Hey there.
For the past 2 days I've tried to get a script working, but - well - there exist some problems
My intention is, to automatically log me in the Battle.net using my Battle.net-Account, continue to the World of Warcraft Online-Auctionhouse, recieve the data, perform AJAX-Searches and further.
Parsing and displaying data will be realized via Javascript but the direct communication with the servers of WoW has to be via PHP, and therefor via cURL.
Milestone 1 would be, to just be able to get a list of items for sale from this URL:
http://eu.wowarmory.com/auctionhouse...ME&sort=buyout
You will not be able to see any data unless you log-in first.
The Login-site is:
https://eu.battle.net/login/de/login...ex.xml&cr=true (direct reference to the app 'eu.wowarmory.com/auctionhouse/)
This is where I start.
I read the source code, get the URL of the Submit-Button and Post my Login-Information + a hidden value. These are the EXCACT same Information as a normal browser is using, as i analysed the log-in process in firefox via Tamper Data (See GET and POST transactions).
My Firefox will now receive 3 Cookies from the server plus a redirect to the auctionhouse.
I, myself receive the exact same 3 Cookies but a redirect to the Account-management-Page where I can see my personal information (saying my login-data is absolut correct).
WHY ?!?!
I would like to give you 3 Code-Parts.
- My Code
- The Output of my Code
- What Tamper-Data in Firefox says
1) My Code
Code:
//### INIT #####
<?php
function pre($data){
echo "<pre>================================================================================<br/>";
print_r($data);
echo "<br/>//================================================================================</pre>";
}
$s = curl_init();
$cookie_file = substr(__FILE__,0,strrpos(__FILE__,"\\")) . "\AH_Bot_Cookies.txt"; //set the file for Cookie-storage [contains information in the end]
if(file_exists($cookie_file)) unlink($cookie_file); // delete the old file, to only get new cookies
curl_setopt($s, CURLOPT_COOKIEFILE, $cookie_file); // Read cookie file
curl_setopt($s, CURLOPT_COOKIEJAR, $cookie_file); // Write cookie file
curl_setopt($s, CURLOPT_RETURNTRANSFER, TRUE); // Return in string
curl_setopt($s, CURLOPT_SSL_VERIFYPEER, FALSE); // No certificate
curl_setopt($s, CURLOPT_FOLLOWLOCATION, TRUE); // Follow redirections
curl_setopt($s, CURLOPT_HEADER, 1); // Print header
curl_setopt($s, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"); // set User-Agent
//### Get Login-Form ####
$target = "https://eu.battle.net/login/de/login.xml?app=armory&ref=http%3A%2F%2Feu.wowarmory.com%2Fauctionhouse%2Findex.xml&cr=true";
curl_setopt($s, CURLOPT_URL, $target);
$downloaded_page = curl_exec($s);
pre($downloaded_page);
//### Post-Data ##
$link = substr($downloaded_page, strpos($downloaded_page, 'id="loginForm"')); $link = substr($link, strpos($link, 'action="') + strlen('action="'));$link = substr($link, 0, strpos($link, '"')); $target = substr($target, 0, strpos($target, "?")) . $link; // to get the URL where to post my Login-Information. In fact, it is the same URL
curl_setopt($s, CURLOPT_URL, $target);
curl_setopt($s, CURLOPT_POST, 1);
curl_setopt($s, CURLOPT_POSTFIELDS, "accountName=MyMailAdress%40MyMailprovider.com&password=MyPassword&persistLogin=on");
$downloaded_page = curl_exec($s);
pre($downloaded_page);
curl_close($s);
?>
2) The Output of my Code
Code:
================================================================================
HTTP/1.1 200 OK
Date: Thu, 02 Dec 2010 14:01:17 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Set-Cookie: JSESSIONID=F2B6B5CA9811BCE820C8CD1E5DCF8BA7.blade10_05; Path=/login; Secure; HttpOnly
X-App: login
Content-Language: de-DE
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/xhtml+xml;charset=UTF-8
-----
HERE COMES A PLAINTEXT VERSION OF THE LOGIN-FORM FOUND AT
https://eu.battle.net/login/de/login.xml?app=armory&ref=http%3A%2F%2Feu.wowarmory.com%2Fauctionhouse%2Findex.xml&cr=true
-----
//================================================================================
================================================================================
HTTP/1.1 302 Moved Temporarily
Date: Thu, 02 Dec 2010 14:01:17 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Set-Cookie: BA-tassadar=EU-1121397-6IM16su4jJnavVopWaYJeCn4FVjfWF6FOeX; Domain=battle.net; Expires=Thu, 16-Dec-2010 14:01:17 GMT; Path=/login; Secure
Set-Cookie: login.key=11d823536a4c63b8a3a6abe7bc7d4996; Domain=battle.net; Expires=Thu, 16-Dec-2010 14:01:17 GMT; Path=/
Set-Cookie: cl=bc5c72adf606d643f636542c339d1ef8; Domain=battle.net; Path=/login; Secure
Location: https://eu.battle.net/account/management/?ST=EU-1121398-CMCvBCGfcTcfFm72CjfLLHuWEz2fyclmeVR
Content-Language: de-DE
Content-Length: 0
Vary: Accept-Encoding
Content-Type: application/xml
HTTP/1.1 302 Moved Temporarily
Date: Thu, 02 Dec 2010 14:01:17 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Set-Cookie: perm=1; Domain=battle.net; Path=/
Set-Cookie: JSESSIONID=4F240B686667D7724061EC0D854AE902.blade03_02; Path=/account; Secure; HttpOnly
Set-Cookie: opt=1; Domain=battle.net; Expires=Thu, 16-Dec-2010 14:01:17 GMT; Path=/
Location: https://eu.battle.net/account/management/index.xml
Content-Length: 0
Content-Type: text/plain; charset=UTF-8
HTTP/1.1 200 OK
Date: Thu, 02 Dec 2010 14:01:17 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Set-Cookie: perm=1; Domain=battle.net; Path=/
Set-Cookie: bam-queue=eyJ0aWNrZXQiOjUxOTYxLCJsYXN0Tm93U2VydmluZ1NlZW4iOjU0OTI2LCJyZWRpcmVjdFVybCI6Ii9tYW5hZ2VtZW50L2luZGV4LnhtbCJ9; Domain=eu.battle.net; Expires=Sun, 05-Dec-2010 14:01:17 GMT; Path=/account
Set-Cookie: bam-queue-hash="dCWO+r7qiJGIxPcXOackT81LgEw="; Version=1; Domain=eu.battle.net; Max-Age=259200; Expires=Sun, 05-Dec-2010 14:01:17 GMT; Path=/account
Set-Cookie: loc=de-DE; Domain=.battle.net; Expires=Fri, 02-Dec-2011 14:01:17 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-control: no-store, no-cache
Content-Language: de-DE
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/xhtml+xml;charset=UTF-8
----
COMING NOW IS THE PLAINTEXT-VERSION OF THE ACCOUNTMANAGEMENTPAGE, NOT THE AUCTIONHOUSE :-(
//================================================================================
3) What Tamper-Data in Firefox says
First, I navigate to the Login-site, having no information to send (no cookies or anything, everything is blank).
The Servers response is:
Code:
Status=OK - 200
Date=Thu, 02 Dec 2010 12:42:52 GMT
Server=Apache
x-frame-options=SAMEORIGIN, SAMEORIGIN
Pragma=no-cache
Expires=Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control=no-cache, no-store
Set-Cookie=JSESSIONID=28F884DABC961CB76F7ECEC49CCF0262.blade10_05; Path=/login; Secure; HttpOnly
X-App=login
Content-Language=de-DE
Vary=Accept-Encoding
Content-Encoding=gzip
Keep-Alive=timeout=10, max=4000
Connection=Keep-Alive
Transfer-Encoding=chunked
Content-Type=application/xhtml+xml;charset=UTF-8
Just to set a Cookie with JSESSONID.
Next, I log in, sending my information the same URL my cURL-Script is using.
Code:
Host=eu.battle.net
User-Agent=Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding=gzip,deflate
Accept-Charset=ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive=115
Connection=keep-alive
Referer=https://eu.battle.net/login/de/login.xml?app=armory&ref=http%3A%2F%2Feu.wowarmory.com%2Fauctionhouse%2Findex.xml&cr=true
Cookie=JSESSIONID=28F884DABC961CB76F7ECEC49CCF0262.blade10_05; __utma=134253166.252430872.1291293773.1291293773.1291293773.1; __utmb=134253166.1.10.1291293773; __utmc=134253166; __utmz=134253166.1291293773.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Content-Type=application/x-www-form-urlencoded
Content-Length=80
POSTDATA=accountName=MyMailAdress%40MyMailprovider.com&password=MyPassword&persistLogin=on
And I receive the 3 Cookies from the server with a redirect to the auctionhouse:
Code:
Status=Moved Temporarily - 302
Date=Thu, 02 Dec 2010 12:43:06 GMT
Server=Apache
x-frame-options=SAMEORIGIN, SAMEORIGIN
Pragma=no-cache
Expires=Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control=no-cache, no-store
Set-Cookie=BA-tassadar=EU-1056141-EdlFteRioOgqpjmhPelxiNWvVn9vlfCWCLx; Domain=battle.net; Expires=Thu, 16-Dec-2010 12:43:06 GMT; Path=/login; Secure
login.key=73da5e193397d4472af35c3538af940c; Domain=battle.net; Expires=Thu, 16-Dec-2010 12:43:06 GMT; Path=/
cl=5fdde339407049b01a8055c66f74cb25; Domain=battle.net; Path=/login; Secure
Location=http://eu.wowarmory.com/auctionhouse/index.xml?ST=EU-1056142-3LEilx0fqAtNOdIM6tOVwqxFqXcgsbknK6B
Content-Language=de-DE
Vary=Accept-Encoding
Content-Encoding=gzip
Content-Length=20
Keep-Alive=timeout=10, max=4000
Connection=Keep-Alive
Content-Type=application/xml
Once again:
WHY ?!?!
My question to you folks would be: what is going wrong here? Where is my logical mistake??
---------------
THANKS ANYONE FOR READING THIS FAR!!!
Hopefully someone is seeing, what I don't .....
I'd be grateful for ANY hint ....
--
Net^Devil
Join the friendly bunch on IRC...
Log-in to World Of Warcraft Auctionhouse using cURL
Linear Mode
