PHP cURL: No error but impossible to login in submit form

Question

First, sorry for my english. I have read for a long time the other answers for this argument, but without success.

I want to login on "https://webapp.wizards.com" to download a page, but in output I obtain the login page (and no error!).

Thank you!

This is the login form:

<form name="loginform" id="loginform" action="login.aspx" method="POST">
<input type="hidden" name="target" value=""><BR>
<table cellpadding="0" cellspacing="0" class="boxsearch">
    <tr>
        <td align="left" class="boxtitles" width="355">Member Login</td>
    </tr>
    <tr>
        <td align="center" width="355" height="45">
            <table cellpadding="2" cellspacing="2" align="center" valign="middle" width="355">
                <tr>
                    <td align="right">Membership #:</td>
                    <td align="left">
                        <input type="text" name="dcinumber" id="dcinumber" value="" maxlength="10">
                    </td>
                </tr>
                <tr>
                    <td align="right">Password: </td>
                    <td align="left">
                        <input type="password" name="password" id="password" value="">
                    </td>
                </tr>
                <tr>
                    <td align="center" colspan="2">
                        <input type="button" name="submitlogin" id="submitlogin" class="submitbutton" value="Login" onclick="document.loginform.submit();">
                    </td>
                </tr>
            </table>
        </td>
    </tr>
</table>
<input type="hidden" name="action" id="action" value="login">

And this my php code:

$cookie_path = "cookie.txt";    
$user = "my_user";    
$password = "my_password";    
$url_login = "https://webapp.wizards.com/login.aspx";

$con = curl_init();    
curl_setopt($con, CURLOPT_URL, $url_login);    
curl_setopt($con, CURLOPT_RETURNTRANSFER, true);    
curl_setopt($con, CURLOPT_SSL_VERIFYPEER, false);    
curl_setopt($con, CURLOPT_POST, true);    
curl_setopt($con, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)");    
curl_setopt($con, CURLOPT_COOKIEJAR, $cookie_path);    
curl_setopt($con, CURLOPT_COOKIEFILE, $cookie_path);    
curl_setopt($con, CURLOPT_FOLLOWLOCATION, true);    
curl_setopt($con, CURLOPT_COOKIESESSION, true);    
curl_setopt($con, CURLOPT_POSTFIELDS, array("dcinumber" => $user, "password" => $password));    
$data = curl_exec($con);    

if($data == false)    
{    
    echo 'Error: ' . curl_error($con);    
    curl_close($con);    
}    
else    
{        
    echo $data;    
    curl_close($con);    
}  

Answer 1

When dealing remote form posts it is a really good idea to use a network sniffing tool so that you can see the communication taking place. For example in Chrome you could use: Developer Tools -> Network -> Documents, to view what is happening as you submit the form.

By sniffing the login form at ttps://webapp.wizards.com/login.aspx I can see the following posted parameters:

target: 
dcinumber: 
password: 
action:login

If your request does not contain these parameters it is very possible that the web application will throw back your request (by rendering the page again with an error message). This is why you see the login page in your result.

So your post fields should look more like this:

array("dcinumber" =>$user, "password" => $password, 'target' => $target, 'action' => 'login')