Using cURL to log in to this website

jvvg

I'm trying to write a PHP script to perform some routine maintenance stuff, but I'm currently stuck trying to get it to log in.

Here's my code:

define('SRV_ROOT', dirname(__FILE__));

//get CSRF token
$data = file_get_contents(SRV_ROOT . '/scratch-cookies.txt');
preg_match('%Set-Cookie: csrftoken=(.*?) expires=%', $data, $matches);
$token = str_replace('"Set-Cookie: csrftoken=', '', $matches[1]);
$token = stripslashes($token);

//make login request
$ch = curl_init();
curl_setopt($ch, CURLOPT_REFERER, 'http://scratch.mit.edu/accounts/login/');
curl_setopt($ch, CURLOPT_URL, 'http://scratch.mit.edu/accounts/login');
curl_setopt($ch, CURLOPT_HEADER, 0); // no headers in the output
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // output to variable
curl_setopt($ch, CURLOPT_COOKIEFILE, SRV_ROOT . '/scratch-cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, SRV_ROOT . '/scratch-cookies.txt');
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 7);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36');
$login = 'csrfmiddlewaretoken=' . $token . '&username=modshare&password=***&next=%2F';
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $login);
$data = curl_exec($ch);
curl_close($ch);

However, it does not appear to be logging in when I do that.

Does anybody know how to do that?

Last edited by jvvg (Aug. 12, 2013 23:47:27)

Professional web developer and lead engineer on the Scratch Wiki
Maybe the Scratch Team isn't so bad — Why the April Fools' Day forum didn't work last year

MathWizz

You are aware that you just posted your password, right?

running Chromium 42.0.2311.90 with Flash Player 15.0.0.189 on Arch Linux 3.19.5-1-ck
MathWizz — JsScratch && sb.js & Amber (coming soon! maybe)

jvvg

MathWizz wrote:
You are aware that you just posted your password, right?

Oops…
Password changing time!

Professional web developer and lead engineer on the Scratch Wiki
Maybe the Scratch Team isn't so bad — Why the April Fools' Day forum didn't work last year

gtoal

jvvg wrote:
I'm trying to write a PHP script to perform some routine maintenance stuff, but I'm currently stuck trying to get it to log in.

Here's my code:
…
Does anybody know how to do that?

I realise this is an old post I'm following up, but it's the only one to be found anywhere on the net concerning how to access a scratch page with cURL after logging in. I wasted about an hour today trying to do the same thing, so I'm posting here with a working solution using curl (in a bash script) for the benefit of the next person who needs to do this…

In my case I'm looking at both cloud variables (which don't need a password to read) and cloud history (which does).

# get the actual cloud variables:
curl -s http://scratch.mit.edu/varserver/32836744 > vars.json
# get cookie:
curl -s --cookie-jar scratch-login.cookie --referer http://scratch.mit.edu/accounts/login/ http://scratch.mit.edu/accounts/login/ > login-index.html
# extract csrfmiddlewaretoken:
export TOKEN="csrfmiddlewaretoken=$(grep csrftoken scratch-login.cookie | sed 's/^.*csrftoken\s*//')"
# log in:
echo $TOKEN';username=gtoal;password='$SCRATCHPASS';next=%2Fcloudmonitor%2F32836744%2F' > scratch-private-formdata
curl -s -X POST -d @scratch-private-formdata --cookie scratch-login.cookie --cookie-jar scratch-logged-in.cookie --referer http://scratch.mit.ed/accounts/login/  http://scratch.mit.edu/accounts/login/ > homepage.html
# now get history:
curl -s --cookie scratch-logged-in.cookie --form $TOKEN --referer http://scratch.mit.edu/accounts/login/ http://scratch.mit.edu/cloudmonitor/log/32836744/ > cloudmon.html

Some of the above is probably redundant. I stopped tweaking it once I got it to work.

Graham

bobbybee

gtoal wrote:
jvvg wrote:
I'm trying to write a PHP script to perform some routine maintenance stuff, but I'm currently stuck trying to get it to log in.

Here's my code:
…
Does anybody know how to do that?

I realise this is an old post I'm following up, but it's the only one to be found anywhere on the net concerning how to access a scratch page with cURL after logging in. I wasted about an hour today trying to do the same thing, so I'm posting here with a working solution using curl (in a bash script) for the benefit of the next person who needs to do this…

In my case I'm looking at both cloud variables (which don't need a password to read) and cloud history (which does).
# get the actual cloud variables:
curl -s http://scratch.mit.edu/varserver/32836744 > vars.json
# get cookie:
curl -s --cookie-jar scratch-login.cookie --referer http://scratch.mit.edu/accounts/login/ http://scratch.mit.edu/accounts/login/ > login-index.html
# extract csrfmiddlewaretoken:
export TOKEN="csrfmiddlewaretoken=$(grep csrftoken scratch-login.cookie | sed 's/^.*csrftoken\s*//')"
# log in:
echo $TOKEN';username=gtoal;password='$SCRATCHPASS';next=%2Fcloudmonitor%2F32836744%2F' > scratch-private-formdata
curl -s -X POST -d @scratch-private-formdata --cookie scratch-login.cookie --cookie-jar scratch-logged-in.cookie --referer http://scratch.mit.ed/accounts/login/  http://scratch.mit.edu/accounts/login/ > homepage.html
# now get history:
curl -s --cookie scratch-logged-in.cookie --form $TOKEN --referer http://scratch.mit.edu/accounts/login/ http://scratch.mit.edu/cloudmonitor/log/32836744/ > cloudmon.html
Some of the above is probably redundant. I stopped tweaking it once I got it to work.

Graham

When I get off my laziness streak (

), I'll see if I can port this to node for usage with scratch-llvm.
Although, something interesting that I've noticed is that the tokens seem to never expire…

“Ooo, can I call you Señorita Bee?” ~Chibi-Matoran

Discuss Scratch