VK.com CURL authorization (without standart API)

Few days ago I decided to write a bot for http://olike.ru. Bot was successfully written, but one of my VK.com accounts was frozen for few minutes. So, if you'r planning to use bots in VK.com, be aware, big brother is watching you :)

How can we login into VK.com ? I'ts not that hard, but it has some tricky steps.

1. Firstly we need to send GET request to http://m.vk.com and get "ip_h" parameter (it will be needed later)

$curl = curl_init();
$options = [
    CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 6.1; rv:26.0) Gecko/20100101 Firefox/26.0', // You can use any other user agent
    CURLOPT_URL => 'http://m.vk.com',
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_TIMEOUT => 30
];

curl_setopt_array($curl, $options);
$response = curl_exec($curl);

preg_match('/ip\_h\=(.*?)\&/is', $response, $match);

$ip_h = $match[1];

2. Next, using ip_h parameter, we need to create next url for POST request to vk.com. This request if needed to get the link for actual authentication.

$data = [
    'email' => 'Your vk.com login or email',
    'password' => 'Your vk.com password'
];

$url = 'https://login.vk.com/?act=login&_origin=http://m.vk.com&ip_h='.$ip_h.'&role=pda&utf8=1';

$options = [
    CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 6.1; rv:26.0) Gecko/20100101 Firefox/26.0',
    CURLOPT_URL => $url,
    CURLOPT_POSTFIELDS => http_build_query($data),
    CURLOPT_POST => 1,
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_HEADER => 1,
    CURLOPT_SSL_VERIFYPEER => 0,
    CURLOPT_SSL_VERIFYHOST => 0,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_COOKIEFILE => 'Path to cookie.txt file', // You can create this file wherever you want. As for me, it was in the same folder as script
    CURLOPT_COOKIEJAR => 'Path to cookie.txt file',
];

curl_setopt_array($curl, $options);
$response = curl_exec($curl);

3. Now we need to parse a little response from the last request, and get from there URL, so we can finally log into the system and make some dirty things

// Getting our login URL
preg_match('/Location: (.*?)\n/is', $response, $match);

// Removing all whitespaces
$url = trim($match[1]);

// Sending request and now we must be logged in
$options = [
    CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 6.1; rv:26.0) Gecko/20100101 Firefox/26.0',
    CURLOPT_URL => $url,
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_HEADER => 1,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_COOKIEFILE => 'Path to cookie.txt file',
    CURLOPT_COOKIEJAR => 'Path to cookie.txt file'
];

curl_setopt_array($curl, $options);
curl_exec($curl);

// Closing CURL
curl_close($curl);

This is it :) Now you can send some request, that requires authorization (e.g. add likes to photos, join groups and so on)

Laravel package review: Sentry - authentication & authorization system

Brief view

Cartalyst/Sentry is one of the best packages for Laravel 4 (not only), that provides authentication and authorization features. Besides authentication and authorization, Sentry provides group management, permission control, registration, custom hashing and additional security features. You can read full documentation on official Cartalyst page: https://cartalyst.com/manual/sentry

Requirements

• PHP 5.3+

Supports

• Laravel 4+
• Code Igniter 3.0-dev
• Fuel PHP 1.x
• Native PHP

Review

First of all, Sentry is really easy to install package. Using Composer your authentication/authorization system will be ready to use in minutes, you just need to add "cartalyst/sentry": "2.1.*" string to your composer.json require array and run composer update.
After installation you will need to configure app.php laravel config, to register provider and its alias, run migrations and publish Sentry config. More detailed documentation you can view on the official Cartalyst page.
Its really easy to work with Sentry. All errors are thrown as an exceptions, and you can easily handle them. As an example, i will show you registration code:

try
{
    // Let's register a user.
    $user = Sentry::register(array(
        'email'    => 'john.doe@example.com',
        'password' => 'test',
    ));

    // Let's get the activation code
    $activationCode = $user->getActivationCode();

    // Send activation code to the user so he can activate the account

}
catch (Cartalyst\Sentry\Users\LoginRequiredException $e)
{
    echo 'Login field is required.';
}
catch (Cartalyst\Sentry\Users\PasswordRequiredException $e)
{
    echo 'Password field is required.';
}
catch (Cartalyst\Sentry\Users\UserExistsException $e)
{
    echo 'User with this login already exists.';
}

As you can see, this code is really straight forward. All other functions of Sentry works the same. Code is clear and follows FIG standarts. As for me, I was able to integrate this package with my own social authentication module, because of high customization level of Sentry.
Despite all advantages, I actually had one problem. Sentry has its own social authentication package (Sentry-social), which can work together with Cartalyst. Sad, but I was unable to configure latest version of Sentry with Sentry-social because of some errors. Moreover, i was even unable to find on github source codes of Sentry-social.

Conclusion

As for me, this is one of the best authentication/authorization packages I have ever worked with, not only on Laravel, but on Kohana and Code Igniter too. I strongly recommend you to try it out despite working on your own authorization system.