Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

CURL and Logins

6:32 pm on Aug 29, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Feb 4, 2005
votes: 0

I want to use CURL to login to my Yahoo! account, but I can't seem to get it to work. This is the first time I have ever tried using CURL.

Can anyone think off the top of their heads why I wouldn't be able to login to my Yahoo! account with a script? I would think it would be as simple as submitting all of the form variables on mail.yahoo.com to wherever the form submits to (https://login.yahoo.com/config/login?)?

There are a TON of hidden inputs, so I submitted those as well, here is the querystring below (minus my login details of course).

curl_setopt($ch, CURLOPT_POSTFIELDS,".tries=1&.src=flkctx&.md5=&.hash=&.js=&.last=&promo=&.intl=us&.bypass=&.partner=&.u=c8hl7hp2f8s88&.v=0.challenge=xBWBMl.t7XcnPE3HY2yDb0HhWBUF&.yplus=&.emailCode=&pkg=&stepid=&.ev=&hasMsgr=0&.chkP=Y&.done=https://login.yahoo.com/config/validate?.src=flkctx&.pc=5134&.done=http%3A%2F%2Fwww.flickr.com%2Fsignin%2Fyahoo%2F&.pd=flkctx_ver%3d0&login=&passwd=&.persistent=y");

Anyone have any ideas?

6:44 pm on Aug 29, 2006 (gmt 0)

Full Member

5+ Year Member

joined:May 3, 2006
votes: 0

If the login form is expecting POST method, then sending form values in the query string (the GET method) won't work if they've written their code securely.

Once upon a time, PHP didn't care whether values were submitted by query string or HTTP body, they were all accessible regardless. This proved to be a vulnerability, so well-written code will now not accept query string values if it is not expecting them.

It's possible that Yahoo! don't want third-party scripts to be able to login to their site, so they could make it very tricky for you to get what you want from your Yahoo! account unless you just login the normal way.

3:03 am on Aug 31, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Apr 25, 2002
votes: 0

Look into using PHP's curl_setopt() function with the CURLOPT_POSTFIELDS flag. This will let you pass an array of values (in a much prettier format, I might add) via POST rather than GET.

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members