Trying to login to an ASPX website using PHP and cURL

Question

For a couple of days now I'm trying to login to a specific website using cURL.

The site is in written in ASP.net and I'm using PHP 5.x.

Here is what I've tried so far without success:

    $url = "https://intouch.techdata.com/default.aspx?countrycode=&CssStyleSheet=default.css&CultureCode=&local_url=&MPSearchId=&Culture=&cos=";
    $cookie_file_path = 'cookies.txt';
    $agent = "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36";

    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);         
    curl_setopt($ch, CURLOPT_USERAGENT, $agent); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); 
    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path); 
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path); 
    curl_setopt($ch, CURLOPT_POSTREDIR, 2);
    curl_setopt($ch, CURLOPT_SSLVERSION, 3);
    curl_setopt($ch, CURLOPT_POST, 1); 

    $post_data['__VIEWSTATE'] = "/wEPDwUKLTg1MDYwODIwOA9kFgRmDxYCHgRocmVmBRcvaW1hZ2VzL2RlZmF1bHQuY3NzP3Y9M2QCAQ9kFhgCAw8PFgIeBFRleHQFKldlbGNvbWUgdG8gdGhlIE9ubGluZSBQcm9kdWN0IENhdGFsb2d1ZSBvZmRkAgUPDxYCHwEFIVJlZ2lzdGVyZWQgdXNlcnMgZW
    50ZXIgPGJyPiBoZXJlOmRkAgsPFgIeB1Zpc2libGVoFgICAQ8PFgIfAQUJUGFzc3dvcmQ6ZGQCDQ8PZBYCHgxhdXRvY29tcGxldGUFA29mZmQCDw8PFgIfAQUPQWNjb3VudCBOdW1iZXI6ZGQCEQ8PFgIfAQUJVXNlcm5hbWU6ZGQCEw8PFgIfAQUJUGFzc3dvcmQ6ZGQCFQ8PFgIfAQUFTG9naW4WAh4H
    b25jbGljawWaAWphdmFzY3JpcHQ6cmV0dXJuIFZhbGlkYXRvcignVXNlcm5hbWU6JywnUGxlYXNlIGVudGVyIGFuIGFjY291bnQgbnVtYmVyJywnUGxlYXNlIGVudGVyIHlvdXIgdXNlcm5hbWUnLCdBcmUgeW91IHN1cmUgeW91IHdhbnQgdG8gY2hhbmdlIHRoZSBwYXNzd29yZCcsJzAnKTtkAhcPDxY
    CHwEFBUxvZ2luFgIfBAWaAWphdmFzY3JpcHQ6cmV0dXJuIFZhbGlkYXRvcignVXNlcm5hbWU6JywnUGxlYXNlIGVudGVyIGFuIGFjY291bnQgbnVtYmVyJywnUGxlYXNlIGVudGVyIHlvdXIgdXNlcm5hbWUnLCdBcmUgeW91IHN1cmUgeW91IHdhbnQgdG8gY2hhbmdlIHRoZSBwYXNzd29yZCcsJzAnKT
    tkAhkPDxYCHwEFBVJlc2V0FgIfBAUcamF2YXNjcmlwdDpyZXR1cm4gZm5SZXNldCgpO2QCHQ8PFgIfAQUOUGFzc3dvcmQgbG9zdD8WBB8EBZoBamF2YXNjcmlwdDpyZXR1cm4gVmFsaWRhdG9yKCdVc2VybmFtZTonLCdQbGVhc2UgZW50ZXIgYW4gYWNjb3VudCBudW1iZXInLCdQbGVhc2UgZW50ZXIgeW
    91ciB1c2VybmFtZScsJ0FyZSB5b3Ugc3VyZSB5b3Ugd2FudCB0byBjaGFuZ2UgdGhlIHBhc3N3b3JkJywnMScpOx8ABTRqYXZhc2NyaXB0OmdvKCdERUZBVUxUQ2hwLkNTUycsJycsJ2RlZmF1bHQuY3NzJywnJyk7ZAIfDw8WBB8BBRBCZWNvbWUgYSBQYXJ0bmVyHwJoFgIfAAU0amF2YXNjcmlwdDpCZW
    NvbWVBUGFydG5lcigncD1CZWNvbWVQYXJ0bmVyJmM9SG9tZScpO2RkxaBIRC+v+vJslZdN4xAvkZL9HCY=";
    $post_data['__EVENTVALIDATION='] = "/wEWEALxt7yuBwKs+5bqDwKl1bKzCQK1qbSRCwLFp6CQBwLCi9reAwKgt7D9CgKY5fiZAQLnxpq/AgKT2dzTDQK7hrWFCgKsuviBAQLnw+O9BAKywsaqBgL43fTxBQLonLasDzE6BdS22kepzqbhlPQS//T5e2ty";
    $post_data['txtID'] = 'idnumber';
    $post_data['txtUserName'] = 'username';
    $post_data['txtDupPassword'] = 'password';
    $post_data['Session_ID'] = '';
    $post_data['sessionid'] = '';
    $post_data['errorCode'] = '';
    $post_data['hdnSavedSearch'] = '';
    $post_data['hdnProdIds'] = '';
    $post_data['hdnMPSearchId'] = '';
    $post_data['hdnDisplaytype'] = '';
    $post_data['hdnMode'] = '';
    $post_data['hdnProductid'] = '';
    $post_data['hdnQuantity'] = '';
    $post_data['hdnBanner'] = '';
    $post_data['cos'] = '';
    $post_data = http_build_query($post_data);
            curl_setopt( $ch, CURLOPT_POSTFIELDS, $post_data);

            $out = curl_exec($ch);
            echo $out;

The thing is that I get a server runtime error as response. I don't really know how am I supposed to form the url maybe. Any help on this?

Thanks in advance

Thanks for your answer this is the error: Server Error in '/' Application. Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine. Details: To enable the details of this specific error message to be — m33ts4k0z, Aug 23 '13 at 12:03
That is the default ASP.NET error page - you need to turn off custom errors in Web.Config to see the real error which might give you a better idea of the problem — Kevin Main, Aug 23 '13 at 12:18
Thanks but I don't have access to the server configuration. I only have a login account that I can use to login and it works normally through the web browser. — m33ts4k0z, Aug 23 '13 at 12:25
What is the "txtDupPassword" param? Should that not be just "txtPassword"? — Kevin Main, Aug 23 '13 at 13:37
Yes you are correct. I've tried to open another webpage and it was set as "Dup" but even when I put it as txtPassword, I don't see any difference, I receive the same error. — m33ts4k0z, Aug 23 '13 at 15:09

score 0 · Answer 1 · edited May 23 '17 at 11:51

0

EDIT: Here's another post that is about curl: Trying to connect to ASPX site using CURL?

I'm not sure how exactly you might do this with curl, but it is relatively easy to post credentials to a website for logging in. Please see the following posts on the matter:

Programmatically logging into a site

Using c#/ASP.NET to programmatically fake a login to a website

The process works like this:

(1) make a GET request to the web page (2) grab the __VIEWSTATE from the response you receive (3) make a post to the url with the desired credentials appended in the following format:

yourtargetwebsiteaddress.com/targetloginpage?__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE={VS}&__EVENTVALIDATION={EV}&{UserNameControl}={UN}&{PasswordControl}={PW}

WHERE

{VS} is the the View state from your initial request
{EV} is the event validation from your initial request
{UserNameControl} is the id of the username control, {UN} is the username you'd like to post
{PasswordControl} is the id of the password control on the web page, {PW} is the password you'd like to post

edited May 23 '17 at 11:51

Community

1
1

answered Aug 23 '13 at 12:31

wes

265
1
11

I'm doing exactly that as stated in your example and in the above post you linked. The thing is that this site requires 3 credentials and not only 2. I do send all 3 of them to the form but its still not working. Using fiddler I noticed that the first thing that comes after I press login manually is a page called redirectpage.aspx. But shouldnt cURL take care of this automatically uppon redirection? – m33ts4k0z Aug 23 '13 at 12:59
did you set an option for it to? I'm not entirely sure how it's supposed to work. http://php.net/manual/en/function.curl-setopt.php – wes Aug 23 '13 at 13:45
Yes thats the purpose of curl_setopt($ch, CURLOPT_POSTREDIR, 2); It redirects the 302 requests. – m33ts4k0z Aug 23 '13 at 15:12
I'd suggest practicing on a simpler site that you can configure (so you can see the error messages in detail). Otherwise, keep banging your head against the wall until an opening appears – wes Aug 23 '13 at 15:14
Well I think I found the cause of this... Using Fiddler I noticed that all the redirections are pointing to localhost instead of the domain in the link in my code. It looks like javascript redirect breaks the cURL. Any suggestions? Should I try to use another language like python to achieve this? – m33ts4k0z Aug 23 '13 at 22:43

Trying to login to an ASPX website using PHP and cURL

1 Answers1