PHP Curl Twitter Check if data is correct

1

I was able to do what I wanted, but how do I check to see if the user data is correct?

In the previous question I asked how I would do to get all cookies if the user and password exists on Twitter, I was able to do this with the code I'm going to put here.

But how do I check if the data is correct?

If you have the message: Login and correct password , otherwise show me Bad login and password .

My code:

<?php

$username = 'pdosilva1020';
$password = '';

function start($username, $password) {
    $request = curl_init();
    curl_setopt_array($request, [
            CURLOPT_URL                         => 'https://twitter.com',
            CURLOPT_CUSTOMREQUEST       => 'GET',
            CURLOPT_RETURNTRANSFER  => true,
            CURLOPT_SSL_VERIFYPEER  => false,
            CURLOPT_SSL_VERIFYHOST  => false,
            CURLOPT_HEADER                  => true,
            CURLOPT_COOKIEJAR               => getcwd() . '/cookies/' . $username . '.txt',
            CURLOPT_USERAGENT               => $_SERVER['HTTP_USER_AGENT'],
            CURLOPT_HEADERFUNCTION  => function($curl, $header) use (&$cookie) {
                if (stripos($header, 'Set-Cookie:') === 0) {
                    if (preg_match('/^Set-Cookie: \s*([^;]*)/i', $header, $matches)) {
                        $cookie .= $matches[1] . '; ';
                    }
                }
                return strlen($header);
            }
        ]
    );
    $response = curl_exec($request);

    preg_match('/value="(.*?)" name="authenticity_token"/', $response, $matches);

    $authenticity_token = $matches[1];

    $post_fields = http_build_query([
        'session' => [
            'username_or_email' => $username,
            'password'                  => $password
        ],
            'return_to_ssl'                 => true,
            'scribe_log'                        => '',
            'redirect_after_login'  => '/',
            'authenticity_token'        => $authenticity_token
        ]
    );

    curl_setopt_array($request, [
            CURLOPT_URL                         => 'https://twitter.com/sessions',
            CURLOPT_CUSTOMREQUEST       => 'POST',
            CURLOPT_POSTFIELDS          => $post_fields,
            CURLOPT_RETURNTRANSFER  => true,
            CURLOPT_SSL_VERIFYPEER  => false,
            CURLOPT_SSL_VERIFYHOST  => false,
            CURLOPT_HEADER                  => true,
            CURLOPT_FOLLOWLOCATION  => true,
            CURLOPT_COOKIE                  => $cookie,
            CURLOPT_USERAGENT               => $_SERVER['HTTP_USER_AGENT'],
            CURLOPT_HTTPHEADER          => [
                'accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4',
                'content-type: application/x-www-form-urlencoded',
                'origin: https://twitter.com',
                'referer: https://twitter.com/login',
            ],
        ]
    );

    $response = curl_exec($request);
    curl_close($request);

}

var_dump(start($username, $password));
    
asked by anonymous 05.10.2017 / 00:26

2 answers

2

I believe that in order to answer this, all you have to do is erase and set your password on Twitter and see the difference in the answers.

Based on this, the difference between the right and wrong password is:

  • If it hit it gives a "Location:" to:

    link

  • If it miss it gives a "Location:" to:

    link

If you know what CURLOPT_HEADERFUNCTION works with, then you know how to get "Location" through it.

I recommend read the documentation , instead of giving Ctrl + C, Ctrl + V without have an idea of what your code is doing. Your code already uses the feature that could be used for this purpose.

As an example, you could use:

    CURLOPT_HEADERFUNCTION  => function($curl, $header) use (&$cookie, &$location) {
        if (stripos($header, 'Set-Cookie:') === 0) {
            if (preg_match('/^Set-Cookie: \s*([^;]*)/i', $header, $matches)) {
                $cookie .= $matches[1] . '; ';
            }
        }

        if (stripos($header, 'Location:') === 0) {
            $location = trim(str_ireplace('Location:', '', trim($header)));
        }

        return strlen($header);
    }

Now you have $location , it should be previously set to $location = '' . This should be done on your second request, obviously, since it is he who logs in.

So you can:

$location = trim(explode('?', $location)[0], '/');

switch ($location) {
    case 'https://twitter.com':
        echo 'Tudo certo';
        break;
    case 'https://twitter.com/account/access':
        echo 'Conta bloqueada';
        break;
    case 'https://twitter.com/account/login_verification':
        echo 'Conta exige 2FA';
        break;
    default:
        echo 'Senha inválida';
        break;
}

That's one of the millions of possibilities you have. Of course you should turn off CURLOPT_FOLLOWLOCATION , or it will follow the path and return a different value.

In the end it will look like:

function start($username, $password)
{
    $request = curl_init();
    $cookie = '';
    $location = '';

    curl_setopt_array($request, [
            CURLOPT_URL => 'https://twitter.com',
            CURLOPT_CUSTOMREQUEST => 'GET',
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_SSL_VERIFYPEER => false,
            CURLOPT_SSL_VERIFYHOST => false,
            CURLOPT_HEADER => true,
            CURLOPT_COOKIEJAR => getcwd() . '/cookies/' . $username . '.txt',
            CURLOPT_USERAGENT => $_SERVER['HTTP_USER_AGENT'],
            CURLOPT_HEADERFUNCTION => function ($curl, $header) use (&$cookie) {
                if (stripos($header, 'Set-Cookie:') === 0) {
                    if (preg_match('/^Set-Cookie: \s*([^;]*)/i', $header, $matches)) {
                        $cookie .= $matches[1] . '; ';
                    }
                }
                return strlen($header);
            }
        ]
    );
    $response = curl_exec($request);

    preg_match('/value="(.*?)" name="authenticity_token"/', $response, $matches);

    $authenticity_token = $matches[1];

    $post_fields = http_build_query([
            'session' => [
                'username_or_email' => $username,
                'password' => $password
            ],
            'return_to_ssl' => true,
            'scribe_log' => '',
            'redirect_after_login' => '/',
            'authenticity_token' => $authenticity_token
        ]
    );

    curl_setopt_array($request, [
            CURLOPT_URL => 'https://twitter.com/sessions',
            CURLOPT_CUSTOMREQUEST => 'POST',
            CURLOPT_POSTFIELDS => $post_fields,
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_SSL_VERIFYPEER => false,
            CURLOPT_SSL_VERIFYHOST => false,
            CURLOPT_FOLLOWLOCATION => false,
            CURLOPT_COOKIE => $cookie,
            CURLOPT_USERAGENT => $_SERVER['HTTP_USER_AGENT'],
            CURLOPT_HEADERFUNCTION => function ($curl, $header) use (&$cookie, &$location) {
                if (stripos($header, 'Set-Cookie:') === 0) {
                    if (preg_match('/^Set-Cookie: \s*([^;]*)/i', $header, $matches)) {
                        $cookie .= $matches[1] . '; ';
                    }
                }

                if (stripos($header, 'Location:') === 0) {
                    $location = trim(str_ireplace('location: ', '', trim($header)));
                }

                return strlen($header);
            },

            CURLOPT_HTTPHEADER => [
                'accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4',
                'content-type: application/x-www-form-urlencoded',
                'origin: https://twitter.com',
                'referer: https://twitter.com/login',
            ],
        ]
    );

    $response = curl_exec($request);
    curl_close($request);


    echo '<br>';
    echo $location = trim(explode('?', $location)[0], '/');

    switch ($location) {
        case 'https://twitter.com':
            echo 'Tudo certo';
            break;
        case 'https://twitter.com/account/access':
            echo 'Conta bloqueada';
            break;
        case 'https://twitter.com/account/login_verification':
            echo 'Conta exige 2FA';
            break;
        default:
            echo 'Senha inválida';
            break;
    }
}
    
05.10.2017 / 07:42
2
The simple solution I found was the following, in curl that gets my post :

curl_setopt_array($request, [
        CURLOPT_URL                         => 'https://twitter.com/sessions',
        CURLOPT_CUSTOMREQUEST       => 'POST',
        CURLOPT_POSTFIELDS          => $post_fields,
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_SSL_VERIFYHOST  => false,
        CURLOPT_HEADER                  => true,
        CURLOPT_FOLLOWLOCATION  => true,
        // CURLOPT_COOKIE                   => $cookiesOBJ->cookies,
        CURLOPT_USERAGENT               => $_SERVER['HTTP_USER_AGENT'],
        CURLOPT_HTTPHEADER          => [
            'accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4',
            'content-type: application/x-www-form-urlencoded',
            'origin: https://twitter.com',
            'referer: https://twitter.com/login',
        ],
    ]
);

$response = curl_exec($request);
curl_close($request);

I left CURLOPT_HEADER => false was as true , and soon after I returned in json :

if ($response === '') {
    echo json_encode([
            'error'     => false,
            'message'   => 'Logado com sucesso, aguarde...'
        ]
    );
} else {
    echo json_encode([
            'error'     => true,
            'message'   => 'Usuário e/ou Senha incorretos'
        ]
    );
}

I want to be able to do this, but I do not know how to do this.     

05.10.2017 / 16:00