Using PHP Curl to redirect to my school portal

Question

I'm trying to connect to my school's portal using PHP Curl but having no luck because it seems to redirect to certain pages. I am making an webapp for showing the school schedule in jQuery mobile but in order to show your own schedule you need to log in and go to your schedule from there. This is what I intend to achieve using CURL with PHP.

I have used the tutorial from http://codeaid.net/php/get-the-last-effective-url-from-a-series-of-redirects-for-the-given-url which works with the given links, but I cannot find out which link I should use to redirect to my schools portal.

If anyone has an idea which steps to follow to know which URL you have to use that would be very helpful.

The code I've used:

<?php function getLastEffectiveUrl($url)
    {
         // initialize cURL
         $curl = curl_init($url);
         curl_setopt_array($curl, array(
         CURLOPT_RETURNTRANSFER => true,
         CURLOPT_FOLLOWLOCATION => true,
    ));

    // execute the request
    $result = curl_exec($curl);

    // fail if the request was not successful
    if ($result === false) {
        curl_close($curl);
        return null;
}

          // extract the target url
          $redirectUrl = curl_getinfo($curl, CURLINFO_EFFECTIVE_URL);
          curl_close($curl);

          return $redirectUrl;
    }

    $lastEffectiveUrl = getLastEffectiveUrl('https://login.hhs.nl');
    echo $lastEffectiveUrl . "-";
?>

Again this is a tutorial I've followed from Codeaid and I take no credit for making this myself.

The link to my schools page is https:// portal.hhs.nl and as you can see if you go there it redirects me to another page.

Answer 1

What you want to do is near impossible ... They applied several redirects with several methods and security tokens ... Let me explain:

At first look, i thought i was redirected by header(), but when i used Tamper Data the picture became more clear:

1) When you open https://portal.hhs.nl, you're redirected by some meta tags

<META name="verify-v1" content="Yh6PvgPdX64Vdo9akXqTvstTouu9uQcvrPpFaL9jqZs=" />
<META name="verify-v1" content="eiUD3J3OcF6SjBKGe5ZvkMTzVEJ9rnpr1NaCKV9OIKw=" />
<meta name="google-site-verification" content="Ka0UPoAllNqYvbuviJCk8iV64YfqfWbX6G1APHdY5tg" />
<META content="text/html; charset=windows-1252" http-equiv=Content-Type>
<META content="0; URL=http://portal.hhs.nl/portal/pls/portal/PORTAL.home" http-equiv=Refresh>

So you have to parse those meta tags, and redirect ... here's how you do it PHP: Can CURL follow meta redirects

2) For some reasons i can't "open" the data when i'm redirected with Tamper Data, so you have to do some research on this step ...

3) And here's another "redirect" technique, with JavaScript !!!

<FORM NAME="SingleSignOn" METHOD="POST" ACTION="https://aselect.hhs.nl/aselectserver/server" >
<INPUT TYPE="HIDDEN" NAME="request" VALUE="direct_login1" >
<INPUT TYPE="HIDDEN" NAME="rid" VALUE="C741680139CA153E" >
<INPUT TYPE="HIDDEN" NAME="a-select-server" VALUE="aselectserver1" >
</FORM>
</BODY>

Just parse those and redirect to https://aselect.hhs.nl/aselectserver/server with those POST values ...

4) Finally we're on https://aselect.hhs.nl/aselectserver/server where we actually input our credentials, and where you also should parse data and send it with the credentials. After this step only you know what's behind the portal ...

Conclusion: Those security measures make it clear that they want to stop some automated kiddies like us, and what if someday those steps were changed ? What i suggest is to ask the school for some API, i know some schools in the Netherlands that uses Untis and they have a great API that returns some JSON data !

If you insist or if it's not possible to get your hand on an API, then get ready for some hard work !

Veel succes (good luck) !