Problem with login using CURL PHP?

Gentlemen, good afternoon. There is a website rating.rucoop.ru/secondary
Authorization using CURL
There is the following code:
<?php 
mb_internal_encoding('UTF-8');
 function auth($url, $cookie, $post)
{
 $curl = curl_init();
 curl_setopt($curl, CURLOPT_URL, $url); 
 curl_setopt($curl, CURLOPT_HEADER, true);
 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 
 curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
 curl_setopt($curl, CURLOPT_TIMEOUT, 30); 
 curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36'); 
 curl_setopt($curl, CURLOPT_POST, true);
 curl_setopt($curl, CURLOPT_POSTFIELDS, $post);
 curl_setopt($curl, CURLOPT_COOKIEJAR, $cookie); 
 curl_setopt($curl, CURLOPT_COOKIEFILE, $cookie);
 return curl_exec($curl);
}

 read_brs function($url, $last_url, $cookie)
{
 $curl = curl_init();
 curl_setopt($curl, CURLOPT_URL, $url); 
 curl_setopt($curl, CURLOPT_REFERER, $last_url);
 curl_setopt($curl, CURLOPT_HEADER, true);
 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 
 curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
 curl_setopt($curl, CURLOPT_TIMEOUT, 30); 
 curl_setopt($curl, CURLOPT_POST, 0);
 curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 6.0; EN; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3'); 
 curl_setopt($curl, CURLOPT_COOKIEJAR, $cookie);
 curl_setopt($curl, CURLOPT_COOKIEFILE, $cookie);
 return curl_exec($curl);
}

 $cookie_file = realpath("cookie.txt");
 $post = "utf8=✓&user[email]=test&user[password]=12345&commit=Login";
 $url = 'http://rating.rucoop.ru/secondary/users/sign_in';
 $newUrl = "http://rating.rucoop.ru/secondary/ratings/for_group";

 echo auth($url, $cookie_file, $post);
 read_brs echo($newUrl, $url, $cookie_file);
?>


We seem to be as persistent cookie, but when you get to the desired page of the website, going straight to the page authorization.
If I did not write it, do not throw stones, I'm just learning) All good)
March 19th 20 at 09:24
1 answer
March 19th 20 at 09:26
There is a protected with a CSRF token, you need to get it and send in the request headers.
Need to reuse a CURL session.

Sketched you the code:

Code
<?php 
mb_internal_encoding('UTF-8');

 function get_token($curl, $url, $cookie) {
 curl_setopt($curl, CURLOPT_URL, $url); 
 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 
 curl_setopt($curl, CURLOPT_TIMEOUT, 30); 
 curl_setopt($curl, CURLOPT_COOKIEJAR, $cookie); 
 curl_setopt($curl, CURLOPT_COOKIEFILE, $cookie);
 $response = curl_exec($curl);

 if (preg_match('/<meta content="([^"]+)" name="csrf-token"/s', $response, $matches)) {
 return $matches[1];
 } 
}

 function auth($curl, $url, $cookie, $post, $csrf_token)
{
 $headers = array(
 'X-CSRF-Token: '.$csrf_token,
 'X-Requested-With: XMLHttpRequest'
);
 curl_setopt($curl, CURLOPT_URL, $url); 
 curl_setopt($curl, CURLOPT_HEADER, true);
 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 
 curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
 curl_setopt($curl, CURLOPT_TIMEOUT, 30); 
 curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36'); 
 curl_setopt($curl, CURLOPT_POST, true);
 curl_setopt($curl, CURLOPT_POSTFIELDS, $post);
 curl_setopt($curl, CURLOPT_COOKIEJAR, $cookie); 
 curl_setopt($curl, CURLOPT_COOKIEFILE, $cookie);
 curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
 return curl_exec($curl);
}

 function read_brs( $curl, $url, $last_url, $cookie)
{
 curl_setopt($curl, CURLOPT_URL, $url); 
 curl_setopt($curl, CURLOPT_REFERER, $last_url);
 curl_setopt($curl, CURLOPT_HEADER, true);
 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 
 curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
 curl_setopt($curl, CURLOPT_TIMEOUT, 30); 
 curl_setopt($curl, CURLOPT_POST, 0);
 curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 6.0; EN; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3'); 
 curl_setopt($curl, CURLOPT_COOKIEJAR, $cookie);
 curl_setopt($curl, CURLOPT_COOKIEFILE, $cookie);
 return curl_exec($curl);
}

 $curl = curl_init();
 $cookie_file = realpath("cookie.txt");
 $post = "utf8=✓&user[email]=Pogodinaa&user[password]=12345&commit=Login";
 $url = 'http://rating.rucoop.ru/secondary/users/sign_in';
 $newUrl = "http://rating.rucoop.ru/secondary/ratings/for_group";
 $csrf_token = get_token($curl, 'http://rating.rucoop.ru/secondary/',$cookie_file);
 echo auth($curl, $url, $cookie_file, $post, $csrf_token);
 read_brs echo($curl, $newUrl, $url, $cookie_file);
?>
Thank you! - Alvera_Heathcote32 commented on March 19th 20 at 09:29
Thank you! Your code is really working... - clarissa.Stokes commented on March 19th 20 at 09:32

Find more questions by tags PHP