im trying to automate a login to Zoho CRM. I'm trying to Log In using my data in a http call but looks like it doesn't work. I would like to know if anyone has achieved this.
What I tried:
POST to https://accounts.zoho.com/login
with body:
{
LOGIN_ID: "username",
PASSWORD: "password",
IS_AJAX: "true",
remember :-1,
servicename: "ZohoCRM"
}
The response I get:
Status 200
showErrorAndReload('Please\x20reload\x20the\x20page\x20and\x20try\x20again.');
I just recently had to do a lot of research and trial and error to figure this one out. Be sure to use Postman or something else to test this out for your app.
Get the iamcsr value from the cookie you receive by visiting https://accounts.zoho.com/
Here is what the value looks like
Note: You can't reuse or hardcode that value in. Your app has to generate it each login.
Insert the following values into the link below and POST it.
login_id = your Zoho account login
password = your Zoho account password
unix_timestamp = generate a current unix timestamp with milliseconds
iamcsr = value received from cookie
The parameter values for remember, servicename, and serviceurl always remain the same.
https://accounts.zoho.com/signin/auth?LOGIN_ID={login_id}&PASSWORD={password}&cli_time={unix_timestamp}&remember=2592000&iamcsrcoo={iamcsr}&servicename=AaaServer&serviceurl=https://accounts.zoho.com/u/
To verify you have successfully logged in you will receive the following response:
showsuccess('https\x3A\x2F\x2Faccounts.zoho.com\x2Fu\x2F',"",'', '', '-1', 'dXM\x3D');
This will get you through the login portion and will authenticate you to do further actions assuming your app has stored cookies for the current session.
I made a Php script based on Christian Barahona answer:
Get session cookie
$useragent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36';
$cookie_file_path = 'cookie.txt';
$curl = curl_init('https://accounts.zoho.com/signin?servicename=AaaServer&serviceurl=%2Fu%2Fh/');
curl_setopt($curl, CURLOPT_USERAGENT, $useragent);
curl_setopt($curl,CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl,CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_COOKIEJAR,
$cookie_file_path);
curl_exec($curl);
Login
//Read cookies file
$cookies = curl_getinfo($curl, CURLINFO_COOKIELIST);
foreach ($cookies as $cookie){
$splitted=preg_split('/\s+/',$cookie);
if($splitted[0]=="accounts.zoho.com"){
if($splitted[sizeof($splitted)-2]=="iamcsr"){
$iamscr=$splitted[sizeof($splitted)-1];
}
}
}
//return current unix timestamp in milliseconds
function milliseconds() {
$mt = explode(' ', microtime());
return ((int)$mt[1]) * 1000 + ((int)round($mt[0] * 1000));
}
$postValues = array(
'LOGIN_ID' => '*******',
'PASSWORD' => '*******',
'cli_time'=> milliseconds(),
'remember'=> '2592000',
'iamcsrcoo'=> $iamscr,
'servicename'=> 'AaaServer',
'serviceurl'=> 'https://accounts.zoho.com/u/h'
);
$postValuesFormatted = http_build_query($postValues);
curl_setopt($curl, CURLOPT_URL, 'https://accounts.zoho.com/signin/auth');
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postValuesFormatted);
curl_setopt($curl, CURLOPT_COOKIEFILE, $cookie_file_path);
curl_exec($curl);
Curl any page while logged
curl_setopt($curl, CURLOPT_URL, 'https://accounts.zoho.com/u/h');
curl_setopt($curl, CURLOPT_POST, false);
$result = curl_exec($curl);
Related
Using the following code to try and create the signature and get the bearer token.
<?php
$tm=time();
$param_str = "grant_type=client_credentials&oauth_consumer_key=xxxx&oauth_nonce=xxx&oauth_signature_method=HMAC-SHA256&oauth_timestamp=".$tm."&oauth_version=1.0";
//die($param_str);
$base_str = "POST&" .urlencode("https://account.api.here.com/oauth2/token") . "&" . urlencode($param_str);
//die($base_str);
$sign_key = urlencode("xxxxxxxxxxxxxxxxxxxxxxxxx")."&";
$signature= hash_hmac("sha256",$base_str,$sign_key);
$url = "https://account.api.here.com/oauth2/token";
$ch = curl_init( $url );
$headers = [
'Content-Type: application/x-www-form-urlencoded',
'Authorization: OAuth oauth_consumer_key="xxx",oauth_nonce="xxx",oauth_signature="'.$signature.'",oauth_signature_method="HMAC-SHA256",oauth_timestamp="'.$tm.'",oauth_version="1.0"',
'Cache-Control: no-cache'
];
$payload="grant_type=client_credentials";
curl_setopt( $ch, CURLOPT_POSTFIELDS, $payload );
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
# Return response instead of printing.
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
# Send request.
$result = curl_exec($ch);
curl_close($ch);
?>
Tried various combinations. Getting the same error (Signature mismatch. Authorization signature or client credential is wrong). Even tried copying the exact url encoded string from the document, replacing relevant information and still not working. Is there something I am not understanding at all from the documentation or something I am missing here in my code.
The reason for signature mismatch is that the one you created is different than the one server created. Check the following –
Did you convert the signing key and base string into bytes before
passing it to HMAC-SHA256 hashing algorithm.
Did you convert the output of HMAC-SHA256 hashing algorithm into
base64 string.
also check this link if this can help you.
I created a valid ticket using a webservice call...code shown below
$url="http://serverip:port/alfresco/service/api/login?u=xxx&pw=xxx";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
$response =curl_exec($ch);
Now using this ticket i want to authenticate alfresco without again entering username and password.Also i want to create a valid cookie JSESSIONID inside browser with this ticket...Is it feasible??
my purpose is to integrate a php application with alfresco....php application already has an authentication system...so i want to bypass the authentication of alfresco
You need to append below parameter
alf_ticket="TICKET_WHICH_YOU_GET"
for further authentication.
Finally i resolved the issue by calling the login page url http://ip:port/share/page/ via Curl with login parameters(username and pwd)...I got JsessionId as response from curl...Now i took that JsessionId and set inside the browser...so wen u click http://ip:port/share/page/ the login page is bypassed
As per your suggestion, we are tried with below curl call but their is no JsessionId in response. can you please check and let me know the resolution
$post = [
'username' => 'user',
'password' => 'pass',
];
$ch = curl_init('http://ip:port/share/page/dologin/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
// execute!
$response = curl_exec($ch);
// close the connection, release resources used
curl_close($ch);
// do anything you want with your response
var_dump($response);
please suggest with the solution
I don't use javascript, so I'm completely new to it.
I have a link where I want to login per POST request. Just send a POST request with pre-defined correct login and password and get the data on the next page.
I'm using developer mode in Chrome to look on the requests sent by browser.
But when I type in correct combination of username and password, I don't see a single POST request, only GETs.
With incorrect username and password I'm able to see a POST request with following Form Data values:
xjxfun:_validateLogin
xjxr:1389197444586
xjxargs[]:<xjxobj>
<e><k>Username</k><v>SmyUsername</v></e>
<e><k>Password</k><v>SmyPassword</v></e>
<e><k>Autologin</k><v>S1</v></e>
<e><k>REFERER</k><v>Sdailyfield</v></e>
</xjxobj>
Here I typed in myUsername for Username and myPassword for Password.
My question is
What POST request do I need to send to this server to imitate form filling and submitting?
Thank you for answering. The best answer you can give is to describe the POST request with necessary data/headers/values, so that I can prove it fast in some REST client in browser
Here is the data I got sent from a valid login:
xjxfun:_validateLogin
xjxr:1389422948740
xjxargs[]:<xjxobj><e><k>Username</k><v>S<![CDATA[myemailhere]]></v></e><e><k>Password</k><v>Smypasswordhere</v></e><e><k>Autologin</k><v>S1</v></e><e><k>REFERER</k><v>Sdailyfield</v></e></xjxobj>
And this is what I got returned:
<?xml version="1.0" encoding="utf-8" ?><xjx><cmd cmd="js">Slocation.href = 'sudoku_des_tages.htm';</cmd></xjx>
By the way, this was a POST request.
I think the reason that you can only see GET requests, was because an HTTP redirect occurred on the server-side with your authentication details, and that request (as with all page requests) is a GET request, which is probably why you can only see GET requests with successful authentication.
Update: From what I understand, you are sending the values as header values (in others words, alongside Content-Type and the like), while you should send them in the post formdata. This is why you are finding your answer.
You can always use CURL :
$fields_string = '';
$url = "yourProceesfileURL";
$userdata = array(
'email' => youremail,
'password' => yourpassword
);
foreach ($userdata as $key => $value) {
$fields_string .= $key . '=' . $value . '&';
}
rtrim($fields_string, '&');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, count($userdata));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
$result = curl_exec($ch);
curl_close($ch);
:)
Note: This solution was suggested when the question was tagged with JavaScript and PHP and without Objective-C.
You can use JQuery to simulate the form filling like this:
$(function(){
$('#Username').val('MyUsername');
$('#Password').val('MyPassword');
$('input[type=submit]').trigger("click");
});
Working example here
First you want to set the values by getting the input element with his id and then setting his value. Once you finish updating all the requested values just trigger the submit button.
This will simulate you filling the form and submitting it. To do this automatically I would use PHP to get the content of the page and then firing the JQuery function:
echo file_get_contents("http://www.sudoku-knacker.de/anmeldung.htm?ref=dailyfield");
Hi im scraping a website cleartrip.com
I get the page info by this method :
$url = "http://www.cleartrip.com/m/flights/results?from=CCU&to=DEL&depart_date=22/06/2012&adults=1&childs=0&infants=0&dep_time=0&class=Economy&airline=&carrier=&x=57&y=16&flexi_search=no&tb=n";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, "android Mozilla/5.0 (Linux; U; Android 0.5; en-us)");
$curl_scraped_page = curl_exec($ch);
curl_close($ch);
Problem is i want those flights that have a stop ..............info is passed through post method but i don't know how i can get it?????
You'll probably need to search the DOM for the element containing the info you want. Probably through a regular expression.
$agent = "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)";
$ch=curl_init();
curl_setopt ($ch, CURLOPT_URL,$url );
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch,CURLOPT_VERBOSE,false);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch,CURLOPT_SSLVERSION,3);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST, FALSE);
$page=curl_exec($ch);
//echo curl_error($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
I'm using cUrl at my project. I'm getting HTTP CODE of web sites. But when i try "asdasd" ($url="asdasd") , returned HTTP CODE is 200 . But "asdasd" isn't a web site. Why HTTP CODE is 200 ?
You might want to check the return value from curl_exec first. It says in the manual:
Returns TRUE on success or FALSE on failure. However, if the CURLOPT_RETURNTRANSFER option is set, it will return the result on success, FALSE on failure.
For curl_getinfo there's a side note:
Information gathered by this function is kept if the handle is re-used. This means that unless a statistic is overridden internally by this function, the previous info is returned.
So that HTTP 200 might well be the result of a previous cURL invocation.
Another possible error can happen if you develop in local and you use custom managed DNS services, then you probably can get some managed error pages like OpenDNS is doing.