Loading index.php +59 −23 Original line number Diff line number Diff line Loading @@ -34,29 +34,54 @@ if ( in_array($apikey,$apikeys) == FALSE) { die("Invalid api key"); } // If there isn't an orgid then die if (isset($_GET['orgid']) == FALSE){ die("Please provide an orgid"); } // Get the api key the user is trying to use $orgid = $_GET['orgid']; // If they get here then they are allowed to be here // Get the $BASEURL, $USERNAME and $PASSWORD from a seprate file include "../logindetails.php"; // SU website is built using ASP.NET which is a kinda ok-ish // we need to scrape the login page and steal the __VIEWSTATE var then // post it back to it, it's basically a checksum+data of the entire page $ch0 = curl_init($BASEURL."/login/"); curl_setopt($ch0,CURLOPT_COOKIEJAR, "../logincookies"); curl_setopt($ch0,CURLOPT_FAILONERROR,TRUE); curl_setopt($ch0,CURLOPT_RETURNTRANSFER,TRUE); curl_setopt($ch0,CURLOPT_HEADER,TRUE); $loginhtml = curl_exec($ch0); curl_close($ch0); // Mad regex I stole off the internet to get the viewstate preg_match('/__VIEWSTATE\" value=\"(.*)\"/i', $loginhtml, $matches); $LOGINVIEWSTATE = rawurlencode($matches[1]); // Get the login cookie and store it as a file called cookies $ch1 = curl_init($BASEURL."/login/"); curl_setopt($ch1,CURLOPT_COOKIEJAR, "../cookies"); curl_setopt($ch1,CURLOPT_COOKIEFILE, "../logincookies"); //read from exisiting cookies curl_setopt($ch1,CURLOPT_COOKIEJAR, "../logedincookies"); //write to new cookie file curl_setopt($ch1,CURLOPT_FAILONERROR,TRUE); curl_setopt($ch1,CURLOPT_RETURNTRANSFER,TRUE); //Used to supress body output, tried with just HEAD request but that failed curl_setopt($ch1,CURLOPT_HEADER,TRUE); curl_setopt($ch1,CURLOPT_POSTFIELDS, "__EVENTTARGET=" . "&__EVENTARGUMENT=" . "&__VIEWSTATE=" . $LOGINVIEWSTATE . "&__VIEWSTATEGENERATOR=7CD7556D" . "&ctl00%24logincontrol%24UserName=" . $USERNAME . "&ctl00%24logincontrol%24Password=" . $PASSWORD . "&ctl00%24logincontrol%24btnLogin=Log+In" ); curl_exec($ch1); $loginhtml = curl_exec($ch1); curl_close($ch1); // Stuff for generating the dates $date = getdate(time()); // Anything before September is the previous academic year Loading @@ -68,21 +93,31 @@ if ($date['mon'] < 9) { $upperyear = $date['year'] + 1; } // If there isn't an orgid then die if (isset($_GET['orgid']) == FALSE){ die("Please provide an orgid"); } // Get the org id the user is trying to use $orgid = $_GET['orgid']; // SU website is built using ASP.NET which is a kinda ok-ish // we need to scrape the page and steal the __VIEWSTATE var then // post it back to it, it's basically a checksum+data of the entire page $ch2 = curl_init($BASEURL."/organisation/salesreports/${orgid}/"); curl_setopt($ch2, CURLOPT_COOKIEFILE, "../cookies"); curl_setopt($ch2,CURLOPT_COOKIEFILE, "../logedincookies"); //get the right session id to look at the page curl_setopt($ch2,CURLOPT_COOKIEJAR, "../reportCSRFcookies"); //save the new cookies with the anticsrf data to a new file curl_setopt($ch2,CURLOPT_FAILONERROR,TRUE); curl_setopt($ch2,CURLOPT_RETURNTRANSFER,TRUE); curl_setopt($ch2,CURLOPT_POSTFIELDS, curl_setopt($ch2,CURLOPT_HEADER,TRUE); $reportCSRFhtml = curl_exec($ch2); curl_close($ch2); // Mad regex I stole off the internet to get the viewstate preg_match('/__VIEWSTATE\" value=\"(.*)\"/i', $reportCSRFhtml, $matches); $REPORTVIEWSTATE = rawurlencode($matches[1]); $ch3 = curl_init($BASEURL."/organisation/salesreports/${orgid}/"); curl_setopt($ch3,CURLOPT_COOKIEFILE, "../reportCSRFcookies"); curl_setopt($ch3,CURLOPT_FAILONERROR,TRUE); curl_setopt($ch3,CURLOPT_RETURNTRANSFER,TRUE); curl_setopt($ch3,CURLOPT_POSTFIELDS, "__EVENTTARGET=ctl00%24ctl00%24Main%24AdminPageContent%24lbPurchasers" . "&__EVENTARGUMENT=" . "&__VIEWSTATE=" . $REPORTVIEWSTATE . "&__VIEWSTATEGENERATOR=9B3E427D" . "&ctl00%24ctl00%24Main%24AdminPageContent%24drDateRange%24txtFromDate=01%2F09%2F".$loweryear . "&ctl00%24ctl00%24Main%24AdminPageContent%24drDateRange%24txtFromTime=00%3A00" . Loading @@ -90,9 +125,8 @@ curl_setopt($ch2,CURLOPT_POSTFIELDS, "&ctl00%24ctl00%24Main%24AdminPageContent%24drDateRange%24txtToTime=00%3A00" . "&ctl00%24ctl00%24Main%24AdminPageContent%24ReportViewer1%24ctl09%24VisibilityState%24ctl00=ReportPage" ); $html = curl_exec($ch2); curl_close($ch2); $html = curl_exec($ch3); curl_close($ch3); //This is kind of like stopping someone who was using a big hammer and giving them a slightly better hammer. //(It should be more robust though) Loading @@ -110,15 +144,17 @@ foreach($dom->getElementsByTagName("script") as $script){ } } $ch3 = curl_init($BASEURL."${exportUrlBase}XML"); curl_setopt($ch3, CURLOPT_COOKIEFILE, "../cookies"); curl_setopt($ch3,CURLOPT_FAILONERROR,TRUE); curl_setopt($ch3,CURLOPT_RETURNTRANSFER,TRUE); $xml = curl_exec($ch3); curl_close($ch3); $ch4 = curl_init($BASEURL."${exportUrlBase}XML"); curl_setopt($ch4,CURLOPT_COOKIEFILE, "../reportCSRFcookies"); curl_setopt($ch4,CURLOPT_FAILONERROR,TRUE); curl_setopt($ch4,CURLOPT_RETURNTRANSFER,TRUE); $xml = curl_exec($ch4); curl_close($ch4); echo json_encode(@simplexml_load_string($xml)); //I hope this works consisentally //Clean up cookies, just to be safe unlink("../cookies"); unlink("../logincookies"); unlink("../logedincookies"); unlink("../reportCSRFcookies"); ?> Loading
index.php +59 −23 Original line number Diff line number Diff line Loading @@ -34,29 +34,54 @@ if ( in_array($apikey,$apikeys) == FALSE) { die("Invalid api key"); } // If there isn't an orgid then die if (isset($_GET['orgid']) == FALSE){ die("Please provide an orgid"); } // Get the api key the user is trying to use $orgid = $_GET['orgid']; // If they get here then they are allowed to be here // Get the $BASEURL, $USERNAME and $PASSWORD from a seprate file include "../logindetails.php"; // SU website is built using ASP.NET which is a kinda ok-ish // we need to scrape the login page and steal the __VIEWSTATE var then // post it back to it, it's basically a checksum+data of the entire page $ch0 = curl_init($BASEURL."/login/"); curl_setopt($ch0,CURLOPT_COOKIEJAR, "../logincookies"); curl_setopt($ch0,CURLOPT_FAILONERROR,TRUE); curl_setopt($ch0,CURLOPT_RETURNTRANSFER,TRUE); curl_setopt($ch0,CURLOPT_HEADER,TRUE); $loginhtml = curl_exec($ch0); curl_close($ch0); // Mad regex I stole off the internet to get the viewstate preg_match('/__VIEWSTATE\" value=\"(.*)\"/i', $loginhtml, $matches); $LOGINVIEWSTATE = rawurlencode($matches[1]); // Get the login cookie and store it as a file called cookies $ch1 = curl_init($BASEURL."/login/"); curl_setopt($ch1,CURLOPT_COOKIEJAR, "../cookies"); curl_setopt($ch1,CURLOPT_COOKIEFILE, "../logincookies"); //read from exisiting cookies curl_setopt($ch1,CURLOPT_COOKIEJAR, "../logedincookies"); //write to new cookie file curl_setopt($ch1,CURLOPT_FAILONERROR,TRUE); curl_setopt($ch1,CURLOPT_RETURNTRANSFER,TRUE); //Used to supress body output, tried with just HEAD request but that failed curl_setopt($ch1,CURLOPT_HEADER,TRUE); curl_setopt($ch1,CURLOPT_POSTFIELDS, "__EVENTTARGET=" . "&__EVENTARGUMENT=" . "&__VIEWSTATE=" . $LOGINVIEWSTATE . "&__VIEWSTATEGENERATOR=7CD7556D" . "&ctl00%24logincontrol%24UserName=" . $USERNAME . "&ctl00%24logincontrol%24Password=" . $PASSWORD . "&ctl00%24logincontrol%24btnLogin=Log+In" ); curl_exec($ch1); $loginhtml = curl_exec($ch1); curl_close($ch1); // Stuff for generating the dates $date = getdate(time()); // Anything before September is the previous academic year Loading @@ -68,21 +93,31 @@ if ($date['mon'] < 9) { $upperyear = $date['year'] + 1; } // If there isn't an orgid then die if (isset($_GET['orgid']) == FALSE){ die("Please provide an orgid"); } // Get the org id the user is trying to use $orgid = $_GET['orgid']; // SU website is built using ASP.NET which is a kinda ok-ish // we need to scrape the page and steal the __VIEWSTATE var then // post it back to it, it's basically a checksum+data of the entire page $ch2 = curl_init($BASEURL."/organisation/salesreports/${orgid}/"); curl_setopt($ch2, CURLOPT_COOKIEFILE, "../cookies"); curl_setopt($ch2,CURLOPT_COOKIEFILE, "../logedincookies"); //get the right session id to look at the page curl_setopt($ch2,CURLOPT_COOKIEJAR, "../reportCSRFcookies"); //save the new cookies with the anticsrf data to a new file curl_setopt($ch2,CURLOPT_FAILONERROR,TRUE); curl_setopt($ch2,CURLOPT_RETURNTRANSFER,TRUE); curl_setopt($ch2,CURLOPT_POSTFIELDS, curl_setopt($ch2,CURLOPT_HEADER,TRUE); $reportCSRFhtml = curl_exec($ch2); curl_close($ch2); // Mad regex I stole off the internet to get the viewstate preg_match('/__VIEWSTATE\" value=\"(.*)\"/i', $reportCSRFhtml, $matches); $REPORTVIEWSTATE = rawurlencode($matches[1]); $ch3 = curl_init($BASEURL."/organisation/salesreports/${orgid}/"); curl_setopt($ch3,CURLOPT_COOKIEFILE, "../reportCSRFcookies"); curl_setopt($ch3,CURLOPT_FAILONERROR,TRUE); curl_setopt($ch3,CURLOPT_RETURNTRANSFER,TRUE); curl_setopt($ch3,CURLOPT_POSTFIELDS, "__EVENTTARGET=ctl00%24ctl00%24Main%24AdminPageContent%24lbPurchasers" . "&__EVENTARGUMENT=" . "&__VIEWSTATE=" . $REPORTVIEWSTATE . "&__VIEWSTATEGENERATOR=9B3E427D" . "&ctl00%24ctl00%24Main%24AdminPageContent%24drDateRange%24txtFromDate=01%2F09%2F".$loweryear . "&ctl00%24ctl00%24Main%24AdminPageContent%24drDateRange%24txtFromTime=00%3A00" . Loading @@ -90,9 +125,8 @@ curl_setopt($ch2,CURLOPT_POSTFIELDS, "&ctl00%24ctl00%24Main%24AdminPageContent%24drDateRange%24txtToTime=00%3A00" . "&ctl00%24ctl00%24Main%24AdminPageContent%24ReportViewer1%24ctl09%24VisibilityState%24ctl00=ReportPage" ); $html = curl_exec($ch2); curl_close($ch2); $html = curl_exec($ch3); curl_close($ch3); //This is kind of like stopping someone who was using a big hammer and giving them a slightly better hammer. //(It should be more robust though) Loading @@ -110,15 +144,17 @@ foreach($dom->getElementsByTagName("script") as $script){ } } $ch3 = curl_init($BASEURL."${exportUrlBase}XML"); curl_setopt($ch3, CURLOPT_COOKIEFILE, "../cookies"); curl_setopt($ch3,CURLOPT_FAILONERROR,TRUE); curl_setopt($ch3,CURLOPT_RETURNTRANSFER,TRUE); $xml = curl_exec($ch3); curl_close($ch3); $ch4 = curl_init($BASEURL."${exportUrlBase}XML"); curl_setopt($ch4,CURLOPT_COOKIEFILE, "../reportCSRFcookies"); curl_setopt($ch4,CURLOPT_FAILONERROR,TRUE); curl_setopt($ch4,CURLOPT_RETURNTRANSFER,TRUE); $xml = curl_exec($ch4); curl_close($ch4); echo json_encode(@simplexml_load_string($xml)); //I hope this works consisentally //Clean up cookies, just to be safe unlink("../cookies"); unlink("../logincookies"); unlink("../logedincookies"); unlink("../reportCSRFcookies"); ?>
