 |
01-10-2011, 02:31 AM
|
|
Active Member
BANNED
|
|
Join Date: Mar 2008
Posts: 187
|
|
Runescape Login API?
So I'm working on a project to be able to sorta have a simplified runescape.com control panel. Good especially for security purposes like account management functions, high scores, quick password change / reset for security etc.... I'm trying to make it log in through php through postdata.
My only problem I have run into is logging in through php
just ahead of time, I have already searched all over the forums and google for a working function.
Example:
Log in through this page which is the main log in
https://secure.runescape.com/m=weblo...&dest=title.ws
When logging in and monitoring Tamper Data This is the post data. I have tried implementing it in URL form in multiple ways but i still have not been able to complete a log in this way.
POSTDATA=username=*****&password=*****&mod=www&ssl =0&dest=title.ws
Replace the stars with your user name and password of course
So yeah any help with this?
Thanks ahead of time
Im on msn if you wanna help. I guess I could get you in on what im working on or something if interested.
Current code in use
Code:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
header ('Location: https://secure.runescape.com/m=weblogin/login.ws?username='.$username.'&password='.$password.'&mod=www&ssl=0&dest=title.ws ');
exit;
?>
aftermath
Last edited by Sidd : 01-11-2011 at 03:59 AM.
|
01-10-2011, 01:16 PM
|
|
This is the legitimate alternate account of a staff member.
|
|
Join Date: Jan 2011
Posts: 30
|
|
Re: Runescape Login API?
As I recall the Runescape Login thing for other site services is a Java Applet and not an HTML/CGI thing.
Pretty sure it would be impossible to write an abstraction or wrapper for it.
__________________
I use this account when I am on my mobile device, or a location where accessing my main account would be inconvienient or unsafe.
If you need to contact me, please send a private message to my main account and not this one.
|
01-11-2011, 02:17 AM
|
 |
Leecher
|
|
Join Date: Jun 2008
Location: Southern California
Posts: 2,359
|
|
Re: Runescape Login API?
Quote:
Originally Posted by SMRAlt
As I recall the Runescape Login thing for other site services is a Java Applet and not an HTML/CGI thing.
Pretty sure it would be impossible to write an abstraction or wrapper for it.
|
No, the runescape login is (currently) an HTML form.
I (quickly) made a little thing in java to post the data to the server and it seemed to work fine (got to the Login Successful page, etc). The HTML form has the additional parameter "rem" with a value of "1," however I doubt that this makes a difference, since after omitting it, I achieved the same successful result.
I have to assume then that the problem lies with your code, rather then the method by which you're approaching this. Could you post the actual code that you're using to POST the login data to the runescape server? |
01-11-2011, 03:55 AM
|
|
Active Member
BANNED
|
|
Join Date: Mar 2008
Posts: 187
|
|
Re: Runescape Login API?
Code:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
header ('Location: https://secure.runescape.com/m=weblogin/login.ws?username='.$username.'&password='.$password.'&mod=www&ssl=0&dest=title.ws ');
exit;
?>
Im always getting sent here although the information matches my real RS account when entered through the url once it submits
Last edited by Sidd : 01-11-2011 at 03:59 AM.
|
01-11-2011, 08:41 PM
|
|
Leecher
|
|
Join Date: Jun 2008
Location: Southern California
Posts: 2,359
|
|
Re: Runescape Login API?
^You're confusing GET data with POST data. POST data isn't appended to the URL, it's sent to the server.
In response to your request for the source of the little thing I made:
Code:
import java.io.*;
import java.net.*;
public class LoginTest
{
public static void main(String[] args) throws Exception
{
String[][] postVars = {
{
"username", "" //username here
},
{
"password", "" //password here
},
{
"rem", "1"
},
{
"mod", "www"
},
{
"ssl", "0"
},
{
"dest", "title.ws"
}
};
URL postURL = new URL("https://secure.runescape.com/m=weblogin/login.ws");
URLConnection postURLConnect = postURL.openConnection();
postURLConnect.setDoOutput(true);
OutputStreamWriter out = new OutputStreamWriter(postURLConnect.getOutputStream());
for(String[] postVar : postVars)
out.write(postVar[0] + "=" + postVar[1] + "&");
out.flush();
out.close();
InputStream in = postURLConnect.getInputStream();
OutputStream fout = new FileOutputStream(new File("out.txt"));
int i;
byte[] buff = new byte[1024];
while((i = in.read(buff)) != -1)
{
fout.write(buff, 0, i);
}
fout.close();
}
}
Last edited by Jimmy : 01-11-2011 at 08:41 PM.
|
01-24-2011, 06:14 PM
|
 |
Active Member
|
|
Join Date: Aug 2010
Posts: 131
|
|
Re: Runescape Login API?
can be done very easly you need to look into php and the function curl  |
02-13-2011, 07:18 PM
|
|
Newcomer
BANNED
|
|
Join Date: Feb 2011
Posts: 23
|
|
Re: Runescape Login API?
I have a similar problem. I already used cURL and everything, but i get 404 (if i remove the GET parameters from the cURL URL) or Incorrect pass.
Here's my current code:
Code:
$URL="https://secure.runescape.com/m=weblogin/login.ws?mod=forum&ssl=0&dest=login.ws";
$post_array = array(
'username' => $username,
'password' => $password,
'mod' => 'forum',
'ssl' => '0',
'dest' => 'login.ws'
);
$main = curl_post($URL, $post_array);
echo $main;
exit;
I use this function for curl:
Code:
/**
* Send a POST requst using cURL
* @param string $url to request
* @param array $post values to send
* @param array $options for cURL
* @return string
*/
function curl_post($url, array $post = NULL, array $options = array())
{
$defaults = array(
CURLOPT_POST => 1,
CURLOPT_HEADER => 0,
CURLOPT_URL => $url,
CURLOPT_FRESH_CONNECT => 1,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_FORBID_REUSE => 1,
CURLOPT_TIMEOUT => 4,
CURLOPT_POSTFIELDS => http_build_query($post)
);
$ch = curl_init();
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt_array($ch, ($options + $defaults));
if( ! $result = curl_exec($ch))
{
trigger_error(curl_error($ch));
}
curl_close($ch);
return $result;
}
Last edited by FuglyNerd : 02-13-2011 at 07:19 PM.
|
02-23-2011, 12:22 PM
|
|
Newcomer
|
|
Join Date: Feb 2011
Posts: 19
|
|
Re: Runescape Login API?
They must conform to the http spec regardless of whether they use ror, java, asp, php whatever. You're on the right tracks by using cURL - you should NEVER use Header() for such purposes.
I'm curious first off by what you plan to do with this control panel? A lot of the data is outputted through an applet so you wont be able to do as much as you'd like I imagine.. Not without a lot of work, anyway.
Secondly, what errors are you getting with using cURL?
|
03-01-2011, 02:53 AM
|
|
Active Member
|
|
Join Date: Jul 2005
Posts: 248
|
|
Re: Runescape Login API?
Another thing to remember is that most browsers have strict XSS policies.
The easiest way to circumvent this nowadays is by using browser-specific add-ons such as Firefox Addons or Chrome Extensions.
This post may seem useless now, but you're definitely going to run into some XSS-related issues later. |
|
|
Runescape Login API?
Linear Mode
