Welcome to WebmasterWorld Guest from 23.20.238.193

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

CURL and Logins

     
6:32 pm on Aug 29, 2006 (gmt 0)

10+ Year Member



I want to use CURL to login to my Yahoo! account, but I can't seem to get it to work. This is the first time I have ever tried using CURL.

Can anyone think off the top of their heads why I wouldn't be able to login to my Yahoo! account with a script? I would think it would be as simple as submitting all of the form variables on mail.yahoo.com to wherever the form submits to (https://login.yahoo.com/config/login?)?

There are a TON of hidden inputs, so I submitted those as well, here is the querystring below (minus my login details of course).

curl_setopt($ch, CURLOPT_POSTFIELDS,".tries=1&.src=flkctx&.md5=&.hash=&.js=&.last=&promo=&.intl=us&.bypass=&.partner=&.u=c8hl7hp2f8s88&.v=0.challenge=xBWBMl.t7XcnPE3HY2yDb0HhWBUF&.yplus=&.emailCode=&pkg=&stepid=&.ev=&hasMsgr=0&.chkP=Y&.done=https://login.yahoo.com/config/validate?.src=flkctx&.pc=5134&.done=http%3A%2F%2Fwww.flickr.com%2Fsignin%2Fyahoo%2F&.pd=flkctx_ver%3d0&login=&passwd=&.persistent=y");

Anyone have any ideas?

6:44 pm on Aug 29, 2006 (gmt 0)

5+ Year Member



If the login form is expecting POST method, then sending form values in the query string (the GET method) won't work if they've written their code securely.

Once upon a time, PHP didn't care whether values were submitted by query string or HTTP body, they were all accessible regardless. This proved to be a vulnerability, so well-written code will now not accept query string values if it is not expecting them.

It's possible that Yahoo! don't want third-party scripts to be able to login to their site, so they could make it very tricky for you to get what you want from your Yahoo! account unless you just login the normal way.

3:03 am on Aug 31, 2006 (gmt 0)

10+ Year Member



Look into using PHP's curl_setopt() function with the CURLOPT_POSTFIELDS flag. This will let you pass an array of values (in a much prettier format, I might add) via POST rather than GET.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month