Automating login through php & curl - issue possibly due to __VIEWSTATE

I am trying to automate the login process for the site: winpossible.com. The site is running on .NET and expects the VIEWSTATE variable to be appropriately set and that is what is most probably tripping up the login function?

<?php

$username=urlencode('<something>');
$password="<something>";
$cookie="<cookie_file>";

$viewstate="...";
$postdata="__EVENTARGUMENT=&__EVENTTARGET=&__VIEWSTATE=$viewstate&_ctl0%3AContentPlaceHolder1%3APassword=$password&_ctl0%3AContentPlaceHolder1%3AUserName=$username&_ctl0%3AContentPlaceHolder1%3AbtnLogin.x=0&_ctl0%3AContentPlaceHolder1%3AbtnLogin.y=0";

$ch = curl_init();

$headers = 'Connection: Keep-Alive';

// First go to the home-page
curl_setopt($ch, CURLOPT_URL,"http://www.winpossible.com/");
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result0 = curl_exec ($ch);
echo "Hi there - results of hitting the home-page\n";
echo $result0;

// Now try the login
curl_setopt($ch, CURLOPT_URL,"http://www.winpossible.com/LoginCheck.aspx");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HT开发者_如何学CTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_REFERER, 'http://www.winpossible.com/Login.aspx');
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_POST, 1);

$result = curl_exec ($ch);
echo $result;


// Now access my-account
curl_setopt($ch, CURLOPT_URL, "http://www.winpossible.com/");
$result2 = curl_exec ($ch);
echo $result2;

curl_close($ch);
// unlink($cookie);
exit;
?>

---

i've done similar stuff in php and everything seems fine, so try these:

• use curl_close after every curl_exec
• check if post_datat is correctly
• encoded remove ssl options(I've never used them, so I'm not sure)

are you sure there isn't any token or dynamic stuff in login? looking at source I've seen this

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="LGwSEpu70f..." /></form>

if that's the problem you'll have to isolate it with a regex and send it as post parameter