There is a site where I am registered as a user - RIA This site is based on the HTTPS / HSTS protocol.

In order to log in, you need to pass authorization on the page .

The form is called from the frame link , respectively, requests are processed by the same address.

There is a value under the hidden attribute:

<input type="hidden" name="_csrf" value="ключ">

I am trying to authorize as follows:

 $login_form = file_get_contents('https://login.ria.com/login/1/2'); preg_match_all('|<input type="hidden" name="_csrf" value="(.+?)">|is', $login_form, $data); $cUrl = curl_init('https://login.ria.com/'); curl_setopt($cUrl, CURLOPT_URL, 'https://login.ria.com/login/1/2'); curl_setopt($cUrl, CURLOPT_POST, 1); curl_setopt($cUrl, CURLOPT_POSTFIELDS, "_csrf={$data[1][0]}&EmailLoginForm[email]=380666640744&EmailLoginForm[password]=duxumucuc"); $result = curl_exec($cUrl);

In response, I get bool(true) , even if the password is incorrect.

Please tell me where to dig and can I do something at all?

You need to add ads without directly logging into your account. They have no API .

UPD I:

This is how the authorization passes, but returns the following to me:

 HTTP/1.1 500 Internal Server Error Server: nginx Date: Mon, 28 Sep 2015 14:12:23 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/5.5.18 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache

I don’t know what to do here.

  • Perhaps you should look at the comments and answers to this question. Stackoverflow.com/questions/453400/… - Visman
  • @Visman, at that time I was an oak in PHP, and even more so in NodeJS :) In a year and a half of commerce, I somehow began to figure out what I was doing. - Roman Kozin

1 answer 1

Csrf token is attached to the session, you need to save cookies from the first request and make the second with them. I would recommend using guzzle, it has everything for parsing.

Log in to github using guzzle and goutte , sessions are automatically processed, so you don’t need to follow them

  1. Installing dependencies

     composer require fabpot/goutte

  2. Script

     use Goutte\Client; $client = new Client(); //открываем страницу с формой $crawler = $client->request('GET', 'https://github.com/login'); //находим форму $form = $crawler->selectButton('Sign in')->form(); //отправляем ее $crawler = $client->submit($form, array('login'=>'user','password'=>'password')); //теперь уже как авторизованный юзер ходим по гитхабу $crawler = $client->request('GET', 'https://github.com/pulls'); echo $crawler->html();
  • Thank. I will try this method. - Roman Kozin
  • Something does not work for me to integrate Guzzle into the project. - Roman Kozin
  • @RomanKozin Made an example script - Marsel Arduanov