How can I login to instagram using php and curl and get a sessionid?
Solution 1
change
$cookieFileContent = str_replace('sessionid=; ', '', $cookieFileContent);
for
$cookieFileContent = str_replace('sessionid=""; ', '', $cookieFileContent);
Add
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
And you will be logged in.
It works:
define('USERNAME', "");
define('PASSWORD', "");
define('USERAGENT', "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36");
define('COOKIE', USERNAME.".txt");
function login_inst() {
@unlink(dirname(__FILE__)."/!instagram/".COOKIE);
$url="https://www.instagram.com/accounts/login/?force_classic_login";
$ch = curl_init();
$arrSetHeaders = array(
"User-Agent: USERAGENT",
'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language: en-US,en;q=0.5',
'Accept-Encoding: deflate, br',
'Connection: keep-alive',
'cache-control: max-age=0',
);
curl_setopt($ch, CURLOPT_HTTPHEADER, $arrSetHeaders);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__)."/!instagram/".COOKIE);
curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__)."/!instagram/".COOKIE);
curl_setopt($ch, CURLOPT_USERAGENT, USERAGENT);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$page = curl_exec($ch);
curl_close($ch);
//var_dump($page);
// try to find the actual login form
if (!preg_match('/<form method="POST" id="login-form" class="adjacent".*?<\/form>/is', $page, $form)) {
die('Failed to find log in form!');
}
$form = $form[0];
// find the action of the login form
if (!preg_match('/action="([^"]+)"/i', $form, $action)) {
die('Failed to find login form url');
}
$url2 = $action[1]; // this is our new post url
// find all hidden fields which we need to send with our login, this includes security tokens
$count = preg_match_all('/<input type="hidden"\s*name="([^"]*)"\s*value="([^"]*)"/i', $form, $hiddenFields);
$postFields = array();
// turn the hidden fields into an array
for ($i = 0; $i < $count; ++$i) {
$postFields[$hiddenFields[1][$i]] = $hiddenFields[2][$i];
}
// add our login values
$postFields['username'] = USERNAME;
$postFields['password'] = PASSWORD;
$post = '';
// convert to string, this won't work as an array, form will not accept multipart/form-data, only application/x-www-form-urlencoded
foreach($postFields as $key => $value) {
$post .= $key . '=' . urlencode($value) . '&';
}
$post = substr($post, 0, -1);
preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $page, $matches);
$cookieFileContent = '';
foreach($matches[1] as $item)
{
$cookieFileContent .= "$item; ";
}
$cookieFileContent = rtrim($cookieFileContent, '; ');
$cookieFileContent = str_replace('sessionid=""; ', '', $cookieFileContent);
$oldContent = file_get_contents(dirname(__FILE__)."/!instagram/".COOKIE);
$oldContArr = explode("\n", $oldContent);
if(count($oldContArr))
{
foreach($oldContArr as $k => $line)
{
if(strstr($line, '# '))
{
unset($oldContArr[$k]);
}
}
$newContent = implode("\n", $oldContArr);
$newContent = trim($newContent, "\n");
file_put_contents(
dirname(__FILE__)."/!instagram/".COOKIE,
$newContent
);
}
$arrSetHeaders = array(
'origin: https://www.instagram.com',
'authority: www.instagram.com',
'upgrade-insecure-requests: 1',
'Host: www.instagram.com',
"User-Agent: USERAGENT",
'content-type: application/x-www-form-urlencoded',
'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language: en-US,en;q=0.5',
'Accept-Encoding: deflate, br',
"Referer: $url",
"Cookie: $cookieFileContent",
'Connection: keep-alive',
'cache-control: max-age=0',
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__)."/!instagram/".COOKIE);
curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__)."/!instagram/".COOKIE);
curl_setopt($ch, CURLOPT_USERAGENT, USERAGENT);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $arrSetHeaders);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
sleep(5);
$page = curl_exec($ch);
/*
preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $page, $matches);
COOKIEs = array();
foreach($matches[1] as $item) {
parse_str($item, COOKIE1);
COOKIEs = array_merge(COOKIEs, COOKIE1);
}
*/
//var_dump($page);
curl_close($ch);
}
This function return Instagram page by url:
function curl_inst($url) {
$arrSetHeaders = array(
'origin: https://www.instagram.com',
'authority: www.instagram.com',
'method: GET',
'upgrade-insecure-requests: 1',
'Host: www.instagram.com',
"User-Agent: USERAGENT",
'content-type: application/x-www-form-urlencoded',
'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'accept-language:ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7,uk;q=0.6',
'accept-encoding: deflate, br',
"Referer: https://www.instagram.com",
'Connection: keep-alive',
'cache-control: max-age=0',
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__)."/!instagram/".COOKIE);
curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__)."/!instagram/".COOKIE);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); //connection timeout in seconds
curl_setopt($ch, CURLOPT_USERAGENT, USERAGENT);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $arrSetHeaders);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$page = curl_exec($ch);
if (!curl_errno($ch)) {
switch ($http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE)) {
case 200: # OK
//echo 'All OK: ', $http_code, "\n";
//var_dump($page);
curl_close($ch);
return $page;
default:
echo 'Error: ', $http_code, "\n";
curl_close($ch);
break;
}
}
}
Next step:
login_inst();
sleep(5);
$page = curl_inst('https://www.instagram.com/explore/tags/stackoverflow/');
var_dump($page);
Solution 2
EDIT: The problem is for my username and password I am being directed to the "Suspicious Login Attempt" page. "We Detected An Unusual Login Attempt To secure your account, let us know if it was you"
Facebook/Instagram is (correctly) detecting you're trying to violate their Terms of Service, which forbid this sort of thing, and has thus put a roadblock in place that probably requires you to do something like solve a CAPTCHA.
You should use the official Instagram API instead.
Luke
Updated on June 08, 2022Comments
-
Luke almost 2 years
I am using this PHP code found in the answer on this question : Instagram login programmatically When I check the cookie.txt sessionid is "" . is there a way I can change this code to make it get a sessionid cookie ? csrftoken,rur,mid,urlgen all seem to be set correctly but I dont know...I need the sessionid to explore tags programmatically.
EDIT: The problem is for my username and password I am being directed to the "Suspicious Login Attempt" page. "We Detected An Unusual Login Attempt To secure your account, let us know if it was you" EDIT : one of my account works every time ,only the other shows the "Suspicious Login Attempt" page. ??? :/ ???
what is that all about ?
$username = "yourname"; $password = "yourpass"; $useragent = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/50.0.2661.102 Chrome/50.0.2661.102 Safari/537.36"; $cookie=$username.".txt"; @unlink(dirname(__FILE__)."/".$cookie); $url="https://www.instagram.com/accounts/login/?force_classic_login"; $ch = curl_init(); $arrSetHeaders = array( "User-Agent: $useragent", 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language: en-US,en;q=0.5', 'Accept-Encoding: deflate, br', 'Connection: keep-alive', 'cache-control: max-age=0', ); curl_setopt($ch, CURLOPT_HTTPHEADER, $arrSetHeaders); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__)."/".$cookie); curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__)."/".$cookie); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); $page = curl_exec($ch); curl_close($ch); // try to find the actual login form if (!preg_match('/<form method="POST" id="login-form" class="adjacent".*?<\/form>/is', $page, $form)) { die('Failed to find log in form!'); } $form = $form[0]; // find the action of the login form if (!preg_match('/action="([^"]+)"/i', $form, $action)) { die('Failed to find login form url'); } $url2 = $action[1]; // this is our new post url // find all hidden fields which we need to send with our login, this includes security tokens $count = preg_match_all('/<input type="hidden"\s*name="([^"]*)"\s*value="([^"]*)"/i', $form, $hiddenFields); $postFields = array(); // turn the hidden fields into an array for ($i = 0; $i < $count; ++$i) { $postFields[$hiddenFields[1][$i]] = $hiddenFields[2][$i]; } // add our login values $postFields['username'] = $username; $postFields['password'] = $password; $post = ''; // convert to string, this won't work as an array, form will not accept multipart/form-data, only application/x-www-form-urlencoded foreach($postFields as $key => $value) { $post .= $key . '=' . urlencode($value) . '&'; } $post = substr($post, 0, -1); preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $page, $matches); $cookieFileContent = ''; foreach($matches[1] as $item) { $cookieFileContent .= "$item; "; } $cookieFileContent = rtrim($cookieFileContent, '; '); $cookieFileContent = str_replace('sessionid=; ', '', $cookieFileContent); $oldContent = file_get_contents(dirname(__FILE__)."/".$cookie); $oldContArr = explode("\n", $oldContent); if(count($oldContArr)) { foreach($oldContArr as $k => $line) { if(strstr($line, '# ')) { unset($oldContArr[$k]); } } $newContent = implode("\n", $oldContArr); $newContent = trim($newContent, "\n"); file_put_contents( dirname(__FILE__)."/".$cookie, $newContent ); } $arrSetHeaders = array( 'origin: https://www.instagram.com', 'authority: www.instagram.com', 'upgrade-insecure-requests: 1', 'Host: www.instagram.com', "User-Agent: $useragent", 'content-type: application/x-www-form-urlencoded', 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language: en-US,en;q=0.5', 'Accept-Encoding: deflate, br', "Referer: $url", "Cookie: $cookieFileContent", 'Connection: keep-alive', 'cache-control: max-age=0', ); $ch = curl_init(); curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__)."/".$cookie); curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__)."/".$cookie); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, $arrSetHeaders); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_REFERER, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); sleep(5); $page = curl_exec($ch); preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $page, $matches); $cookies = array(); foreach($matches[1] as $item) { parse_str($item, $cookie1); $cookies = array_merge($cookies, $cookie1); } var_dump($page); curl_close($ch);
-
Serhii almost 6 yearsEDIT : one of my account works every time ,only the other shows the "Suspicious Login Attempt" page. ??? :/ ??? try not to login at instagram for a few days
-
brasofilo over 3 yearsVery good one. There's a small change nowadays
<form data-encrypt method="POST"
- the data-encrypt was added. -
ttvd94 almost 3 yearsThis official API is almost useless since you'll need approval, making it annoying for individual developers to experiment new ideas.
-
ceejayoz almost 3 years@ttvd94 Developers bypass approval requirements. Approval is only needed to make the app available to others. Experiment away!
-
ttvd94 almost 3 yearsUsing this code I get
HTTP/2 400 Bad request
-
ttvd94 almost 3 yearsInstagram browser app sends password in an encoded form now.