CURL login to page that uses token

Question

I'm using php curl to try and log in to a form that is using a token. I've tried different combinations, some of them from StackOverflow but can't seem to get it right.

Here is my code so far:

$html = new simple_html_dom();

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://www.example.de/My-account');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, '');

$response = curl_exec($ch);
$html->load($response);

foreach($html->find('input[name="jtl_token"]') as $content){
    $token = $content->value;
}

$credentials = [
    'jtl_token' => $token,
    'email' => 'my@email.com',
    'passwort' => 'password',
    'login' => 1
];

curl_setopt($ch, CURLOPT_URL, 'https://www.example.de/My-account');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($credentials));
curl_setopt($ch, CURLOPT_COOKIEFILE, '');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);

echo $response;

I'm using simple_html_dom class to get the token and then I just try to send it to that page but it doesn't work, the response is the page before log in.

Thank you.

This token **might** be a token to avoid CSRF login. It's unique for the current session and can't be used on another application that have a different session. — Cid, Sep 19 '18 at 07:14
That may be true, but I believe that curl can also retrieve and store cookies. Try looking for curl options that include words like "session" and "cookie". — minitauros, Sep 19 '18 at 07:20
You need to store the cookie from the first call and pass it along in the second call. — M. Eriksson, Sep 19 '18 at 07:22
Hey @MagnusEriksson, how do i pass it along to the second call? :-s — emma, Sep 19 '18 at 07:22
First you need to save it from the first call: [How do I save cookies from a response to a cURL request using php?](https://stackoverflow.com/questions/7917970/how-do-i-save-cookies-from-a-response-to-a-curl-request-using-php). Then you can send it: [How can I send cookies using PHP curl in addition to CURLOPT_COOKIEFILE?](https://stackoverflow.com/questions/16872082/how-can-i-send-cookies-using-php-curl-in-addition-to-curlopt-cookiefile) (Just ignore the manual cookie in the answer). — M. Eriksson, Sep 19 '18 at 07:26

CURL login to page that uses token

0 Answers0