How to make Curl post Using Php involving cookies

Question

I am developing a script involving Php Curl to send sms using http://www.gysms.com/freesms.php The page stores a cookie PHPSESSID and also a hidden field named token is passed during the posting.

I have written a script involving two curl requests. 1st curl request parse the page and obtain the token value .

Here is the code for that:

<?php

$phone = '9197xxxxxxx';
$msg = 'Hi this is curlpost';
$get_cookie_page = 'http://www.gysms.com/freesms.php';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $get_cookie_page);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$sabin = curl_exec($ch);
$html=explode('<input  type="hidden" name="trigger" value="',$sabin);
$html=explode('"/>',$html[1]);
//store the token value to $html[0]
?>

Curl post is done using the following code:

<?php
$fields = array(
                            'trigger'=>urlencode($html[0]), //token value
                            'number'=>urlencode($phone),  //phone no
                            'message'=>urlencode($msg) //message

                );

//posting curl request
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string,'&');
$url = 'http://www.gysms.com/freesms.php';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');

//execute post
$result = curl_exec($ch);
echo $result;
curl_close($ch);
?>

The sms is not sending Using the above code. If the sms is sent It should show sms is send to-No. I don't Know where I went wrong. Please help, I am new to PHP. Finally this attempt is only for my educational purpouse.

score 3 · Accepted Answer · answered Jul 10 '12 at 18:49

Here is some code I came up with that worked. Hope it helps. Some explanations and feedback about your code follow.

<?php

$number     = '14155556666';
$message    = 'This is my text in all its glory.';

$url        = 'http://www.gysms.com/freesms.php';
$cookieFile = tempnam(null, 'SMS');
$userAgent  = 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0';

if (strlen($message) > 100) {
    die('Message length cannot exceed 100 characters.');
}

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFile);
curl_setopt($ch, CURLOPT_COOKIEJAR,  $cookieFile);
curl_setopt($ch, CURLOPT_USERAGENT,  $userAgent); // empty user agents probably not accepted
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_AUTOREFERER,    1); // enable this - they check referer on POST

$html = curl_exec($ch);

// <input  type="hidden" name="trigger" value="CXXrtmqVC7KbUnJ22UBodFy1kBj4ign5PsQ3qNR91nH2055307b4xP4"/>
if (!preg_match('/name=.trigger.\s+value=.([^\'"]+)/i', $html, $trigger)) {
    die('Failed to locate hidden input value');
}

sleep(5);  // without a slight delay, i often would not receive sms

$trigger = $trigger[1];

// build array of post values - all are important
$post = array('number'  => $number,
              'trigger' => $trigger,
              'message' => $message,
              'remLen'  => 100 - strlen($message),
              $trigger  => 'Send Message');

// switch request to POST, use http_build_query to encode post data for us
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));

$html = curl_exec($ch);

if (strpos($html, '<b>Message sent to</b>') !== false) {
    echo "Message sent!";
} else {
    echo "<b>Message not sent :(</b><br /><br />";
    echo $html;
}

I think you may have had trouble for several reasons:

A User-Agent should be specified in the request, they seem to reject if you leave it empty
I used http_build_query to build the POST string (preference)
You were missing 2 fields in the request, remLen, and the trigger value as the submit button
I often would not receive the messages if I didn't sleep a few seconds before sending the message after getting the trigger value.

In most of the cases where I didn't get the message, it still showed the "Message sent to phone #" on the screen even though it never came. Once I combined all the right things (sleep time, user agent, valid post fields) I would see the success message but also get the response.

I think the most critical thing left out from your code was that on the first request where you grab the trigger value, they also set a cookie (PHPSESSID) that you are required to capture. Without sending that on the POST request it was probably an automatic reject.

To get around this, make sure you capture cookies on the first request as well as subsequent requests. I chose to re-use the same curl handle for both requests. You don't have to do it that way, but you would have to use the same cookie file and cookie jar between requests.

Hope that helps.

Excellent!! .Thanks a lot it as very helpful as well as educative. — Sabin Jose, Jul 11 '12 at 01:12
The trick of extracting the trigger (which is basically a token) is really good and useful! Thank you! — jonnyjava.net, Jan 29 '16 at 23:10

How to make Curl post Using Php involving cookies

1 Answers1

Linked