php – I can not log in to the site through curl-ThrowExceptions

Exception or error:

I can’t understand what I’m doing wrong. There is a service site: https://demo.moneta.ru/login.htm. The usual form with a token. I knock on the page, save the cookies, take the token from the form. The next request I send to the address from the form data. With cookies and token. I get a fig. 401.

I checked everything, I send the same data, the same headers. Tell me, what am I missing?

$receipt = new Receipt;

$receipt->get_scrf();
echo $receipt->get_auth();

Class Receipt {
    private $scrf;

    private $login_page_url = 'https://demo.moneta.ru/login.htm';
    private $login_action_url = 'https://demo.moneta.ru/login';

    private $login = 'LOGIN';
    private $password = "PASSWORD";

    public function get_auth(){
    $headers = [
        'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
        'Accept-Encoding: gzip, deflate, br',
        'Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7',
        'Cache-Control: max-age=0',
        'Origin: https://demo.moneta.ru',
        'Referer: https://demo.moneta.ru/login.htm',
        'Sec-Fetch-Dest: document',
        'Sec-Fetch-Mode: navigate',
        'Sec-Fetch-Site: same-origin',
        'Sec-Fetch-User: ?1',
        'Upgrade-Insecure-Requests: 1',
        'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36',
        'Content-Type: application/x-www-form-urlencoded',
        'Connection: keep-alive'
    ];

        $post = [
            'state' => $this->scrf,
            'target' => 'desktop',
            'login' => $this->login,
            'password' => $this->password
        ];

        return $this->get_page($this->login_action_url, $post, $headers);
    }

    public function get_scrf(){
        $page_html = $this->get_page($this->login_page_url);

        preg_match('/\<input\ type\=\"hidden\"\ name\=\"state\"\ value\=\"([0-9a-z\-]+)\"\>/', $page_html, $matches, PREG_OFFSET_CAPTURE);

        if(isset($matches[1][0])){
            $this->scrf = $matches[1][0];
            return $matches[1][0];
        }
        return null;
    }

    private function get_page($url, $post=null, $headers=null){
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url );
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__).'/cookie.txt');
        curl_setopt($ch, CURLOPT_COOKIEFILE,  dirname(__FILE__).'/cookie.txt');
        curl_setopt($ch, CURLOPT_POST, $post!==null );

        if($headers){
            curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        }

        if($post){
            curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
        }
        $data = curl_exec($ch);
        curl_close($ch);
        return $data;
    }
}

Request from browser

How to solve:

You have

curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

where $post is an associative array.

From the documentation

If value is an array, the Content-Type header will be set to multipart/form-data.

This is not the behavior of the form and conflicts with the Content-Type header you explicitly set:

'Content-Type: application/x-www-form-urlencoded'

 

Try passing POST data to curl_setopt($ch, CURLOPT_POSTFIELDS, ... as an URL-encoded string;

you just need http_build_query()

curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query( $post ) );

Leave a Reply

Your email address will not be published. Required fields are marked *