-1

Greetings StacksOverFlow Devs,

I'm trying to figure out earlier why the hidden input values at the website not appearing when I try to echo it and I used preg_match_all and made the hidden value POST.

I want to echo both at the same time but that is my problem couz it's not appearing.

Here is my code:

<?php

function get_data($url)
{   
    $ch = curl_init();   
    $timeout = 10;   
    curl_setopt($ch,CURLOPT_URL,$url);   
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);   
    curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);   
    $data = curl_exec($ch);   
    curl_close($ch);   
    return $data;
}  

$returned_content = get_data('https://secure.tesco.com/account/en-GB/login');

$container = $returned_content;

preg_match_all('(<form\s.*</form>)', $container, $forms);

print_r($forms);

$_POST['_csrf'] = $csrf;
$_POST['state'] = $state;

echo "<font color=red><b>CSRF</b></font> : ".$csrf."<br/>";
echo "<font color=red><b>STATE</b></font> : ".$state."<br/>";

?>

Can someone help me about this?

UG-Clarck
  • 5
  • 3

1 Answers1

0

Xpath is the way to go try this! 

$dom = new \DOMDocument();
@$dom->loadHTML($container);
$x = new \DOMXPath($dom);
echo $_csrf = $x->query('//input[@name="_csrf"]')->item(0)->getAttribute('value');
echo $state = $x->query('//input[@name="state"]')->item(0)->getAttribute('value');
Kamran
  • 2,711
  • 2
  • 17
  • 24
  • Is there any other way for my code to work? other than using Xpath/Dom – UG-Clarck Aug 24 '16 at 05:59
  • you can write a regex to get the fields but DOM is more reliable. `$_POST` will not work because you are not posting any data to form. – Kamran Aug 24 '16 at 06:02
  • Do you have time to help me for some minutes over teamviewer? Or is that possible for you? – UG-Clarck Aug 24 '16 at 06:05
  • I'm getting this warning on my other code in where I added your code above. Warning: Call to a member function getAttribute() on a non-object in – UG-Clarck Aug 24 '16 at 06:08
  • try echoing your $content to see what is being returned from `https://secure.tesco.com/account/en-GB/login`. – Kamran Aug 24 '16 at 07:06