Twitter data and blocked account vitrification [duplicate]

1

Following the concept This happened to me, and now it does not want to work any more.

First

I enter with a normal account, without being blocked.

Second

Soon it's on my system and it blocks, I go on twitter and it sends me to twitter.com/account/access

In case of this system it was to show the link in var_dump($header); also, and thus to play in switch as @Inkeliz mentioned in the answer.

But none of this worked, just Incorrect user and / or password works, and correct username and password important to warn the user that the account has been blocked does not work, here is the whole code:

<?php

$obj = new stdClass;
$obj->cookies = '';
$obj->location = '';

$request = curl_init();
curl_setopt_array($request, [
        CURLOPT_URL                         => 'https://twitter.com/',
        CURLOPT_CUSTOMREQUEST       => 'GET',
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYHOST  => false,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_HEADER                  => true,
        CURLOPT_HEADERFUNCTION  => function($curl, $header) use (&$obj) {
            if (stripos($header, 'Set-Cookie:') === 0) {
                if (preg_match('/^Set-Cookie: \s*([^=]*)=([^;]*)/mi', $header, $matches)) {
                    $obj->cookies .= $matches[1] . '=' . $matches[2] . '; ';
                    $obj->{$matches[1]} = $matches[2];
                }
            }
            return strlen($header);
        }
    ]
);
$response = curl_exec($request);

if (preg_match('/value="(.*?)" name="authenticity_token"/', $response, $matches)) {
    $authenticity_token = $matches[1];
}

$post = http_build_query([
            'session' => [
                'username_or_email' => 'teste1',
                'password'          => 'teste0'
        ],
        'return_to_ssl'         => true,
        'scribe_log'            => '',
        'redirect_after_login'  => '/',
        'authenticity_token'    => $authenticity_token
        ]
    );

curl_setopt_array($request, [
        CURLOPT_URL                         => 'https://twitter.com/sessions',
        CURLOPT_CUSTOMREQUEST       => 'POST',
        CURLOPT_POSTFIELDS          => $post,
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYHOST  => false,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_FOLLOWLOCATION  => false,
        CURLOPT_HEADER                  => true,
        CURLOPT_HTTPHEADER          => [
            'content-type:application/x-www-form-urlencoded',
            'origin:https://twitter.com',
            'referer:https://twitter.com/login',
            'upgrade-insecure-requests:1',
            'user-agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36',
        ],
        CURLOPT_HEADERFUNCTION  => function($curl, $header) use (&$obj) {
            if (stripos($header, 'Set-Cookie:') === 0) {
                if (preg_match('/^Set-Cookie: \s*([^=]*)=([^;]*)/mi', $header, $matches)) {
                    $obj->cookies .= $matches[1] . '=' . $matches[2] . '; ';
                    $obj->{$matches[1]} = $matches[2];
                }
            }
            if (stripos($header, 'Location:') === 0) {
        $obj->location = trim(str_ireplace('Location:', '', trim($header)));
      }
            return strlen($header);
        },
        CURLOPT_COOKIE                  => $obj->cookies,
    ]
);
$response = curl_exec($request);
curl_close($request);

$obj->location = trim(explode('?', $obj->location)[0], '/');

echo $obj->location;

Return me https:twitter.com

    
asked by anonymous 22.10.2017 / 18:32

2 answers

2

You will have a high performance cost, after all you have to do more than one request.

First enable CURLOPT_FOLLOWLOCATION , so it will make all necessary requests.

Then, get the current page using curl_getinfo :

    $response = curl_exec($request);
    $info = curl_getinfo($request);
    curl_close($request)

    $location = trim(explode('?', $info['url'])[0], '/');

    switch ($location) {
        case 'https://twitter.com':
            echo 'Tudo certo';
            break;
        case 'https://twitter.com/account/access':
            echo 'Conta bloqueada';
            break;
        default:
            echo 'Senha inválida';
            break;
    }

This will not be able to detect 2FA, since cookies are not sent between requests, except that it uses the native cookie manager. So in this case it will have the same invalid password result.

Then at the end:

<?php

$obj = new stdClass;
$obj->cookies = '';

$request = curl_init();
curl_setopt_array($request, [
        CURLOPT_URL                         => 'https://twitter.com/',
        CURLOPT_CUSTOMREQUEST       => 'GET',
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYHOST  => false,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_HEADER                  => true,
        CURLOPT_HEADERFUNCTION  => function($curl, $header) use (&$obj) {
            if (stripos($header, 'Set-Cookie:') === 0) {
                if (preg_match('/^Set-Cookie: \s*([^=]*)=([^;]*)/mi', $header, $matches)) {
                    $obj->cookies .= $matches[1] . '=' . $matches[2] . '; ';
                    $obj->{$matches[1]} = $matches[2];
                }
            }
            return strlen($header);
        }
    ]
);
$response = curl_exec($request);

if (preg_match('/value="(.*?)" name="authenticity_token"/', $response, $matches)) {
    $authenticity_token = $matches[1];
}

$post = http_build_query([
            'session' => [
                'username_or_email' => 'teste1',
                'password'          => 'teste0'
        ],
        'return_to_ssl'         => true,
        'scribe_log'            => '',
        'redirect_after_login'  => '/',
        'authenticity_token'    => $authenticity_token
        ]
    );

curl_setopt_array($request, [
        CURLOPT_URL                         => 'https://twitter.com/sessions',
        CURLOPT_CUSTOMREQUEST       => 'POST',
        CURLOPT_POSTFIELDS          => $post,
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYHOST  => false,
        CURLOPT_SSL_VERIFYPEER  => false,
              CURLOPT_FOLLOWLOCATION  => true,
        CURLOPT_HEADER                  => true,
        CURLOPT_HTTPHEADER          => [
            'content-type:application/x-www-form-urlencoded',
            'origin:https://twitter.com',
            'referer:https://twitter.com/login',
            'upgrade-insecure-requests:1',
            'user-agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36',
        ],
        CURLOPT_HEADERFUNCTION  => function($curl, $header) use (&$obj) {
            if (stripos($header, 'Set-Cookie:') === 0) {
                if (preg_match('/^Set-Cookie: \s*([^=]*)=([^;]*)/mi', $header, $matches)) {
                    $obj->cookies .= $matches[1] . '=' . $matches[2] . '; ';
                    $obj->{$matches[1]} = $matches[2];
                }
            }

            return strlen($header);
        },
        CURLOPT_COOKIE                  => $obj->cookies,
    ]
);

$response = curl_exec($request);
    $info = curl_getinfo($request);
curl_close($request);

    $location = trim(explode('?', $info['url'])[0], '/');

    switch ($location) {
        case 'https://twitter.com':
            echo 'Tudo certo';
            break;
        case 'https://twitter.com/account/access':
            echo 'Conta bloqueada';
            break;
        default:
            echo 'Senha inválida';
            break;
    }
    
22.10.2017 / 19:40
3

Solved with the following:

It makes the first request and sends to session checks if data is correct, if it is check if the account needs to be unblocked, then after request of the post, just do the same procedure as the first request .

$request = curl_init();
curl_setopt_array($request, [
        CURLOPT_URL                         => 'https://twitter.com/',
        CURLOPT_CUSTOMREQUEST       => 'GET',
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYHOST  => false,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_HEADER                  => true,
        CURLOPT_COOKIE                  => $obj->cookies,
        CURLOPT_HEADERFUNCTION  => function($curl, $header) use (&$obj) {
            if (stripos($header, 'Set-Cookie:') === 0) {
                if (preg_match('/^Set-Cookie: \s*([^=]*)=([^;]*)/mi', $header, $matches)) {
                    $obj->cookies .= $matches[1] . '=' . $matches[2] . '; ';
                    $obj->{$matches[1]} = $matches[2];
                }
            }
            if (stripos($header, 'Location:') === 0) {
        $obj->location = trim(str_ireplace('Location:', '', trim($header)));
      }
            return strlen($header);
        }
    ]
);
$response = curl_exec($request);
curl_close($request);

Notice that I did the same check as in request of my curl of the post.

    
22.10.2017 / 19:32