How CURL Login with Captcha and Session
27,269
Solution 1
A captcha is intended to differentiate between humans and robots (programs). Seems like you are trying to log in with a program. The captcha seems to do its job :).
I don't see a legal way around.
Solution 2
It happens because,
You took your captcha image from first getURL (ie first curl_exec) and processed the captcha but to submit your captcha you are requested getURL (ie again curl_exec) which means to a new page with a new captcha again.
So you are placing the old captcha and putting it in the new captcha. I'm having the same problem & resolved it.
Author by
yudo hartono
Updated on August 10, 2020Comments
-
yudo hartono almost 4 years
define('COOKIE', './cookie.txt'); define('MYURL', 'https://register.pandi.or.id/main'); function getUrl($url, $method='', $vars='', $open=false) { $agents = 'Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16'; $header_array = array( "Via: 1.1 register.pandi.or.id", "Keep-Alive: timeout=15,max=100", ); static $cookie = false; if (!$cookie) { $cookie = session_name() . '=' . time(); } $referer = 'https://register.pandi.or.id/main'; $ch = curl_init(); if ($method == 'post') { curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "$vars"); } curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, $header_array); curl_setopt($ch, CURLOPT_USERAGENT, $agents); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 5); curl_setopt($ch, CURLOPT_MAXREDIRS, 10); curl_setopt($ch, CURLOPT_REFERER, $referer); curl_setopt($ch, CURLOPT_COOKIE, $cookie); curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIE); curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIE); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); $buffer = curl_exec($ch); if (curl_errno($ch)) { echo "error " . curl_error($ch); die; } curl_close($ch); return $buffer; } function save_captcha($ch) { $agents = 'Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16'; $url = "https://register.pandi.or.id/jcaptcha"; static $cookie = false; if (!$cookie) { $cookie = session_name() . '=' . time(); } $ch = curl_init(); // Initialize a CURL session. curl_setopt($ch, CURLOPT_URL, $url); // Pass URL as parameter. curl_setopt($ch, CURLOPT_USERAGENT, $agents); curl_setopt($ch, CURLOPT_COOKIESESSION, true); curl_setopt($ch, CURLOPT_COOKIE, $cookie); curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIE); curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Return stream contents. curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1); // We'll be returning this $data = curl_exec($ch); // // Grab the jpg and save the contents in the curl_close($ch); // close curl resource, and free up system resources. $captcha_tmpfile = './captcha/captcha-' . rand(1000, 10000) . '.jpg'; $fp = fopen($tmpdir . $captcha_tmpfile, 'w'); fwrite($fp, $data); fclose($fp); return $captcha_tmpfile; } if (isset($_POST['captcha'])) { $id = "yudohartono"; $pw = "mypassword"; $postfields = "navigation=authenticate&login-type=registrant&username=" . $id . "&password=" . $pw . "&captcha_response=" . $_POST['captcha'] . "press=login"; $url = "https://register.pandi.or.id/main"; $result = getUrl($url, 'post', $postfields); echo $result; } else { $open = getUrl('https://register.pandi.or.id/main', '', '', true); $captcha = save_captcha($ch); $fp = fopen($tmpdir . "/cookie12.txt", 'r'); $a = fread($fp, filesize($tmpdir . "/cookie12.txt")); fclose($fp);<form action='' method='POST'> <img src='<?php echo $captcha ?>' /> <input type='text' name='captcha' value=''> <input type='submit' value='proses'> </form>";if (!is_readable('cookie.txt') && !is_writable('cookie.txt')) { echo "cookie fail to read"; chmod('../pandi/', '777'); } }this cookie.txt
# Netscape HTTP Cookie File # http://curl.haxx.se/rfc/cookie_spec.html # This file was generated by libcurl! Edit at your own risk. register.pandi.or.id FALSE / FALSE 0 JSESSIONID 05CA8241C5B76F70F364CA244E4D1DF4
after i submit form just display
HTTP/1.1 200 OK Date: Wed, 27 Apr 2011 07:38:08 GMT Server: Apache-Coyote/1.1 X-Powered-By: Servlet 2.4; Tomcat-5.0.28/JBoss-4.0.0 (build: CVSTag=JBoss_4_0_0 date=200409200418) Content-Length: 0 Via: 1.1 register.pandi.or.id Content-Type: text/plain X-Pad: avoid browser bug
if not error "Captcha invalid" always failed login to pandi what wrong in my script?
I'm not want to Break Captcha but i want display captcha and user input captcha from my web page, so user can registrar domain dotID from my web automaticaly -
Phliplip about 13 yearsI agree with @bazmegakapa - But you might want to read up on this cs.sfu.ca/~mori/research/gimpy
-
yudo hartono about 13 yearsi get captcha and display for user input and than login, i do this because i want my client can register domain automaticaly to pandi.or.id and manage they domain from my webpage, because pandi.or.id didn't have API like other domain registrar
-
kapa about 13 yearsHave you contacted PANDI? Should start with that.
-
yudo hartono about 13 yearsi have contact PANDI and they said they did't have API or reseller program so we must manual register domain for our client
-
kapa about 13 years@yudo hartono They should give some clue, you shouldn't have to break a bloody captcha to do this :).
-
Anggie Aziz over 10 yearsCant we grab the picture and let us input the captcha manually?
-
hanshenrik about 6 years@kapa i'm pretty sure stackoverflow is about technical solutions, not legal advice. although there is a law.stackexchange.com
