Facebook Remote Status Update with PHP/cURL Bot

Facebook login form

** The script in this post no longer working properly. I have updated the script and posted at New and Updated! Facebook Remote Status Update with PHP/cURL Bot  **

 

In previous posts, the discussion is mainly focus on getting web page source file and perform scraping to the text file. In this post, I will show you how I use PHP/cURL to login into Facebook account and post status update at Facebook wall. Once we know how to remote posting using PHP/cURL, we can do many things such as auto posting comment into forum or blog, fill up contact form and send email to our target, login to website and pull out information we need.

For this test case, I am using XAMPP in the PC and login to Facebook mobile interface which is much simpler than its desktop version. You can try to compare Facebook login source file for both desktop and mobile version.

From the browser, go to http://m.facebook.com and there is only one login form.

Note: Check out the sample code at bottom of this article.

Facebook login form

View the source file from Facebook http://m.facebook.com and you can find the login form like this:

<form method="post" class="mobile-login-form _5spm" id="login_form" novalidate="1" action="https://m.facebook.com/login.php?refsrc=https%3A%2F%2Fm.facebook.com%2F&amp;refid=8"><input type="hidden" name="lsd" value="AVoWv8Td" autocomplete="off" /><input type="hidden" name="charset_test" value="€,´,€,´,?,?,?" /><input type="hidden" name="version" value="1" /><input type="hidden" id="ajax" name="ajax" value="0" /><input type="hidden" id="width" name="width" value="0" /><input type="hidden" id="pxr" name="pxr" value="0" /><input type="hidden" id="gps" name="gps" value="0" /><input type="hidden" autocomplete="off" name="m_ts" value="1391231421" /><input type="hidden" autocomplete="off" name="li" value="vYHsUnvLbcJp7jvZLQLAYtHp" /><input type="hidden" autocomplete="off" name="signup_layout" value="layout|lower_subdued_button||s_btn|special||l_btn|confirm||signupinstr||logininstr||st|create||launched_Jan9" /><div class="_56be _5sob"><div class="_55wo _55x2 _56bf"><input autocorrect="off" autocapitalize="off" class="_56bg _55ws _5ruq" name="email" placeholder="Email or Phone" type="text" /><input autocorrect="off" autocapitalize="off" class="_56bg _55ws _5ruq" placeholder="Password" name="pass" type="password" /><div class="_55ws"><button type="submit" value="Log In" class="touchable _56bs _56b_ _56bw _56bu" name="login" data-sigil="touchable"><span class="_55sr">Log In</span></button></div></div></div><div class="_52jj _5t3b"><a class="touchable _56bs _5t3b _56bw _56bv" href="/r.php?refid=8" role="button" data-sigil="touchable"><span class="_55sr">Create New Account</span></a></div><noscript><input type="hidden" autocomplete="off" name="_fb_noscript" value="true" /></noscript></form>

 

We need to get the login URL and form fields for posting using PHP/cURL. The important information we need looks like this after some arrangement:

<form method="post" class="mobile-login-form _5spm" id="login_form" novalidate="1" action="https://m.facebook.com/login.php?refsrc=https%3A%2F%2Fm.facebook.com%2F&amp;refid=8">

<input type="hidden" name="lsd" value="AVoWv8Td" autocomplete="off" />
<input type="hidden" name="charset_test" value="€,´,€,´,?,?,?" />
<input type="hidden" name="version" value="1" />
<input type="hidden" id="ajax" name="ajax" value="0" />
<input type="hidden" id="width" name="width" value="0" />
<input type="hidden" id="pxr" name="pxr" value="0" />
<input type="hidden" id="gps" name="gps" value="0" />
<input type="hidden" autocomplete="off" name="m_ts" value="1391231421" />
<input type="hidden" autocomplete="off" name="li" value="vYHsUnvLbcJp7jvZLQLAYtHp" />
<input type="hidden" autocomplete="off" name="signup_layout" value="layout|lower_subdued_button||s_btn|special||l_btn|confirm||signupinstr||logininstr||st|create||launched_Jan9" />
<input autocorrect="off" autocapitalize="off" class="_56bg _55ws _5ruq" name="email" placeholder="Email or Phone" type="text" />
<input autocorrect="off" autocapitalize="off" class="_56bg _55ws _5ruq" placeholder="Password" name="pass" type="password" />
<input type="hidden" autocomplete="off" name="_fb_noscript" value="true" />
</form>

 

We need to extract out URL from "action" field, as well as "name" and value". We should ignore other HTML tags.

File fbform.php

<?php
define('FB','https://m.facebook.com');
define('FORM','~<form method="post" (.*?)</form>~s');
define('ACTION','~action=(?:["\'])?([^"\'\s]*)~i');
define('INPUT','~<input(.*?)>~');
define('NAME','~name=(?:["\'])?([^"\'\s]*)~i');
define('VALUE','~value=(?:["\'])?([^"\'\s]*)~i');

class FBform extends HttpCurl	{
private $_url;
private $_inputs = array();

public function __construct() 	{}	 	
public function __destruct()	{}
	
public function fbLogin($username, $password) {
	unset ($this->_inputs);
	unset ($this->_url);	
	$this->getFormFields();
	$this->_inputs['email']=$username;
	$this->_inputs['pass']=$password;
	$post_field = $this->arrayImplode( '=', '&', $this->_inputs);
	$this->post($this->_url,  $post_field);
}
	
public function fbStatusUpdate($status) {
	unset ($this->_inputs);
	unset ($this->_url);	
	$this->getFormFields();
	$this->_inputs['status']=$status;
	$this->_url = FB . $this->_url;
	$post_field = $this->arrayImplode( '=', '&', $this->_inputs);
	$this->post($this->_url,  $post_field);
}
	
public function arrayImplode( $glue, $separator, $array ) {
	$string = array();
	foreach ( $array as $key => $val ) {
		if ( is_array( $val ) )
		$val = implode( ',', $val );
		$string[] = "{$key}{$glue}{$val}";
	}
	return implode( $separator, $string );
}

public function getFormFields() {
	if (preg_match(FORM, parent::getBody(), $form)) {
		preg_match(ACTION, $form[0], $action); 
		$this->_url= $action[1];
		preg_match_all(INPUT, $form[0], $fields); 	
		
		foreach ($fields[0] as $field) {
			if (preg_match(NAME, $field, $name)) {
				$name = $name[1];
                $value = '';

			if (preg_match(VALUE, $field, $value))	$value = $value[1];

			if ($value!=NULL) 	 $this->_inputs[$name] = $value;			
			}
		}		
		return $this->_inputs;	
		} else {
		echo "Error, Form not found!";  }
	}		
}

?>

 

The function getFormFields() will return extracted form URL and fields. Sample output of getFormFields:

Array
(
    [fb_dtsg] => AQDUz9bF
    [charset_test] => €,´,€,´,水,Д,Є
    [update] => Share
    [privacy] => {"row_created_time":1391497489,"row_updated_time":1390724300,"value":80,"owner":100007586291391,"_pmc_":1391497489,"friends":0,"lists_anon":[],"ids_anon":[],"lists_x_anon":[],"ids_x_anon":[],"tdata":[],"lists":[],"lists_x":[],"objects":[],"no_tag_expansion":0}
)

 

To get source file from Facebook, login and post status, we need to keep track of cookie file from Facebook.

File httpcurl.php

<?php
 
 // Class HttpCurl
class HttpCurl {
    private $_ch, $_cookie, $_info, $_body, $_error;
      
    public function __construct() {
        if (!function_exists('curl_init')) {
            throw new Exception('cURL not enabled!');
        } 
    }
  
    public function get($url) {
        $this->_ch = curl_init();
	curl_setopt($this->_ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; rv:22.0) Gecko/20100101 Firefox/22.0');
	curl_setopt($this->_ch, CURLOPT_POST, 0);		
        curl_setopt($this->_ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($this->_ch, CURLOPT_MAXREDIRS, 5);   
        curl_setopt($this->_ch, CURLOPT_RETURNTRANSFER, TRUE);
        curl_setopt($this->_ch, CURLOPT_COOKIEFILE, getcwd () . '/facebook_cookie' );
        curl_setopt($this->_ch, CURLOPT_COOKIEJAR, getcwd () . '/facebook_cookie' );	
	curl_setopt($this->_ch, CURLOPT_SSL_VERIFYPEER, false );
        curl_setopt($this->_ch, CURLOPT_SSL_VERIFYHOST, false );		
        curl_setopt($this->_ch, CURLOPT_URL, $url);
        $this->_body = curl_exec($this->_ch);
        $this->_info  = curl_getinfo($this->_ch);
        $this->_error = curl_error($this->_ch);
        curl_close($this->_ch);    		
    }
	
    public function post($url,  $post_data) {
        $this->_ch = curl_init();
	curl_setopt($this->_ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; rv:22.0) Gecko/20100101 Firefox/22.0');	
        curl_setopt($this->_ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($this->_ch, CURLOPT_MAXREDIRS, 5);
        curl_setopt($this->_ch, CURLOPT_HEADER, 0);	
        curl_setopt($this->_ch, CURLOPT_RETURNTRANSFER, TRUE);
	curl_setopt($this->_ch, CURLOPT_SSL_VERIFYPEER, false );
        curl_setopt($this->_ch, CURLOPT_SSL_VERIFYHOST, false );
        curl_setopt($this->_ch, CURLOPT_ENCODING, "" );	
	curl_setopt($this->_ch, CURLOPT_POST, TRUE);
	curl_setopt($this->_ch, CURLOPT_POSTFIELDS, $post_data);
        curl_setopt($this->_ch, CURLOPT_COOKIEFILE, getcwd () . '/facebook_cookie' );
        curl_setopt($this->_ch, CURLOPT_COOKIEJAR, getcwd () . '/facebook_cookie' );		
        curl_setopt($this->_ch, CURLOPT_URL, $url);
        $this->_body = curl_exec($this->_ch);
        $this->_info  = curl_getinfo($this->_ch);
        $this->_error = curl_error($this->_ch);
	curl_close($this->_ch);  		
    }	
  
	// Get http_code
    public function getStatus() {
        return $this->_info[http_code];
    }
      
	// Get web page header information
    public function getHeader() {
        return $this->_info;
    }
     public function getHandle() {
        return $this->_ch;
    } 
	// Get web page content
    public function getBody() {
        return $this->_body;
    }
      
    public function __destruct() {
    } 		
	
}
  
?>

 

The cookie file will be store in the same directory with our script. You can file cookie in text file format named "facebook_cookie.txt".

To run the script, execute fbautopost.php.

<?php
include 'httpcurl.php';
include 'fbform.php';

$fbhomepage = 'http://m.facebook.com';
$username = "xxxxxxxx";   // Insert your Facebook login email
$password = "xxxxxxx";    //Insert your Facebook password
$status = "This is my script on remote status update with php/cURL on Facebook! Check it out at http://php8legs.com! ";

$pages = new FBform();
$pages->get($fbhomepage);  
$pages->fblogin($username, $password);
$pages->get($fbhomepage);
$pages->fbstatusupdate($status);
?>

 

First, we request for Facebook mobile main page http://m.facebook.com and will be redirected to https://m.facebook.com/?_rdr. We set cURL options to 

        curl_setopt($this->_ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($this->_ch, CURLOPT_MAXREDIRS, 5);  

 

Then we call $pages->fblogin($username, $password) to login Facebook with cURL.

 

Facebook auto login

 

After successful login, we have two forms, one is Status Update box and another Search box. Look for Status Update form from the source file,

<form method="post" class="composer_form" id="composer_form" action="/a/home.php?refid=8"><input type="hidden" name="fb_dtsg" value="AQArDqOT" autocomplete="off" /><input type="hidden" name="charset_test" value="€,´,€,´,水,Д,Є" /><table cellspacing="0" cellpadding="0" class="comboInput"><tr><td class="inputPic"><a href="/chinhock.tan.35?refid=8"><img src="https://fbcdn-profile-a.akamaihd.net/hprofile-ak-frc1/t1/c14.0.47.47/s40x40/252231_1002029915278_1941483569_t.jpg" width="40" class="profpic img" alt="Chin Hock Tan" /></a></td><td class="inputCell"><textarea class="input composerInput composerInputSmall composerInputWithPic" id="composerInput" name="status" rows="2" cols="15" data-sigil="textarea"></textarea></td><td class="btnCell"><input value="Share" type="submit" name="update" class="_56bs _5of- _56bu" data-sigil="composer-submit" /></td></tr></table><input type="hidden" name="target" /><span class="mfss fcg"><span>Posting to:&nbsp;<a href="/privacy/selector/?redir=%2Fcomposer%2F%3Fsbu%3D%252Fa%252Fhome.php%26fin%3Dstatus%26hash%3DAZsI791q6XyciNux&amp;gfid=AQCrhPbFnPplNYXS&amp;refid=8"><span><img src="https://fbstatic-a.akamaihd.net/rsrc.php/v2/yp/r/--soLpMIbaJ.png" width="10" height="11" class="advancedComposerPrivacyLinkIcon img" />&nbsp;<span class="fcg">Public</span></span></a><input type="hidden" autocomplete="off" name="privacy" value="&#123;&quot;row_created_time&quot;:1391310926,&quot;row_updated_time&quot;:1390724300,&quot;value&quot;:80,&quot;owner&quot;:100007586291391,&quot;_pmc_&quot;:1391310926,&quot;friends&quot;:0,&quot;lists_anon&quot;:[],&quot;ids_anon&quot;:[],&quot;lists_x_anon&quot;:[],&quot;ids_x_anon&quot;:[],&quot;tdata&quot;:[],&quot;lists&quot;:[],&quot;lists_x&quot;:[],&quot;objects&quot;:[],&quot;no_tag_expansion&quot;:0&#125;" /></span><span role="separator" aria-hidden="true"> · </span><a href="/composer/?sbu=%2Fa%2Fhome.php&amp;fin=status&amp;hash=AZsI791q6XyciNux&amp;refid=8">More Options</a></span></form>

 

 Remove unwanted HTML tags and here are tags that we need to extract:

<form method="post" class="composer_form" id="composer_form" action="/a/home.php?refid=8">
<input type="hidden" name="fb_dtsg" value="AQArDqOT" autocomplete="off" />
<input type="hidden" name="charset_test" value="€,´,€,´,水,Д,Є" />
<input value="Share" type="submit" name="update" class="_56bs _5of- _56bu" data-sigil="composer-submit" />
<input type="hidden" name="target" />
<input type="hidden" autocomplete="off" name="privacy" value="&#123;&quot;row_created_time&quot;:1391310926,&quot;row_updated_time&quot;:1390724300,&quot;value&quot;:80,&quot;owner&quot;:100007586291391,&quot;_pmc_&quot;:1391310926,&quot;friends&quot;:0,&quot;lists_anon&quot;:[],&quot;ids_anon&quot;:[],&quot;lists_x_anon&quot;:[],&quot;ids_x_anon&quot;:[],&quot;tdata&quot;:[],&quot;lists&quot;:[],&quot;lists_x&quot;:[],&quot;objects&quot;:[],&quot;no_tag_expansion&quot;:0&#125;" />
</form>

 

To update status to Facebook wall, call function $pages->fbstatusupdate($status). You can change $status to message you want to update. In fact, you can also scrape information from other websites and assign to $status.

 

Facebook auto update with cURL

My Facebook friends will see output like this:

Facebook auto update with cURL

 

Happy trying!!

 

Code: 

1. fbform.php

<?php
define('FB','https://m.facebook.com');
define('FORM','~<form method="post" (.*?)</form>~s');
define('ACTION','~action=(?:["\'])?([^"\'\s]*)~i');
define('INPUT','~<input(.*?)>~');
define('NAME','~name=(?:["\'])?([^"\'\s]*)~i');
define('VALUE','~value=(?:["\'])?([^"\'\s]*)~i');

class FBform extends HttpCurl	{
private $_url;
private $_inputs = array();

public function __construct() 	{}	 	
public function __destruct()	{}
	
public function fbLogin($username, $password) {
	unset ($this->_inputs);
	unset ($this->_url);	
	$this->getFormFields();
	$this->_inputs['email']=$username;
	$this->_inputs['pass']=$password;
//	$this->_url = FB . $this->_url;	
	$post_field = $this->arrayImplode( '=', '&', $this->_inputs);
	$this->post($this->_url,  $post_field);	
}
	
public function fbStatusUpdate($status) {
	unset ($this->_inputs);
	unset ($this->_url);	
	$this->getFormFields();
	$this->_inputs['status']=$status;
	$this->_url = FB . $this->_url;
	$post_field = $this->arrayImplode( '=', '&', $this->_inputs);
	$this->post($this->_url,  $post_field);	
}
	
public function arrayImplode( $glue, $separator, $array ) {
	$string = array();
	foreach ( $array as $key => $val ) {
		if ( is_array( $val ) )
		$val = implode( ',', $val );
		$string[] = "{$key}{$glue}{$val}";
	}
	return implode( $separator, $string );
}

public function getFormFields() {
	if (preg_match(FORM, parent::getBody(), $form)) {
		preg_match(ACTION, $form[0], $action); 
		$this->_url= $action[1];
		preg_match_all(INPUT, $form[0], $fields); 	
		
		foreach ($fields[0] as $field) {
			if (preg_match(NAME, $field, $name)) {
				$name = $name[1];
                $value = '';

			if (preg_match(VALUE, $field, $value))	$value = $value[1];

			if ($value!=NULL) 	 $this->_inputs[$name] = $value;			
			}
		}		
		return $this->_inputs;	
		} else {
		echo "Error, Form not found!";  }
	}		
}

?>

 

2. httpcurl.php

<?php
 
 // Class HttpCurl
class HttpCurl {
    private $_ch, $_cookie, $_info, $_body, $_error;
      
    public function __construct() {
        if (!function_exists('curl_init')) {
            throw new Exception('cURL not enabled!');
        } 
    }
  
    public function get($url) {
        $this->_ch = curl_init();
		curl_setopt($this->_ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; rv:22.0) Gecko/20100101 Firefox/22.0');
		curl_setopt($this->_ch, CURLOPT_POST, 0);		
        curl_setopt($this->_ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($this->_ch, CURLOPT_MAXREDIRS, 5);   
        curl_setopt($this->_ch, CURLOPT_RETURNTRANSFER, TRUE);
        curl_setopt($this->_ch, CURLOPT_COOKIEFILE, getcwd () . '/facebook_cookie' );
        curl_setopt($this->_ch, CURLOPT_COOKIEJAR, getcwd () . '/facebook_cookie' );	
		curl_setopt($this->_ch, CURLOPT_SSL_VERIFYPEER, false );
        curl_setopt($this->_ch, CURLOPT_SSL_VERIFYHOST, false );		
        curl_setopt($this->_ch, CURLOPT_URL, $url);
        $this->_body = curl_exec($this->_ch);
        $this->_info  = curl_getinfo($this->_ch);
        $this->_error = curl_error($this->_ch);
        curl_close($this->_ch);    		
    }
	
    public function post($url,  $post_data) {
        $this->_ch = curl_init();
		curl_setopt($this->_ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; rv:22.0) Gecko/20100101 Firefox/22.0');	
        curl_setopt($this->_ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($this->_ch, CURLOPT_MAXREDIRS, 5);
        curl_setopt($this->_ch, CURLOPT_HEADER, 0);	
        curl_setopt($this->_ch, CURLOPT_RETURNTRANSFER, TRUE);
		curl_setopt($this->_ch, CURLOPT_SSL_VERIFYPEER, false );
        curl_setopt($this->_ch, CURLOPT_SSL_VERIFYHOST, false );
        curl_setopt($this->_ch, CURLOPT_ENCODING, "" );	
		curl_setopt($this->_ch, CURLOPT_POST, TRUE);
		curl_setopt($this->_ch, CURLOPT_POSTFIELDS, $post_data);
        curl_setopt($this->_ch, CURLOPT_COOKIEFILE, getcwd () . '/facebook_cookie' );
        curl_setopt($this->_ch, CURLOPT_COOKIEJAR, getcwd () . '/facebook_cookie' );		
        curl_setopt($this->_ch, CURLOPT_URL, $url);
        $this->_body = curl_exec($this->_ch);
        $this->_info  = curl_getinfo($this->_ch);
        $this->_error = curl_error($this->_ch);
		curl_close($this->_ch);  		
    }	
  
	// Get http_code
    public function getStatus() {
        return $this->_info[http_code];
    }
      
	// Get web page header information
    public function getHeader() {
        return $this->_info;
    }
     public function getHandle() {
        return $this->_ch;
    } 
	// Get web page content
    public function getBody() {
        return $this->_body;
    }
      
    public function __destruct() {
    } 		
	
}
  
?>

 

3. fbautopost.php

<?php
include 'httpcurl.php';
include 'fbform.php';

$fbhomepage = 'http://m.facebook.com';
$username = "xxxxx";   // Insert your login email
$password = "xxxxx";   // Insert your password
$status = "Check it out at http://php8legs.com/!";

$pages = new FBform();
$pages->get($fbhomepage);  
$pages->fblogin($username, $password);
$pages->get($fbhomepage);
$pages->fbstatusupdate($status);

?>

 

Last modified on Tuesday, 29 December 2020 07:02
Rate this item
(8 votes)
back to top