Runescape Login API?

So I'm working on a project to be able to sorta have a simplified runescape.com control panel. Good especially for security purposes like account management functions, high scores, quick password change / reset for security etc.... I'm trying to make it log in through php through postdata.

My only problem I have run into is logging in through php
just ahead of time, I have already searched all over the forums and google for a working function.

Example:

Log in through this page which is the main log in
https://secure.runescape.com/m=weblogin/loginform.ws?mod=www&ssl=0&dest=title.ws

When logging in and monitoring Tamper Data This is the post data. I have tried implementing it in URL form in multiple ways but i still have not been able to complete a log in this way.

POSTDATA=username=*****&password=*****&mod=www&ssl=0&dest=title.ws

Replace the stars with your user name and password of course

So yeah any help with this?

Thanks ahead of time

Im on msn if you wanna help. I guess I could get you in on what im working on or something if interested.

Current code in use

Code:

<?php

$username = $_POST['username'];
$password = $_POST['password'];

header ('Location: https://secure.runescape.com/m=weblogin/login.ws?username='.$username.'&password='.$password.'&mod=www&ssl=0&dest=title.ws ');

exit;
?>

aftermath

 

As I recall the Runescape Login thing for other site services is a Java Applet and not an HTML/CGI thing.

Pretty sure it would be impossible to write an abstraction or wrapper for it.

 

No, the runescape login is (currently) an HTML form.

I (quickly) made a little thing in java to post the data to the server and it seemed to work fine (got to the Login Successful page, etc). The HTML form has the additional parameter "rem" with a value of "1," however I doubt that this makes a difference, since after omitting it, I achieved the same successful result.

I have to assume then that the problem lies with your code, rather then the method by which you're approaching this. Could you post the actual code that you're using to POST the login data to the runescape server?

 

Code:

<?php

$username = $_POST['username'];
$password = $_POST['password'];

header ('Location: https://secure.runescape.com/m=weblogin/login.ws?username='.$username.'&password='.$password.'&mod=www&ssl=0&dest=title.ws ');

exit;
?>

Im always getting sent here although the information matches my real RS account when entered through the url once it submits

 

^You're confusing GET data with POST data. POST data isn't appended to the URL, it's sent to the server.

In response to your request for the source of the little thing I made:

Code:

import java.io.*;
import java.net.*;

public class LoginTest
{

    public static void main(String[] args) throws Exception
    {
        String[][] postVars = {
            {
                "username", "" //username here
            },
            {
                "password", "" //password here
            },
            {
                "rem", "1"
            },
            {
                "mod", "www"
            },
            {
                "ssl", "0"
            },
            {
                "dest", "title.ws"
            }
        };

        URL postURL = new URL("https://secure.runescape.com/m=weblogin/login.ws");
        URLConnection postURLConnect = postURL.openConnection();
        postURLConnect.setDoOutput(true);

        OutputStreamWriter out = new OutputStreamWriter(postURLConnect.getOutputStream());
        for(String[] postVar : postVars)
            out.write(postVar[0] + "=" + postVar[1] + "&");
        out.flush();
        out.close();

        InputStream in = postURLConnect.getInputStream();
        OutputStream fout = new FileOutputStream(new File("out.txt"));
        int i;
        byte[] buff = new byte[1024];
        while((i = in.read(buff)) != -1)
        {
            fout.write(buff, 0, i);
        }
        fout.close();
    }

}

 

can be done very easly you need to look into php and the function curl

 

I have a similar problem. I already used cURL and everything, but i get 404 (if i remove the GET parameters from the cURL URL) or Incorrect pass.

Here's my current code:

Code:

$URL="https://secure.runescape.com/m=weblogin/login.ws?mod=forum&ssl=0&dest=login.ws";
$post_array = array(
  'username' => $username,
  'password' => $password,
  'mod' => 'forum',
  'ssl' => '0',
  'dest' => 'login.ws'
  );
$main = curl_post($URL, $post_array);
echo $main;
exit;

I use this function for curl:

Code:

/**
 * Send a POST requst using cURL
 * @param string $url to request
 * @param array $post values to send
 * @param array $options for cURL
 * @return string
 */
function curl_post($url, array $post = NULL, array $options = array())
{
    $defaults = array(
        CURLOPT_POST => 1,
        CURLOPT_HEADER => 0,
        CURLOPT_URL => $url,
        CURLOPT_FRESH_CONNECT => 1,
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_FORBID_REUSE => 1,
        CURLOPT_TIMEOUT => 4,
        CURLOPT_POSTFIELDS => http_build_query($post)
    );

    $ch = curl_init();
	curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
	curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); 
    curl_setopt_array($ch, ($options + $defaults));
    if( ! $result = curl_exec($ch))
    {
        trigger_error(curl_error($ch));
    }
    curl_close($ch);
    return $result;
} 

 

They must conform to the http spec regardless of whether they use ror, java, asp, php whatever. You're on the right tracks by using cURL - you should NEVER use Header() for such purposes.
I'm curious first off by what you plan to do with this control panel? A lot of the data is outputted through an applet so you wont be able to do as much as you'd like I imagine.. Not without a lot of work, anyway.
Secondly, what errors are you getting with using cURL?

 

Another thing to remember is that most browsers have strict XSS policies.

The easiest way to circumvent this nowadays is by using browser-specific add-ons such as Firefox Addons or Chrome Extensions.


This post may seem useless now, but you're definitely going to run into some XSS-related issues later.