Return to Snippet

Revision: 12455
at April 19, 2013 00:29 by uioreanu


Updated Code
<?php
/**
 * fetch CSV data from hypovereinsbank Direct [email protected]
 * 
 * @author  CU 
 * @version 1.0
 * @requires curl in CLI mode
 */

getHypoData();

/**
 * retrieves CSV data from hypovereinsbank Direct [email protected] website.
 * @return  boolean    successful or not
 * @access  public
 * @static  makes the class property accessible without needing an instantiation of the class
 */
function getHypoData()
{
	# CONFIG
	$sleepMin = 5;
	$sleepMax = 10;
#	$proxyCfg = ' -x XXX.XXX.XXX.XXX:XXXX';
	$direktbankingNr = 'xxxxxxxxxxx';
	$pwdOnline = 'xxxxxxxxx';
	# CONFIG

	# to use strftime's magic
	setlocale(LC_TIME, "de_DE"); 

	$curlParameters = $proxyCfg. ' --silent --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" -b cookies_hypo.txt -c cookies_hypo.txt --location';
#	to debug CURL simply uncomment next line
#	$curlParameters = ' --include --trace-ascii debugdump0.txt '.$proxyCfg.' --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" -b cookies_hypo.txt -c cookies_hypo.txt --location';

	if (file_exists('cookies_hypo.txt')) {
		unlink('cookies_hypo.txt') || die (print 'Cannot remove cookies_hypo.txt');    
	}
	echo date('Y-m-d H:i:s') .' initial URL fetch' ."\n";
	$output = array();
	$run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp '. $curlParameters, $output);
	if (!$run) {
		print "could not execute CURL line ". __LINE__;
		return false;
	}
	if (count($output)<=10 || count($output)>=1000) {
		print_r($output);
		print "FATAL: buggy input. ";
		return false;
	}
	$ViewState = '';
	# find the "ViewState"
	foreach ($output as $line) {
		if ($ViewState=='' && strpos($line, 'hidden')!==false && strpos($line, 'ViewState')!==false) {
			echo date('Y-m-d H:i:s') .' identified ViewState Line' ."\n";
			$challenge_line = split('"', $line);
			if ($ViewState = $challenge_line[7]) {
				echo date('Y-m-d H:i:s') .' identified ViewState: '. $ViewState ."\n";
			}
		}
	}
	if (strlen($ViewState)<=10 || strlen($ViewState)>=200) {
		echo date('Y-m-d H:i:s') .' FATAL: weird ViewState: '. $ViewState ."\n";
		return false;
	}
	sleep(rand($sleepMin,$sleepMax));

	echo date('Y-m-d H:i:s') .' attempt login' ."\n";
	$output = array();
	$run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp --data "username='. $direktbankingNr .'&px2='. $pwdOnline .'&secP=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF&fp=&directBankingLoginForm%3AloginPanel%3AloginCommand=Anmelden&directBankingLoginForm%3A_idcl=&directBankingLoginForm%3A_link_hidden_=&directBankingLoginForm_SUBMIT=1&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
	if (!$run) {
		print "could not execute CURL line ". __LINE__;
		return false;
	}
	if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
		echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
		print_r($output);
		return false;
	}
	sleep(rand($sleepMin,$sleepMax));

	echo date('Y-m-d H:i:s') .' attempt KONTO homepage' ."\n";
	$output = array();
	$run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp '. $curlParameters, $output);
	if (!$run) {
		print "could not execute CURL line ". __LINE__;
		return false;
	}
	if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
		echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
		print_r($output);
		return false;
	}
	$ViewState = '';
	# find the changed "ViewState"
	foreach ($output as $line) {
		if ($ViewState=='' && strpos($line, 'hidden')!==false && strpos($line, 'ViewState')!==false) {
			echo date('Y-m-d H:i:s') .' identified ViewState Line' ."\n";
			$challenge_line = split('"', $line);
			if ($ViewState = $challenge_line[13]) {
				echo date('Y-m-d H:i:s') .' identified ViewState: '. $ViewState ."\n";
			}
		}
	}
	if (strlen($ViewState)<=10 || strlen($ViewState)>=200) {
		echo date('Y-m-d H:i:s') .' FATAL: weird ViewState: '. $ViewState ."\n";
		return false;
	}
	echo date('Y-m-d H:i:s') .' setting the time-frame' ."\n";
	$output = array();
	$fromMonth = strftime("%B+%Y", time() - 31*24*3600);
	$toMonth = strftime("%B+%Y", time() - 4*24*3600);
	$toDay = strftime("%d", time() - 4*24*3600);
	echo date('Y-m-d H:i:s') ." TIMEFRAME: 01+$fromMonth - $toDay+$toMonth" ."\n";

	$run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp --data "accountManagement%3AdayFrom=1&accountManagement%3AmonthFrom='. $fromMonth .'&accountManagement%3AdayTo='. $toDay .'&accountManagement%3AmonthTo='. $toMonth .'&accountManagement%3AnumberOfTurnovers=9999&accountManagement%3Arefresh=Anzeigen&accountManagement%3Apurpose=&accountManagement%3AamountMin=&accountManagement%3AamountMax=&accountManagement%3A_link_hidden_=&accountManagement%3A_idcl=&accountManagement_SUBMIT=1&&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
	if (!$run) {
		print "could not execute CURL line ". __LINE__;
		return false;
	}
	if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
		echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
		print_r($output);
		return false;
	}
	sleep(rand($sleepMin,$sleepMax));

	# fetch live & old Kontostand 
	$liveStart = false;
	foreach ($output as $line) {
		if (strpos($line, 'Aktueller Kontosaldo')!== false) {
			$liveStart = true;
		}
		if (strpos($line, '</fieldset>')!== false) {
			$liveStart = false;
		}
		if ($liveStart && trim($line) == trim(strip_tags($line)) && strpos($line, 'EUR')!== false) {
			$Betrag[0] = trim(str_replace('EUR', '', $line));
		}
		if ($liveStart && strpos($line, 'negbal')!==false && strpos($line, 'EUR')!== false) {
			$Betrag[0] = trim(str_replace('EUR', '', strip_tags($line)));
		}
		
		if (strpos($line, 'Kontostand am')!== false) {
			$linePart = strip_Tags(substr($line, strpos($line, 'Kontostand am')));
			$lineParts = explode(date('Y'), $linePart);
			$lineParts2 = explode(' ', trim(str_replace('EUR', '', $lineParts[1])));
			if ($lineParts2[1]) {
				$Betrag[1] = $lineParts2[1];
			} else {
				$Betrag[1] = trim(str_replace('EUR', '', $lineParts[1]));
			}
		}
	}
	echo date('Y-m-d H:i:s ') . ("Kontostand live ... " . $Betrag[0] ." EUR"). "\n";
	echo date('Y-m-d H:i:s ') . ("Kontostand old .... " . $Betrag[1] ." EUR"). "\n";
	if (!$Betrag) {
		print 'no Betrag in line: '. __LINE__;
		return false;
	}
	sleep(rand($sleepMin,$sleepMax));

	echo date('Y-m-d H:i:s') .' attempt CSV Download' ."\n";
	$output = array();
	$run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp --data "accountManagement%3AdayFrom=1&accountManagement%3AmonthFrom='. $fromMonth .'&accountManagement%3AdayTo='. $toDay .'&accountManagement%3AmonthTo='. $toMonth .'&accountManagement%3AnumberOfTurnovers=9999&accountManagement%3Apurpose=&accountManagement%3AamountMin=&accountManagement%3AamountMax=&accountManagement%3AbuttonNavigation%3Aj_id_id182=Download+Kontoums%E4tze+&accountManagement%3A_link_hidden_=&accountManagement%3A_idcl=&accountManagement_SUBMIT=1&&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
	if (!$run) {
		print "could not execute CURL line ". __LINE__;
		return false;
	}
	if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
		echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
		print_r($output);
		return false;
	}
	if ($output) {
		$fileName = 'hypo_'.date('Y-m-d.H-i-s'). '.csv';
		$result = file_put_contents($fileName, implode("\n", $output)."\n") || die (print "could not dump CSV content to file");
		echo date('Y-m-d H:i:s') .' '. count($output). ' lines written to file: '. $fileName .''. "\n";
	}
	sleep(rand($sleepMin,$sleepMax));

	echo date('Y-m-d H:i:s') .' attempt Logout' ."\n";
	$output = array();
	$run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/logout.jsp '. $curlParameters, $output);
	if (!$run) {
		print "could not execute CURL line ". __LINE__;
		return false;
	}
	if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
		echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
		print_r($output);
		return false;
	}
	if ((strpos(implode(' ', $output), 'korrekt'))) {
		return true;
	}
	sleep(rand($sleepMin,$sleepMax));

	return false;
} // end func

# EOF
?>

Revision: 12454
at February 23, 2013 02:31 by uioreanu


Updated Code
<?php
/**
 * fetch CSV data from hypovereinsbank Direct [email protected]
 * 
 * @author  CU 
 * @version 1.0
 * @requires curl in CLI mode
 */

getHypoData();

/**
 * retrieves CSV data from hypovereinsbank Direct [email protected] website.
 * @return  boolean    successful or not
 * @access  public
 * @static  makes the class property accessible without needing an instantiation of the class
 */
function getHypoData()
{
	# CONFIG
	$sleepMin = 5;
	$sleepMax = 10;
#	$proxyCfg = ' -x 62.240.129.2:8443';
	$direktbankingNr = 'XXXXXXXXXX';
	$pwdOnline = 'XXXXXXXX';
	# CONFIG

	# to use strftime's magic
	setlocale(LC_TIME, "de_DE"); 

	$curlParameters = $proxyCfg. ' --silent --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" -b cookies_hypo.txt -c cookies_hypo.txt --location';
#	to debug CURL simply uncomment next line
#	$curlParameters = ' --include --trace-ascii debugdump0.txt -x 62.240.129.2:8443 --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" -b cookies_hypo.txt -c cookies_hypo.txt --location';

	if (file_exists('cookies_hypo.txt')) {
		unlink('cookies_hypo.txt') || die (print 'Cannot remove cookies_hypo.txt');    
	}
	echo date('Y-m-d H:i:s') .' initial URL fetch' ."\n";
	$output = array();
	$run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp '. $curlParameters, $output);
	if (!$run) {
		print "could not execute CURL line ". __LINE__;
		return false;
	}
	if (count($output)<=10 || count($output)>=1000) {
		print_r($output);
		print "FATAL: buggy input. ";
		return false;
	}
	$ViewState = '';
	# find the "ViewState"
	foreach ($output as $line) {
		if ($ViewState=='' && strpos($line, 'hidden')!==false && strpos($line, 'ViewState')!==false) {
			echo date('Y-m-d H:i:s') .' identified ViewState Line' ."\n";
			$challenge_line = split('"', $line);
			if ($ViewState = $challenge_line[7]) {
				echo date('Y-m-d H:i:s') .' identified ViewState: '. $ViewState ."\n";
			}
		}
	}
	if (strlen($ViewState)<=10 || strlen($ViewState)>=200) {
		echo date('Y-m-d H:i:s') .' FATAL: weird ViewState: '. $ViewState ."\n";
		return false;
	}
	sleep(rand($sleepMin,$sleepMax));

	echo date('Y-m-d H:i:s') .' attempt login' ."\n";
	$output = array();
	$run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp --data "username='. $direktbankingNr .'&px2='. $pwdOnline .'&secP=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF&fp=&directBankingLoginForm%3AloginPanel%3AloginCommand=Anmelden&directBankingLoginForm%3A_idcl=&directBankingLoginForm%3A_link_hidden_=&directBankingLoginForm_SUBMIT=1&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
	if (!$run) {
		print "could not execute CURL line ". __LINE__;
		return false;
	}
	if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
		echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
		print_r($output);
		return false;
	}
	sleep(rand($sleepMin,$sleepMax));

	echo date('Y-m-d H:i:s') .' attempt KONTO homepage' ."\n";
	$output = array();
	$run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp '. $curlParameters, $output);
	if (!$run) {
		print "could not execute CURL line ". __LINE__;
		return false;
	}
	if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
		echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
		print_r($output);
		return false;
	}
	$ViewState = '';
	# find the changed "ViewState"
	foreach ($output as $line) {
		if ($ViewState=='' && strpos($line, 'hidden')!==false && strpos($line, 'ViewState')!==false) {
			echo date('Y-m-d H:i:s') .' identified ViewState Line' ."\n";
			$challenge_line = split('"', $line);
			if ($ViewState = $challenge_line[13]) {
				echo date('Y-m-d H:i:s') .' identified ViewState: '. $ViewState ."\n";
			}
		}
	}
	if (strlen($ViewState)<=10 || strlen($ViewState)>=200) {
		echo date('Y-m-d H:i:s') .' FATAL: weird ViewState: '. $ViewState ."\n";
		return false;
	}
	# fetch live & old Kontostand 
	$liveStart = false;
	foreach ($output as $line) {
		if (strpos($line, 'Aktueller Kontosaldo')!== false) {
			$liveStart = true;
		}
		if (strpos($line, '</fieldset>')!== false) {
			$liveStart = false;
		}
		if ($liveStart && trim($line) == trim(strip_tags($line)) && strpos($line, 'EUR')!== false) {
			$Betrag[0] = trim(str_replace('EUR', '', $line));
		}
		if ($liveStart && strpos($line, 'negbal')!==false && strpos($line, 'EUR')!== false) {
			$Betrag[0] = trim(str_replace('EUR', '', strip_tags($line)));
		}
		
		if (strpos($line, 'Kontostand am')!== false) {
			$linePart = strip_Tags(substr($line, strpos($line, 'Kontostand am')));
			$lineParts = explode(date('Y'), $linePart);
			$lineParts2 = explode(' ', trim(str_replace('EUR', '', $lineParts[1])));
			if ($lineParts2[1]) {
				$Betrag[1] = $lineParts2[1];
			} else {
				$Betrag[1] = trim(str_replace('EUR', '', $lineParts[1]));
			}
		}
	}
	echo date('Y-m-d H:i:s ') . ("Kontostand live ... " . $Betrag[0] ." EUR"). "\n";
	echo date('Y-m-d H:i:s ') . ("Kontostand old .... " . $Betrag[1] ." EUR"). "\n";
	if (!$Betrag) {
		print 'no Betrag in line: '. __LINE__;
		return false;
	}
	sleep(rand($sleepMin,$sleepMax));

	echo date('Y-m-d H:i:s') .' setting the time-frame' ."\n";
	$output = array();
	$fromMonth = strftime("%B+%Y", time() - 31*24*3600);
	$toMonth = strftime("%B+%Y", time());
	$run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp --data "accountManagement%3AdayFrom=1&accountManagement%3AmonthFrom='. $fromMonth .'&accountManagement%3AdayTo='. date('d') .'&accountManagement%3AmonthTo='. $toMonth .'&accountManagement%3AnumberOfTurnovers=9999&accountManagement%3Arefresh=Anzeigen&accountManagement%3Apurpose=&accountManagement%3AamountMin=&accountManagement%3AamountMax=&accountManagement%3A_link_hidden_=&accountManagement%3A_idcl=&accountManagement_SUBMIT=1&&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
	if (!$run) {
		print "could not execute CURL line ". __LINE__;
		return false;
	}
	if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
		echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
		print_r($output);
		return false;
	}
	sleep(rand($sleepMin,$sleepMax));

	echo date('Y-m-d H:i:s') .' attempt CSV Download' ."\n";
	$output = array();
	$fromMonth = strftime("%B+%Y", time() - 31*24*3600);
	$toMonth = strftime("%B+%Y", time());
	$run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp --data "accountManagement%3AdayFrom=1&accountManagement%3AmonthFrom='. $fromMonth .'&accountManagement%3AdayTo='. date('d') .'&accountManagement%3AmonthTo='. $toMonth .'&accountManagement%3AnumberOfTurnovers=9999&accountManagement%3Apurpose=&accountManagement%3AamountMin=&accountManagement%3AamountMax=&accountManagement%3AbuttonNavigation%3Aj_id_id182=Download+Kontoums%E4tze+&accountManagement%3A_link_hidden_=&accountManagement%3A_idcl=&accountManagement_SUBMIT=1&&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
	if (!$run) {
		print "could not execute CURL line ". __LINE__;
		return false;
	}
	if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
		echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
		print_r($output);
		return false;
	}
	if ($output) {
		$fileName = 'hypo_'.date('Y-m-d.H-i-s'). '.csv';
		$result = file_put_contents($fileName, implode("\n", $output)."\n") || die (print "could not dump CSV content to file");
		echo date('Y-m-d H:i:s') .' '. count($output). ' lines written to file: '. $fileName .''. "\n";
	}
	sleep(rand($sleepMin,$sleepMax));

	echo date('Y-m-d H:i:s') .' attempt Logout' ."\n";
	$output = array();
	$run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/logout.jsp '. $curlParameters, $output);
	if (!$run) {
		print "could not execute CURL line ". __LINE__;
		return false;
	}
	if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
		echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
		print_r($output);
		return false;
	}
	if ((strpos(implode(' ', $output), 'korrekt'))) {
		return true;
	}
	sleep(rand($sleepMin,$sleepMax));

	return false;
} // end func

# EOF
?>

Revision: 12453
at February 12, 2010 10:25 by uioreanu


Updated Code
<?php

setlocale(LC_TIME, "de_DE");
global $location; #keep track of location/redirects
global $cookiearr; #store cookies here
global $ch;

global $Betrag;
$inputUsername = 'XXXXXXXXXX'; # place here the Direct banking number
$inputPassword = 'XXXXXX';   # place here your pass

$outputCSV = '/tmp/Umsatzliste.csv';

require_once 'func/hypo_functions.php';

$step = 0;
logF("fetch start");

define ('RND_LOW', 2);
define ('RND_HIGH', 4);
#define ('RND_LOW', 5);
#define ('RND_HIGH', 10);


$headers[] = 'Connection: Keep-Alive';
$headers[] = 'Host: my.hypovereinsbank.de';
$headers[] = 'Content-type: application/x-www-form-urlencoded';
$headers[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
$headers[] = 'Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
$headers[] = 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7';
$headers[] = 'Keep-Alive: 300';







###################################################################

logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);

$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";

# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);


$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);

$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
	if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
		$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
	}
	if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
		$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
		$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
#		$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
	}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
	die (logF('no tr_sid'));
}
if (!$javax) {
	die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");
###################################################################

$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
#	'directBankingLoginForm:viewInitialized' => 'true',
	'username' => $inputUsername,
	'px2' => $inputPassword,
	'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
	'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
	'directBankingLoginForm:_idcl' => '',
	'directBankingLoginForm:_link_hidden_' => '',
	'directBankingLoginForm_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_wrong($postFields);

# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################







###################################################################

logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);

$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";

# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);


$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);

$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
	if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
		$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
	}
	if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
		$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
		$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
#		$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
	}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
	die (logF('no tr_sid'));
}
if (!$javax) {
	die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");
###################################################################

$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
#	'directBankingLoginForm:viewInitialized' => 'true',
	'username' => $inputUsername,
	'px2' => $inputPassword,
	'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
	'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
	'directBankingLoginForm:_idcl' => '',
	'directBankingLoginForm:_link_hidden_' => '',
	'directBankingLoginForm_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);

# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);

$lines = split ("\n", $Html);
foreach ($lines as $line) {
	if (strpos($line, 'mystartpage_finanzstatus')!== false) {
		$pieces = explode('\'', $line);
		$Var_idcl = $pieces[3];
	}
}
if (!$Var_idcl) {
	print "ERROR: Cannot fetch idcl";
#	exit;
}
logF($step ."th idcl: $Var_idcl");
$cookieStr = '';
print_r($cookiearr);
foreach ($cookiearr as $cookieName => $cookieVal) {
	$cookieStr.=$cookieName.'='.$cookieVal.'; ';
}
$cookieStr = substr($cookieStr, 0, -2);
###################################################################


###################################################################
# go to account
$Url='https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################

$lines = split ("\n", $Html);
$liveStart = false;
foreach ($lines as $line) {
	if (strpos($line, 'Aktueller Kontosaldo')!== false) {
		$liveStart = true;
	}
	if (strpos($line, '</fieldset>')!== false) {
		$liveStart = false;
	}
	if ($liveStart && trim($line) == trim(strip_tags($line)) && strpos($line, 'EUR')!== false) {
		$Betrag[0] = trim(str_replace('EUR', '', $line));
	}
	if ($liveStart && strpos($line, 'negbal')!==false && strpos($line, 'EUR')!== false) {
		$Betrag[0] = trim(str_replace('EUR', '', strip_tags($line)));
	}
	
	if (strpos($line, 'Kontostand am')!== false) {
		$linePart = strip_Tags(substr($line, strpos($line, 'Kontostand am')));
		$lineParts = explode(date('Y'), $linePart);
		$lineParts2 = explode(' ', trim(str_replace('EUR', '', $lineParts[1])));
		if ($lineParts2[1]) {
			$Betrag[1] = $lineParts2[1];
		} else {
			$Betrag[1] = trim(str_replace('EUR', '', $lineParts[1]));
		}
	}
}
logF("Kontostand live ... " . $Betrag[0] ." EUR");
logF("Kontostand old ...  " . $Betrag[1] ." EUR");
if (!$Betrag) {
	die (print 'no Betrag in step: '. $step);
}


$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
	if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
		$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
	}
	if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
		$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
		$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
#		$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
	}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
	die (logF('no tr_sid'));
}
if (!$javax) {
	die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");

#var_dump($Betrag);
###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
	'accountManagement:dayFrom' => '1',
	'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
	'accountManagement:dayTo' => date('d'),
	'accountManagement:monthTo' => strftime("%B %Y"),
	'accountManagement:numberOfTurnovers' => '9999',
	'accountManagement:refresh' => 'Anzeigen',
#	'accountManagement:buttonNavigation:j_id_id142' => 'Download Kontoums�¤tze ',
	'accountManagement:_link_hidden_' => '',
	'accountManagement:_idcl' => '',
	'accountManagement_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);

$postUrl = http_build_query_urlencode($postFields);

# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);

$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
	if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
		$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
	}
	if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
		$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
		$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
#		$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
	}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
	die (logF('no tr_sid'));
}
if (!$javax) {
	die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");

logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################

###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
	'accountManagement:dayFrom' => max(date('d')-7, 1),
	'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
##	'accountManagement:monthFrom' => strftime("%B %Y"),
	'accountManagement:dayTo' => date('d'),
	'accountManagement:monthTo' => strftime("%B %Y"),
	'accountManagement:numberOfTurnovers' => '9999',
##	'accountManagement:numberOfTurnovers' => '20',
#	'accountManagement:refresh' => 'Anzeigen',
	'accountManagement:buttonNavigation:j_id_id147' => 'Download Kontoums'. substr(strftime("%B", strtotime('2001-03-01 00:00:00')), 1, 1) .'tze ',
	'accountManagement:_link_hidden_' => '',
	'accountManagement:_idcl' => '',
	'accountManagement_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);
print_R($postFields);
$postUrl = http_build_query_urlencode($postFields);
print_R($postUrl);

# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
#curl_setopt($ch, CURLOPT_VERBOSE, TRUE);    

#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
#curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
#curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_REFERER, $Url);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
#curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 2);

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################

unlink($outputCSV);
copy("$step.html", $outputCSV);

###################################################################

###################################################################
# party over, logout
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/logout.jsp';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);


$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################


###################################################################
function http_build_query_urlencode($postFields)
{
	$postUrl = "";
	foreach ($postFields as $fName => $fValue) {
		$postUrl.=urlencode($fName).'='.urlencode($fValue)."&";
#		$postUrl.=($fName).'='.rawurlencode($fValue)."&";
	}
	return substr($postUrl, 0, -1);
} 

function http_build_query_wrong($postFields)
{
	$postUrl = "";
	foreach ($postFields as $fName => $fValue) {
		$postUrl.=urlencode($fName).'='.utf8_encode($fValue)."&";
#		$postUrl.=($fName).'='.rawurlencode($fValue)."&";
	}
	return substr($postUrl, 0, -1)."\n";
} 


function read_header($ch, $string)
{
    global $location; #keep track of location/redirects
    global $cookiearr; #store cookies here
    global $ch;
       # ^overrides the function param $ch
       # this is okay because we need to
       # update the global $ch with
       # new cookies
   
    $length = strlen($string);
    if(!strncmp($string, "Location:", 9))
    { #keep track of last redirect
      $location = trim(substr($string, 9, -1));
    }
    if(!strncmp($string, "Set-Cookie:", 11))
    { #get the cookie
      $cookiestr = trim(substr($string, 11, -1));
      $cookie = explode(';', $cookiestr);
      $cookie = explode('=', $cookie[0]);
      $cookiename = trim(array_shift($cookie));
      $cookiearr[$cookiename] = trim(implode('=', $cookie));
    }
    $cookie = "";
    if(trim($string) == "")
    {  #execute only at end of header
      foreach ($cookiearr as $key=>$value)
      {
        $cookie .= "$key=$value; ";
      }
      curl_setopt($ch, CURLOPT_COOKIE, $cookie);
    }

    return $length;
}

?>

Revision: 12452
at February 12, 2010 09:46 by uioreanu


Updated Code
<?php

setlocale(LC_TIME, "de_DE");
global $location; #keep track of location/redirects
global $cookiearr; #store cookies here
global $ch;

global $Betrag;
$inputUsername = 'XXXXXXXXXX'; # place here the Direct banking number
$inputPassword = 'XXXXXX';   # place here your pass

$outputCSV = '/tmp/Umsatzliste.csv';

require_once 'func/hypo_functions.php';

$step = 0;
logF("fetch start");

define ('RND_LOW', 2);
define ('RND_HIGH', 4);
#define ('RND_LOW', 5);
#define ('RND_HIGH', 10);


$headers[] = 'Connection: Keep-Alive';
$headers[] = 'Host: my.hypovereinsbank.de';
$headers[] = 'Content-type: application/x-www-form-urlencoded';
$headers[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
$headers[] = 'Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
$headers[] = 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7';
$headers[] = 'Keep-Alive: 300';







###################################################################

logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);

$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";

# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);


$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);

$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
	if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
		$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
	}
	if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
		$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
		$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
#		$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
	}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
	die (logF('no tr_sid'));
}
if (!$javax) {
	die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");
###################################################################

$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
#	'directBankingLoginForm:viewInitialized' => 'true',
	'username' => $inputUsername,
	'px2' => $inputPassword,
	'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
	'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
	'directBankingLoginForm:_idcl' => '',
	'directBankingLoginForm:_link_hidden_' => '',
	'directBankingLoginForm_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_wrong($postFields);

# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################







###################################################################

logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);

$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";

# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);


$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);

$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
	if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
		$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
	}
	if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
		$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
		$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
#		$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
	}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
	die (logF('no tr_sid'));
}
if (!$javax) {
	die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");
###################################################################

$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
#	'directBankingLoginForm:viewInitialized' => 'true',
	'username' => $inputUsername,
	'px2' => $inputPassword,
	'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
	'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
	'directBankingLoginForm:_idcl' => '',
	'directBankingLoginForm:_link_hidden_' => '',
	'directBankingLoginForm_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);

# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);

$lines = split ("\n", $Html);
foreach ($lines as $line) {
	if (strpos($line, 'mystartpage_finanzstatus')!== false) {
		$pieces = explode('\'', $line);
		$Var_idcl = $pieces[3];
	}
}
if (!$Var_idcl) {
	print "ERROR: Cannot fetch idcl";
#	exit;
}
logF($step ."th idcl: $Var_idcl");
$cookieStr = '';
print_r($cookiearr);
foreach ($cookiearr as $cookieName => $cookieVal) {
	$cookieStr.=$cookieName.'='.$cookieVal.'; ';
}
$cookieStr = substr($cookieStr, 0, -2);
###################################################################


###################################################################
# go to account
$Url='https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################

$lines = split ("\n", $Html);
$liveStart = false;
foreach ($lines as $line) {
	if (strpos($line, 'Aktueller Kontosaldo')!== false) {
		$liveStart = true;
	}
	if (strpos($line, '</fieldset>')!== false) {
		$liveStart = false;
	}
	if ($liveStart && trim($line) == trim(strip_tags($line)) && strpos($line, 'EUR')!== false) {
		$Betrag[0] = trim(str_replace('EUR', '', $line));
	}
	if ($liveStart && strpos($line, 'negbal')!==false && strpos($line, 'EUR')!== false) {
		$Betrag[0] = trim(str_replace('EUR', '', strip_tags($line)));
	}
	
	if (strpos($line, 'Kontostand am')!== false) {
		$linePart = strip_Tags(substr($line, strpos($line, 'Kontostand am')));
		$lineParts = explode(date('Y'), $linePart);
		$lineParts2 = explode(' ', trim(str_replace('EUR', '', $lineParts[1])));
		if ($lineParts2[1]) {
			$Betrag[1] = $lineParts2[1];
		} else {
			$Betrag[1] = trim(str_replace('EUR', '', $lineParts[1]));
		}
	}
}
logF("Kontostand live ... " . $Betrag[0] ." EUR");
logF("Kontostand old ...  " . $Betrag[1] ." EUR");
if (!$Betrag) {
	die (print 'no Betrag in step: '. $step);
}


$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
	if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
		$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
	}
	if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
		$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
		$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
#		$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
	}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
	die (logF('no tr_sid'));
}
if (!$javax) {
	die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");

#var_dump($Betrag);
###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
	'accountManagement:dayFrom' => '1',
	'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
	'accountManagement:dayTo' => date('d'),
	'accountManagement:monthTo' => strftime("%B %Y"),
	'accountManagement:numberOfTurnovers' => '9999',
	'accountManagement:refresh' => 'Anzeigen',
#	'accountManagement:buttonNavigation:j_id_id142' => 'Download Kontoumsätze ',
	'accountManagement:_link_hidden_' => '',
	'accountManagement:_idcl' => '',
	'accountManagement_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);

$postUrl = http_build_query_urlencode($postFields);

# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);

$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
	if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
		$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
	}
	if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
		$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
		$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
#		$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
	}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
	die (logF('no tr_sid'));
}
if (!$javax) {
	die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");

logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################

###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
	'accountManagement:dayFrom' => max(date('d')-7, 1),
	'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
##	'accountManagement:monthFrom' => strftime("%B %Y"),
	'accountManagement:dayTo' => date('d'),
	'accountManagement:monthTo' => strftime("%B %Y"),
	'accountManagement:numberOfTurnovers' => '9999',
##	'accountManagement:numberOfTurnovers' => '20',
#	'accountManagement:refresh' => 'Anzeigen',
	'accountManagement:buttonNavigation:j_id_id147' => 'Download Kontoums'. substr(strftime("%B", strtotime('2001-03-01 00:00:00')), 1, 1) .'tze ',
	'accountManagement:_link_hidden_' => '',
	'accountManagement:_idcl' => '',
	'accountManagement_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);
print_R($postFields);
$postUrl = http_build_query_urlencode($postFields);
print_R($postUrl);

# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
#curl_setopt($ch, CURLOPT_VERBOSE, TRUE);    

#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
#curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
#curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_REFERER, $Url);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
#curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 2);

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################

unlink($outputCSV);
copy("$step.html", $outputCSV);

###################################################################

###################################################################
# party over, logout
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/logout.jsp';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);


$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################


###################################################################
function http_build_query_urlencode($postFields)
{
	$postUrl = "";
	foreach ($postFields as $fName => $fValue) {
		$postUrl.=urlencode($fName).'='.urlencode($fValue)."&";
#		$postUrl.=($fName).'='.rawurlencode($fValue)."&";
	}
	return substr($postUrl, 0, -1);
} 

function http_build_query_wrong($postFields)
{
	$postUrl = "";
	foreach ($postFields as $fName => $fValue) {
		$postUrl.=urlencode($fName).'='.utf8_encode($fValue)."&";
#		$postUrl.=($fName).'='.rawurlencode($fValue)."&";
	}
	return substr($postUrl, 0, -1)."\n";
} 


function read_header($ch, $string)
{
    global $location; #keep track of location/redirects
    global $cookiearr; #store cookies here
    global $ch;
       # ^overrides the function param $ch
       # this is okay because we need to
       # update the global $ch with
       # new cookies
   
    $length = strlen($string);
    if(!strncmp($string, "Location:", 9))
    { #keep track of last redirect
      $location = trim(substr($string, 9, -1));
    }
    if(!strncmp($string, "Set-Cookie:", 11))
    { #get the cookie
      $cookiestr = trim(substr($string, 11, -1));
      $cookie = explode(';', $cookiestr);
      $cookie = explode('=', $cookie[0]);
      $cookiename = trim(array_shift($cookie));
      $cookiearr[$cookiename] = trim(implode('=', $cookie));
    }
    $cookie = "";
    if(trim($string) == "")
    {  #execute only at end of header
      foreach ($cookiearr as $key=>$value)
      {
        $cookie .= "$key=$value; ";
      }
      curl_setopt($ch, CURLOPT_COOKIE, $cookie);
    }

    return $length;
}

?>

Revision: 12451
at March 15, 2009 15:13 by uioreanu


Updated Code
<?php

global $Betrag;
$KontoNummer = 'XXXXXX'; # place here your account number
$inputUsername = 'XXXXXX'; # place here your direct banking number
$inputPassword = 'XXXXXX'; # place here your direct banking PIN number

setlocale(LC_TIME, "de_DE");
global $location; #keep track of location/redirects
global $cookiearr; #store cookies here
global $ch;

#$outputCSV = $KontoNummer. '_Umsatzliste.csv';
$outputCSV = '/tmp/Umsatzliste.csv';

$step = 0;
logF("fetch start");

define ('RND_LOW', 2);
define ('RND_HIGH', 3);
#define ('RND_LOW', 5);
#define ('RND_HIGH', 10);


$headers[] = 'Connection: Keep-Alive';
$headers[] = 'Host: my.hypovereinsbank.de';
$headers[] = 'Content-type: application/x-www-form-urlencoded';
$headers[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
$headers[] = 'Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
$headers[] = 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7';
$headers[] = 'Keep-Alive: 300';







###################################################################

logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);

$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";

# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);


$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);

$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
	if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
		$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
	}
	if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
		$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
	}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
	var_dump ($Html);
	die (logF('no tr_sid'));
}
logF("retrieved tr_sid=$tr_sid");
logF("retrieved javax=$javax");
###################################################################

$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
#	'directBankingLoginForm:viewInitialized' => 'true',
	'username' => $inputUsername,
	'px2' => $inputPassword,
	'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
	'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
	'directBankingLoginForm:_idcl' => '',
	'directBankingLoginForm:_link_hidden_' => '',
	'directBankingLoginForm_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_wrong($postFields);

# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################







###################################################################

logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);

$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";

# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);


$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);

$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
	if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
		$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
	}
	if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
		$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
	}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
	var_dump ($Html);
	die (logF('no tr_sid'));
}
logF("retrieved tr_sid=$tr_sid");
logF("retrieved javax=$javax");
###################################################################

$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
#	'directBankingLoginForm:viewInitialized' => 'true',
	'username' => $inputUsername,
	'px2' => $inputPassword,
	'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
	'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
	'directBankingLoginForm:_idcl' => '',
	'directBankingLoginForm:_link_hidden_' => '',
	'directBankingLoginForm_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);

# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);

$lines = split ("\n", $Html);
foreach ($lines as $line) {
	if (strpos($line, 'mystartpage_finanzstatus')!== false) {
		$pieces = explode('\'', $line);
		$Var_idcl = $pieces[3];
	}
}
if (!$Var_idcl) {
	print "ERROR: Cannot fetch idcl";
	exit;
}
logF($step ."th idcl: $Var_idcl");
$cookieStr = '';
foreach ($cookiearr as $cookieName => $cookieVal) {
	$cookieStr.=$cookieName.'='.$cookieVal.';';
}
$cookieStr = substr($cookieStr, 0, -1);
###################################################################


###################################################################
# go to account
$Url='https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################

$lines = split ("\n", $Html);
$liveStart = false;
foreach ($lines as $line) {
	if (strpos($line, 'Aktueller Kontosaldo')!== false) {
		$liveStart = true;
	}
	if (strpos($line, '</fieldset>')!== false) {
		$liveStart = false;
	}
	if ($liveStart && trim($line) == trim(strip_tags($line)) && strpos($line, 'EUR')!== false) {
		$Betrag[0] = trim(str_replace('EUR', '', $line));
	}
	
	if (strpos($line, 'Kontostand am')!== false) {
		$linePart = strip_Tags(substr($line, strpos($line, 'Kontostand am')));
		$lineParts = explode(date('Y'), $linePart);
		$Betrag[1] = trim(str_replace('EUR', '', $lineParts[1]));
	}
}
logF("Kontostand live ... " . $Betrag[0] ." EUR");
logF("Kontostand old ...  " . $Betrag[1] ." EUR");
if (!$Betrag) {
	die (print 'no Betrag in step: '. $step);
}
#var_dump($Betrag);

###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
	'accountManagement:dayFrom' => '1',
	'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
	'accountManagement:dayTo' => date('d'),
	'accountManagement:monthTo' => strftime("%B %Y"),
	'accountManagement:numberOfTurnovers' => '9999',
	'accountManagement:refresh' => 'Anzeigen',
#	'accountManagement:buttonNavigation:j_id_id142' => 'Download Kontoumsätze ',
	'accountManagement:_link_hidden_' => '',
	'accountManagement:_idcl' => '',
	'accountManagement_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);

$postUrl = http_build_query_urlencode($postFields);

# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################


###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
	'accountManagement:dayFrom' => '1',
	'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
	'accountManagement:dayTo' => date('d'),
	'accountManagement:monthTo' => strftime("%B %Y"),
	'accountManagement:numberOfTurnovers' => '9999',
#	'accountManagement:refresh' => 'Anzeigen',
	'accountManagement:buttonNavigation:j_id_id142' => 'Download Kontoums'. substr(strftime("%B", strtotime('2001-03-01 00:00:00')), 1, 1) .'tze ',
	'accountManagement:_link_hidden_' => '',
	'accountManagement:_idcl' => '',
	'accountManagement_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);

$postUrl = http_build_query_urlencode($postFields);

# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################

unlink($outputCSV);
copy("$step.html", $outputCSV);

###################################################################

###################################################################
# party over, logout
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/logout.jsp';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);


$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################


###################################################################
function http_build_query_urlencode($postFields)
{
	$postUrl = "";
	foreach ($postFields as $fName => $fValue) {
		$postUrl.=urlencode($fName).'='.urlencode($fValue)."&";
#		$postUrl.=($fName).'='.rawurlencode($fValue)."&";
	}
	return substr($postUrl, 0, -1);
} 

function http_build_query_wrong($postFields)
{
	$postUrl = "";
	foreach ($postFields as $fName => $fValue) {
		$postUrl.=urlencode($fName).'='.utf8_encode($fValue)."&";
#		$postUrl.=($fName).'='.rawurlencode($fValue)."&";
	}
	return substr($postUrl, 0, -1);
} 


function read_header($ch, $string)
{
    global $location; #keep track of location/redirects
    global $cookiearr; #store cookies here
    global $ch;
       # ^overrides the function param $ch
       # this is okay because we need to
       # update the global $ch with
       # new cookies
   
    $length = strlen($string);
    if(!strncmp($string, "Location:", 9))
    { #keep track of last redirect
      $location = trim(substr($string, 9, -1));
    }
    if(!strncmp($string, "Set-Cookie:", 11))
    { #get the cookie
      $cookiestr = trim(substr($string, 11, -1));
      $cookie = explode(';', $cookiestr);
      $cookie = explode('=', $cookie[0]);
      $cookiename = trim(array_shift($cookie));
      $cookiearr[$cookiename] = trim(implode('=', $cookie));
    }
    $cookie = "";
    if(trim($string) == "")
    {  #execute only at end of header
      foreach ($cookiearr as $key=>$value)
      {
        $cookie .= "$key=$value; ";
      }
      curl_setopt($ch, CURLOPT_COOKIE, $cookie);
    }

    return $length;
}

function LogF($message) {
	echo date('Y-m-d H:i:s') ."\t$message\n";
	flush();
}

function fWriteTo($file, $string) {
	$fh=fopen($file, "w");
	fwrite($fh, $string);
	fclose($fh);
}
?>

Revision: 12450
at March 15, 2009 15:12 by uioreanu


Initial Code
<?php

global $Betrag;
$KontoNummer = 'XXXXXX'; # place here your account number
$inputUsername = 'XXXXXX'; # place here your direct banking number
$inputPassword = 'XXXXXX'; # place here your direct banking PIN number

setlocale(LC_TIME, "de_DE");
global $location; #keep track of location/redirects
global $cookiearr; #store cookies here
global $ch;

#$outputCSV = $KontoNummer. '_Umsatzliste.csv';
$outputCSV = '/tmp/Umsatzliste.csv';

require_once 'func/hypo_functions.php';

$step = 0;
logF("fetch start");

define ('RND_LOW', 2);
define ('RND_HIGH', 3);
#define ('RND_LOW', 5);
#define ('RND_HIGH', 10);


$headers[] = 'Connection: Keep-Alive';
$headers[] = 'Host: my.hypovereinsbank.de';
$headers[] = 'Content-type: application/x-www-form-urlencoded';
$headers[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
$headers[] = 'Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
$headers[] = 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7';
$headers[] = 'Keep-Alive: 300';







###################################################################

logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);

$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";

# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);


$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);

$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
	if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
		$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
	}
	if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
		$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
	}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
	var_dump ($Html);
	die (logF('no tr_sid'));
}
logF("retrieved tr_sid=$tr_sid");
logF("retrieved javax=$javax");
###################################################################

$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
#	'directBankingLoginForm:viewInitialized' => 'true',
	'username' => $inputUsername,
	'px2' => $inputPassword,
	'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
	'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
	'directBankingLoginForm:_idcl' => '',
	'directBankingLoginForm:_link_hidden_' => '',
	'directBankingLoginForm_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_wrong($postFields);

# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################







###################################################################

logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);

$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";

# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);


$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);

$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
	if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
		$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
	}
	if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
		$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
	}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
	var_dump ($Html);
	die (logF('no tr_sid'));
}
logF("retrieved tr_sid=$tr_sid");
logF("retrieved javax=$javax");
###################################################################

$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
#	'directBankingLoginForm:viewInitialized' => 'true',
	'username' => $inputUsername,
	'px2' => $inputPassword,
	'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
	'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
	'directBankingLoginForm:_idcl' => '',
	'directBankingLoginForm:_link_hidden_' => '',
	'directBankingLoginForm_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);

# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);

$lines = split ("\n", $Html);
foreach ($lines as $line) {
	if (strpos($line, 'mystartpage_finanzstatus')!== false) {
		$pieces = explode('\'', $line);
		$Var_idcl = $pieces[3];
	}
}
if (!$Var_idcl) {
	print "ERROR: Cannot fetch idcl";
	exit;
}
logF($step ."th idcl: $Var_idcl");
$cookieStr = '';
foreach ($cookiearr as $cookieName => $cookieVal) {
	$cookieStr.=$cookieName.'='.$cookieVal.';';
}
$cookieStr = substr($cookieStr, 0, -1);
###################################################################


###################################################################
# go to account
$Url='https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################

$lines = split ("\n", $Html);
$liveStart = false;
foreach ($lines as $line) {
	if (strpos($line, 'Aktueller Kontosaldo')!== false) {
		$liveStart = true;
	}
	if (strpos($line, '</fieldset>')!== false) {
		$liveStart = false;
	}
	if ($liveStart && trim($line) == trim(strip_tags($line)) && strpos($line, 'EUR')!== false) {
		$Betrag[0] = trim(str_replace('EUR', '', $line));
	}
	
	if (strpos($line, 'Kontostand am')!== false) {
		$linePart = strip_Tags(substr($line, strpos($line, 'Kontostand am')));
		$lineParts = explode(date('Y'), $linePart);
		$Betrag[1] = trim(str_replace('EUR', '', $lineParts[1]));
	}
}
logF("Kontostand live ... " . $Betrag[0] ." EUR");
logF("Kontostand old ...  " . $Betrag[1] ." EUR");
if (!$Betrag) {
	die (print 'no Betrag in step: '. $step);
}
#var_dump($Betrag);

###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
	'accountManagement:dayFrom' => '1',
	'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
	'accountManagement:dayTo' => date('d'),
	'accountManagement:monthTo' => strftime("%B %Y"),
	'accountManagement:numberOfTurnovers' => '9999',
	'accountManagement:refresh' => 'Anzeigen',
#	'accountManagement:buttonNavigation:j_id_id142' => 'Download Kontoumsätze ',
	'accountManagement:_link_hidden_' => '',
	'accountManagement:_idcl' => '',
	'accountManagement_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);

$postUrl = http_build_query_urlencode($postFields);

# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################


###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
	'accountManagement:dayFrom' => '1',
	'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
	'accountManagement:dayTo' => date('d'),
	'accountManagement:monthTo' => strftime("%B %Y"),
	'accountManagement:numberOfTurnovers' => '9999',
#	'accountManagement:refresh' => 'Anzeigen',
	'accountManagement:buttonNavigation:j_id_id142' => 'Download Kontoums'. substr(strftime("%B", strtotime('2001-03-01 00:00:00')), 1, 1) .'tze ',
	'accountManagement:_link_hidden_' => '',
	'accountManagement:_idcl' => '',
	'accountManagement_SUBMIT' => '1',
	'javax.faces.ViewState' => ($javax),
);

$postUrl = http_build_query_urlencode($postFields);

# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);

$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################

unlink($outputCSV);
copy("$step.html", $outputCSV);

###################################################################

###################################################################
# party over, logout
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/logout.jsp';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE,  $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true ); 
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);


$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch); 
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################


###################################################################
function http_build_query_urlencode($postFields)
{
	$postUrl = "";
	foreach ($postFields as $fName => $fValue) {
		$postUrl.=urlencode($fName).'='.urlencode($fValue)."&";
#		$postUrl.=($fName).'='.rawurlencode($fValue)."&";
	}
	return substr($postUrl, 0, -1);
} 

function http_build_query_wrong($postFields)
{
	$postUrl = "";
	foreach ($postFields as $fName => $fValue) {
		$postUrl.=urlencode($fName).'='.utf8_encode($fValue)."&";
#		$postUrl.=($fName).'='.rawurlencode($fValue)."&";
	}
	return substr($postUrl, 0, -1);
} 


function read_header($ch, $string)
{
    global $location; #keep track of location/redirects
    global $cookiearr; #store cookies here
    global $ch;
       # ^overrides the function param $ch
       # this is okay because we need to
       # update the global $ch with
       # new cookies
   
    $length = strlen($string);
    if(!strncmp($string, "Location:", 9))
    { #keep track of last redirect
      $location = trim(substr($string, 9, -1));
    }
    if(!strncmp($string, "Set-Cookie:", 11))
    { #get the cookie
      $cookiestr = trim(substr($string, 11, -1));
      $cookie = explode(';', $cookiestr);
      $cookie = explode('=', $cookie[0]);
      $cookiename = trim(array_shift($cookie));
      $cookiearr[$cookiename] = trim(implode('=', $cookie));
    }
    $cookie = "";
    if(trim($string) == "")
    {  #execute only at end of header
      foreach ($cookiearr as $key=>$value)
      {
        $cookie .= "$key=$value; ";
      }
      curl_setopt($ch, CURLOPT_COOKIE, $cookie);
    }

    return $length;
}

?>

Initial URL
http://www.hypovereinsbank.de

Initial Description
updated 2013-04-18!

just replace the XXX fields with your own numbers. Then run this PHP Script from the command line (CLI mode). It will fetch the online statements from Hypovereinsbank direct banking. 

The code works by tweaking CURL settings around the HTTPS connection.

Initial Title
Hypo CSV crawler - online banking statements downloader from Hypovereinsbank  Munich, Germany using PHP & CURL CLI

Initial Tags
curl, download, csv, Online

Initial Language
PHP