] = 'bsmith';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$LoginFields$txtPassword'] = 'Weez442';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$LoginFields$chkLoginPersist'] = 'on';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateContent$MyAccountLogin967$btnLogin'] = 'Login >';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateTopHeader$IncludeHeader$LoginModal$LoginFields$txtModalUsername'] = '';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateTopHeader$IncludeHeader$LoginModal$LoginFields$txtModalPassword'] = '';
$post_data['ctl00$ctl00$cphMasterBody$cphPageTemplateTopHeader$IncludeHeader$SearchForm$inputText'] = '';

//traverse array and prepare data for posting (key1=value1)
foreach ( $post_data as $key => $value) {
    $post_items[] = rawurlencode($key) . '=' . rawurlencode($value);
}

//create the final string to be posted using implode()
$post_string = implode ('&', $post_items);

//Set options for post
curl_setOpt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch,CURLOPT_HTTPHEADER,array('Origin: https://www.mysite.com', 'Host: www.mysite.com', 'Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);
curl_setopt($ch, CURLOPT_URL, $url);   
curl_setOpt($ch, CURLOPT_REFERER, 'https://www.mysite.com/account/login.htm');

// Perform our post request
$curl_scraped_page = curl_exec($ch);

echo $curl_scraped_page;

// Now get our account summary page
$urlAcctSummary = "https://www.mysite.com/my-account/summary.htm";
//Set options
curl_setOpt($ch, CURLOPT_HTTPGET, TRUE);
curl_setOpt($ch, CURLOPT_POST, FALSE);
curl_setopt($ch, CURLOPT_URL, $urlAcctSummary);   
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

$curl_scraped_page = curl_exec($ch);

echo $curl_scraped_page;

curl_close($ch);

?>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Hello, your code works great, but I need have dopostback pages as your summary url, I tried alot of options but no luck, when after login I want to send post everything goes wrong. $post_data['__EVENTTARGET'] = 'grdInbox'; $post_data['__EVENTARGUMENT'] = 'Page%241'; Do you have any experience on dopostback pagination datas, what should I do after login? I will be really really happy if you help me. Thanks !

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.