Login via CURL

[Aayush]

Is it possible to login to Xenforo forum via curl in a PHP script. I am not sure how the login process works, but there is no xfToken present on the login page so people can login easily.

Suppose I wanted to build a spam script(not really )

How would I login and keep the session so that I can create and post a thread.

Any Ideas?

PS: I don't want to use some sort of API for an addon as I don't have access to the forum admin page.

 

[Aayush]

Ohk figured out, how to login via CURL but still can't figure out how to fake an ajax request and create a new thread in a particular forum.

If anyone want's to know how I did it, you can read the following code.

$username = "aayush";
$password = "random";
$url = "http://localhost/xf/index.php?login/login";

$curl_handle = curl_init ($url);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt ($curl_handle, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt ($curl_handle, CURLOPT_COOKIEFILE, 'cookie.txt');

curl_setopt ($curl_handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0) Gecko/20100101 Firefox/11.0");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$post_array = array('login' => $username, 'password' => $password, 'cookie_check' => 1, 'redirect' => 'http://localhost/xf/index.php', 'register' => 0, 'remember' => 1);
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, http_build_query($post_array));
$output = curl_exec ($curl_handle);

//Now logged in

$curl_handle = curl_init ('http://localhost/xf/index.php);

curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt ($curl_handle, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt ($curl_handle, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt ($curl_handle, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec ($curl_handle);
echo $output;

Once you echo the output you'll see a page with you logged in..


If anyone knows how to fake an ajax request via post and curl, that would be really helpful.

 

[Chris D]

Why do you need to fake an AJAX request?

Similar to your code above, you just need to submit the new thread data using POST to the correct URL, e.g. index.php?forums/main-forum.2/add-thread

AJAX has no relevance here because AJAX is primarily a method to asynchronously load data into the DOM on the client side.

 

[Aayush]

Why do you need to fake an AJAX request?

Similar to your code above, you just need to submit the new thread data using POST to the correct URL, e.g. index.php?forums/main-forum.2/add-thread

AJAX has no relevance here because AJAX is primarily a method to asynchronously load data into the DOM on the client side.

Checked that thing out but if you notice on the _xfToken on the create thread page which would be required to be submitting to the add thread page.

PS: I just stumbled upon PhantomJS, maybe I could use it. Not sure though...

 

[Daniel Hood]

What Chris is saying is that you can submit the same parameters through your curl. You don't have fake Ajax just pass the token the same way as the user and password.

 

[Aayush]

I'll give it a go without token once, but I can't really grab the token, it is appended via JS, once I grab the dom via CURL, there is no xfToken located in it.

 

[Aayush]

Why do you need to fake an AJAX request?

Similar to your code above, you just need to submit the new thread data using POST to the correct URL, e.g. index.php?forums/main-forum.2/add-thread

AJAX has no relevance here because AJAX is primarily a method to asynchronously load data into the DOM on the client side.

What Chris is saying is that you can submit the same parameters through your curl. You don't have fake Ajax just pass the token the same way as the user and password.

So i've got this to work YAY

Actually, I am exploiting the fact that XF always sends a token attached so that user can logout, so I am using that token for adding a thread.

If I directly sent a post request, XF raises a security issue and asks be to go back and refresh.

 

[xfrocks]

If you are in control of the target site, using [bd] API may be a better idea.

 

[Aayush]

If you are in control of the target site, using [bd] API may be a better idea.

Thanks for suggestion but as I mentioned in the OP that I don't have access to the admin panel of forum.
If I had, That addon was on top of my list.


PS: Please close this thread, this has been solved.

 

[KenBrace]

Ohk figured out, how to login via CURL but still can't figure out how to fake an ajax request and create a new thread in a particular forum.

If anyone want's to know how I did it, you can read the following code.

$username = "aayush";
$password = "random";
$url = "http://localhost/xf/index.php?login/login";

$curl_handle = curl_init ($url);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt ($curl_handle, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt ($curl_handle, CURLOPT_COOKIEFILE, 'cookie.txt');

curl_setopt ($curl_handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0) Gecko/20100101 Firefox/11.0");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$post_array = array('login' => $username, 'password' => $password, 'cookie_check' => 1, 'redirect' => 'http://localhost/xf/index.php', 'register' => 0, 'remember' => 1);
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, http_build_query($post_array));
$output = curl_exec ($curl_handle);

//Now logged in

$curl_handle = curl_init ('http://localhost/xf/index.php);

curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt ($curl_handle, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt ($curl_handle, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt ($curl_handle, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec ($curl_handle);
echo $output;

Once you echo the output you'll see a page with you logged in..


If anyone knows how to fake an ajax request via post and curl, that would be really helpful.

I'm creating a similar web app that saves threads.

Everything works but I need the bot to be able to access member-only threads.

I used the above script and tried to access a member-only thread on my forum but it simply displays the login page and tells me that I need to be logged in to perform that action.

Also it should be noted that I fixed the obvious problem with the above code ($ch variables where there should be $curl_handle). Still no luck.

This is the code I'm using...

$username = "(username)";
$password = "(password)";
$url = "http://mysite.com/index.php?login/login";

$curl_handle = curl_init();
curl_setopt($curl_handle, CURLOPT_URL, $url);
curl_setopt($curl_handle, CURLOPT_COOKIESESSION, true);
curl_setopt ($curl_handle, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt ($curl_handle, CURLOPT_COOKIEFILE, 'cookie.txt');

curl_setopt ($curl_handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_handle, CURLOPT_HEADER, 1);
curl_setopt($curl_handle, CURLOPT_USERAGENT, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0) Gecko/20100101 Firefox/11.0");
curl_setopt($curl_handle, CURLOPT_FOLLOWLOCATION, 1);
$post_array = array('login' => $username, 'password' => $password, 'cookie_check' => 1, 'redirect' => 'http://mysite.com/index.php', 'register' => 0, 'remember' => 1);
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, http_build_query($post_array));
$output = curl_exec($curl_handle);

if(!$output){
    echo "error";
} else {
    echo "done";
}

curl_close($curl_handle);

//Now logged in

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://mysite.com/threads/some-random-thread.947");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_COOKIEJAR, '/cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, '/cookies.txt');

echo $output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);