Hi Everyone,
I've hit a wall with a project I'm working on and am hoping someone here can help.
I am trying to log into a website using PHP/Curl. The trouble is that the login form uses MD5 to encrypt the password before posting it.
Here is the source of the form:
...and here is a version of PHP code I'm working on:
With every variation I've tried I get a "incorrect username/password" result. I can log in using the username and password via my browser fine and the $key variable appears to be being scraped correctly so I'm guessing it has something to do with the encoding of the password?
Can anyone offer any suggestions?
Thanks in advance.
I've hit a wall with a project I'm working on and am hoping someone here can help.
I am trying to log into a website using PHP/Curl. The trouble is that the login form uses MD5 to encrypt the password before posting it.
Here is the source of the form:
Code:
<script language="javascript" src="javascripts/md5.js">
</script>
<script language="javascript">
setTimeout('document.login.email.focus()',500);
if(parent.location.href!=window.location.href){
parent.location.href=window.location.href;
}
function checkform(form){
if(form.name.value==""){
alert('You must enter an e-mail address');
return false
}
if(form.passr.value==""){
alert('You must enter a password');
return false
}
form.passr.value = Trim(form.passr.value);
form.pass.value=hex_md5(form.passr.value);
form.pass.value=hex_md5(form.pass.value + form.key.value);
varrep = '';
for(var i=0; i<form.passr.value.length; i++){
varrep = varrep + "1";
}
form.passr.value = varrep;
return true;
}
function Trim(str)
{ while(str.charAt(0) == (" ") )
{ str = str.substring(1);
}
while(str.charAt(str.length-1) == " " )
{ str = str.substring(0,str.length-1);
}
return str;
}
</script>
<form action="/login.php" method="POST" name="login" onsubmit="return checkform(this);">
<table align="center" height="180">
<tr><td colspan="2" align="center">
<br />
<h1>Login</h1>
</td></tr>
<tr><td colspan="2" align="center">
<font color='red'></font>
</td></tr>
<tr><td>E-mail Address:</td><td><input type="text" size="40" name="email" value=""/></td></tr>
<tr><td>Password:</td><td><input type="password" size="40" name="passr"/><input type="hidden" size="40" name="pass"/></td></tr>
<tr><td></td><td colspan="2" align="center">
<input type="submit" name="submit" value="Login"/>
</td></tr>
</table>
<input type="hidden" name="attempts" value="0" />
<input type="hidden" name="key" value="40c45846eec308d8bcbbf9923c39e561" />
</form>
PHP:
$cookie = "/home/myuser/tmp/cookie-".rand(111,9999).".txt";
$username = 'myusername';
$password = 'mypassword';
//scrape $key
$url = "http://www.mytargetwebsite.com/";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16");
curl_setopt($ch, CURLOPT_REFERER, $referer);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 10);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$source = curl_exec($ch);
curl_close($ch);
$regex = '|"key" value="(.+?)" />|';
preg_match($regex,$source,$match);
$key = $match[1];
echo $key;
//create password hash
$passr = $password;
$pass = md5($passr);
$pass = md5($pass + $key);
//post the data
$post_data = "email=".$username."&passr=111111111&pass=".$pass."&submit=Login&attempts=&key=".$key;
$referer = "http://www.mytargetwebsite.com/";
$url = "http://www.mytargetwebsite.com/login.php?";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16");
curl_setopt($ch, CURLOPT_REFERER, $referer);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 10);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);Can anyone offer any suggestions?
Thanks in advance.
. Shows the value of getting another set of eyes across your code when you've been at it for too long.