Why is it difficult to log in to Barnes & Noble's mobile site using Curl, SSL, and cookies?

How to Log In with Curl, SSL, and Cookies

When attempting to log into barnesandnoble.com using Curl, SSL, and cookies, some users encounter difficulties due to differences in website protocols and potential cookie handling issues. Here's a breakdown of the problem and a solution:

Problem:

• Users are unable to log into barnesandnoble.com's mobile site using Curl.
• The returned page displays no errors, and the email field defaults to the login form's email input box.
• The same code successfully logs into eBay, indicating that the issue lies in the barnesandnobles website's unique characteristics.

Solution:

To successfully log into barnesandnoble.com using Curl, consider the following:

• URL Encoding: Ensure that URL parameters (such as email and password) in the post string are properly URL-encoded.
• x Value: Include the x value as part of the login URL. This value is typically extracted from the initial response.

Here's an example script that incorporates these solutions:

// Options
$EMAIL = '[email protected]';
$PASSWORD = 'yourpassword';
$cookie_file_path = "/tmp/cookies.txt";
$LOGINURL = "https://cart2.barnesandnoble.com/mobileacct/op.asp?stage=signIn";
$agent = "Nokia-Communicator-WWW-Browser/2.0 (Geos 3.0 Nokia-9000i)";

// Begin Script
$ch = curl_init();

// Extra Headers
$headers[] = "Accept: */*";
$headers[] = "Connection: Keep-Alive";

// Basic Curl Options
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);

// Initial URL
curl_setopt($ch, CURLOPT_URL, $LOGINURL);

// Get Cookies and Form Inputs
$content = curl_exec($ch);

// Extract Hidden Inputs
$fields = getFormFields($content);
$fields['emailAddress'] = $EMAIL;
$fields['acctPassword'] = $PASSWORD;

// Get x Value
$x = '';
if (preg_match('/op\.asp\?x=(\d+)/i', $content, $match)) {
    $x = $match[1];
}

// Updated Login URL
$LOGINURL = "https://cart2.barnesandnoble.com/mobileacct/op.asp?x=$x";

// Post Options
curl_setopt($ch, CURLOPT_URL, $LOGINURL);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));

// Perform Login
$result = curl_exec($ch);

print $result;

// Helper Function to Extract Form Inputs
function getFormFields($data)
{
    $inputs = array();

    $elements = preg_match_all('/(<input[^>]+>)/is', $data, $matches);

    if ($elements > 0) {
        for ($i = 0; $i < $elements; $i++) {
            $el = preg_replace('/\s{2,}/', ' ', $matches[1][$i]);

            if (preg_match('/name=(?:["\'])?([^"\'\s]*)/i', $el, $name)) {
                $name = $name[1];
                $value = '';

                if (preg_match('/value=(?:["\'])?([^"\'\s]*)/i', $el, $value)) {
                    $value = $value[1];
                }

                $inputs[$name] = $value;
            }
        }
    }

    return $inputs;
}

Remember to modify the $EMAIL and $PASSWORD variables with your actual login credentials. Additionally, the $cookie_file_path should point to a writable location on the file system.

Once you have logged in, you can create a new Curl object, specifying the COOKIEFILE and COOKIEJAR options, and you will remain authenticated without performing the initial steps.

The above is the detailed content of Why is it difficult to log in to Barnes & Noble's mobile site using Curl, SSL, and cookies?. For more information, please follow other related articles on the PHP Chinese website!