-1

I have tried to use cURL in PHP to login to the site https://play.binweevils.com But I have failed to do so. This is the HTML FORM code of the login page : 

<!--Login Form -->
        <form id="login-play-form" action="https://www.binweevils.com/login" method="POST">
        <input type="hidden" name="redirect_url" value="https://play.binweevils.com/game.php">
        <input class="name login-payment-input" type="text" name="userID" id="userID" value="" required>
        <input class="password login-payment-input" type="password" name="password" id="password" required>
        <a class="remember-me" onclick="toggleTick(); return false;">
                <label for="rememberMe">
                    <input type="checkbox" name="rememberMe" id="rememberMe" checked="checked">
                    <input type="hidden" name="form_token" id="form_token" value="aea58a7b633f2d75c0a6235a5ce65797" />

And below is my attempted PHP : 

function login(){

$ch = curl_init("https://www.binweevils.com/login");

curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'userID=mo_salah&password=test&rememberMe=on&form_token=0c2fde897a3c212f5b7b759b45e023b2');
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 OPR/47.0.2631.55');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
}

For some reason this isn't working. I would appreciate if anyone can help to make any amendments. This is the data being posted to the URL : Data being parsed to URL (PLEASE NOTE THE FORM TOKEN IS NOT THE SAME, IT DIFFERENTIATES EVERY TIME)

EDIT : THE LOGIN FUNCTION WORKS

However when attempting to access an API in the game via CURL, an error occurs.

function changeDef(login) {         
    $curl = curl_init("http://lb.binweevils.com/weevil/change-definition?rndVar=");
    curl_setopt($curl, CURLOPT_POST, true);
    define('USER_AGENT', 'Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36');
    curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
    $timer = 201186;
    $idx = 223743722;
    $weevilDef = 422430521103011300; 
    $hash = "51f4aaecdd00ca5aa00cc7a48e2917d3";
    curl_setopt($curl, CURLOPT_POSTFIELDS, "hash=".$hash."&weevilDef=".$weevilDef."&st=".$timer."&idx=".$idx);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_COOKIEFILE, "cookies.txt");
    $responsedef = trim(curl_exec($curl));
    curl_close($curl);
    print $responsedef;
}

The error is the following : Error How can I fix this?

Nigel Ren
  • 56,122
  • 11
  • 43
  • 55
James Tyreece
  • 15
  • 5

1 Answers1

0

So, the web app is rejecting your request because a value for "userIDX" is not in its session data. Without knowing the web app's code, it's tough to know the reason why other than to guess. You do send idx=... so I'm guessing that's where it would get the value of "userIDX".

Guess #1 (fingers crossed): The [PHP doc for curl_setopt()1 says there are two ways to set CURLOPT_POSTFIELDS: string or array. It then says "If value is an array, the Content-Type header will be set to multipart/form-data". This implies that if value is string, this header is not set. And (guessing here) that might be why it doesn't get idx. So, try this (while crossing fingers):

curl_setopt($curl, CURLOPT_POSTFIELDS, [ 
    "hash" => $hash, 
    "weevilDef" => $weevilDef,
    "st" => $timer,
    "idx" => $idx
]);
BareNakedCoder
  • 3,257
  • 2
  • 13
  • 16