Answer the question
In order to leave comments, you need to log in
L
L
LI2015-09-29 08:38:17
LI, 2015-09-29 08:38:17
How to log in to VK using CURl and PHP?
Good afternoon. Vkontakte now has the following authorization scheme.
1. There are two hashes on the login page: ip_h and lg_h. These hashes are substituted into the login form.
2. When logging in, a POST request is sent with these hashes, login and password to https://login.vk.com/?act=login , which sets the remixq cookie.
3. Next, we are redirected to vk.com/login.php?act=slogin&to=&s=1&__q_hash=xxx , where remixq cookies are substituted for xxx.
4. And only after that, Vkontakte sets the remixsid cookie, by which you can already enter the network.
I first parse the hashes from the login page:
$url = 'http://vk.com';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'content-type: application/x-www-form-urlencoded',
'origin: http://vk.com',
'referer: http://vk.com/',
));
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
$content = curl_exec($ch);
preg_match_all("/name=\"ip_h\" value=\"(.*?)\" \\//s", $content, $res[0]);
preg_match_all("/name=\"lg_h\" value=\"(.*?)\" \\//s", $content, $res[1]);Next, I substitute these hashes in the POST request:
$url = 'http://login.vk.com/?act=login';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X; en-us) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'act=login&role=al_frame&_origin=http://vk.com&ip_h='.$res[0][1][0].'&ig_h='.$res[1][1][0].'&email=myemail&pass=mypass');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'content-type: application/x-www-form-urlencoded',
'origin: http://vk.com',
'referer: http://vk.com/',
));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
echo curl_exec($ch);But in response I get not setting the necessary cookies (remixq), but deleting them:
set-cookie:remixmid=DELETED; expires=Thu, 01 Jan 1970 00:00:01GMT;path=/;domain=.vk.com
set-cookie:remixsid=DELETED; expires=Thu, 01 Jan 1970 00:00:01GMT;path=/;domain=.vk.com
set-cookie:remixsid6=DELETED; expires=Thu, 01 Jan 1970 00:00:01GMT;path=/;domain=.vk.com
set-cookie:remixgid=DELETED; expires=Thu, 01 Jan 1970 00:00:01T;path=/;domain=.vk.com
The same response is obtained if incorrect data is sent. What am I missing? Is someone now able to log in to VKontakte via CURL (not via API)? Previously, this scheme allowed you to pass authorization, but now it has stopped.
2 answer(s)
@LoginIP
D
DevMan, 2015-09-29 @LoginIP
you're missing out on curl being able to cook cookies:
www.electrictoolbox.com/php-curl-cookies
blog.davenicholas.me.uk/2013/04/session-cookies-an...
google -> php curl cookie
Similar questions
S
H
M
N
R
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question