During the first session with the site, a unique CSRF code is generated, which must be transmitted for authorization. For some reason it does not work.
I tried this:
$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie); curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); if (curl_errno($ch)) die(curl_error($ch)); $dom = new DomDocument(); $dom->loadHTML($response); $tokens = $dom->getElementsByTagName("meta"); for ($i = 0; $i < $tokens->length; $i++) { $meta = $tokens->item($i); if($meta->getAttribute('name') == 'csrf-token') $token = $meta->getAttribute('content'); } $postinfo = "_csrf-backend=".$token."&LoginForm[email]=".$username."&LoginForm[password]=".$password."&login-button="; echo $token; //debug info curl_setopt($ch, CURLOPT_RETURNTRANSFER, false); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie); curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie); curl_setopt($ch, CURLOPT_POSTFIELDS, $postinfo); $html = curl_exec($ch); print($html); if (curl_errno($ch)) print curl_error($ch); curl_close($ch); In response, I get:
Bad Request (# 400) Failed to check transmitted data. This was your web server. Please contact us if you think this is a server error. Thank you
I would be grateful for the help.
PS site on which you need to log in works on the yii framework. I'm writing a script in pure php.
