• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Logging into other websites through PHP

#1
[eluser]B___[/eluser]
Hello:

I'm wondering if anyone can put me in the right direction for how one would log into a website through a PHP script. I've seen websites do this before as the two examples below demonstrate.

Examples:
- Facebook: You can give Facebook your gMail, hotmail, etc username and password and it will retreive the email addresses and names of everyone on your contact list.
- Mint, Wasabe, etc: You can give your username and password for your online banking accounts and they will retrieve your recent transactions.

So for example, if there was a blog that was membership based, and had no email option (ie: you must open your browser and login everytime), and you wanted to build an application that would log into the account for you (say every 6 hours using cron) and email any updates to you, how would you do this?

Accessing the site through the DOM (using an extension like PHP Simple HTML DOM Parser and setting up the cron file are no problems, but how to actually login to the site through PHP and deal with the cookies and sessions involved is what stumps me. Googling this hasn't helped so far as I just get a bunch of web apps' Login page as the results.

Any suggestions? Big thanks in advance!

Note: There are some fairly obvious security concerns with what I've outlined above (ie: giving your banking username/password to a third-party). However, it is the theory of how to do this for personal use that interests me, so I am more interested in starting a discussion regarding the theory of doing this and less on the security implications. Thanks!

#2
[eluser]Frank Berger[/eluser]
Most, if not all of the quoted services offer a Soap or XML-RPC based interface to their service, which is utilized by facebook and such.

Most (if not all) providers like yahoo or google require you to register your webservice/website in order to retrieve its customers data (even if you provide the users name and password). With register I mean a formalized contract or Service agreement (so in case your app goes bogus, you can be sued). Although, there are several degrees of services you might be able to access on a fairly low service-agreement level. It is for example fairly easy to implement google-accounts or yahoo-accounts on your web-app (that means that a user can authenticate to your webapp with his or her google or yahoo account).

If you try to do this through simple html retrieval and response with appropriate Post commands to simulate a user login in, you're most likely in violation with the service's Terms of use.

For the technical part, look into cURL ( http://php.net/curl ) for a complete set of http/1.1 interaction (including get, post, put with cookies and such). With parsing the resulting web-page you're often on your own, a dom/xml parser might help you here, regexp might get you there faster. If you don't want to crack websites or exploit users, a service-agreement and xml-rpc is the much more preferable choice, and not subject to layout-redesigns on the providers website.

cheers
Frank

#3
[eluser]B___[/eluser]
That was EXACTLY the information I needed! Thanks so much for your help! Smile


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.