Revision: 12455
Updated Code
at April 19, 2013 00:29 by uioreanu
Updated Code
<?php
/**
* fetch CSV data from hypovereinsbank Direct B@nking
*
* @author CU
* @version 1.0
* @requires curl in CLI mode
*/
getHypoData();
/**
* retrieves CSV data from hypovereinsbank Direct B@nking website.
* @return boolean successful or not
* @access public
* @static makes the class property accessible without needing an instantiation of the class
*/
function getHypoData()
{
# CONFIG
$sleepMin = 5;
$sleepMax = 10;
# $proxyCfg = ' -x XXX.XXX.XXX.XXX:XXXX';
$direktbankingNr = 'xxxxxxxxxxx';
$pwdOnline = 'xxxxxxxxx';
# CONFIG
# to use strftime's magic
setlocale(LC_TIME, "de_DE");
$curlParameters = $proxyCfg. ' --silent --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" -b cookies_hypo.txt -c cookies_hypo.txt --location';
# to debug CURL simply uncomment next line
# $curlParameters = ' --include --trace-ascii debugdump0.txt '.$proxyCfg.' --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" -b cookies_hypo.txt -c cookies_hypo.txt --location';
if (file_exists('cookies_hypo.txt')) {
unlink('cookies_hypo.txt') || die (print 'Cannot remove cookies_hypo.txt');
}
echo date('Y-m-d H:i:s') .' initial URL fetch' ."\n";
$output = array();
$run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp '. $curlParameters, $output);
if (!$run) {
print "could not execute CURL line ". __LINE__;
return false;
}
if (count($output)<=10 || count($output)>=1000) {
print_r($output);
print "FATAL: buggy input. ";
return false;
}
$ViewState = '';
# find the "ViewState"
foreach ($output as $line) {
if ($ViewState=='' && strpos($line, 'hidden')!==false && strpos($line, 'ViewState')!==false) {
echo date('Y-m-d H:i:s') .' identified ViewState Line' ."\n";
$challenge_line = split('"', $line);
if ($ViewState = $challenge_line[7]) {
echo date('Y-m-d H:i:s') .' identified ViewState: '. $ViewState ."\n";
}
}
}
if (strlen($ViewState)<=10 || strlen($ViewState)>=200) {
echo date('Y-m-d H:i:s') .' FATAL: weird ViewState: '. $ViewState ."\n";
return false;
}
sleep(rand($sleepMin,$sleepMax));
echo date('Y-m-d H:i:s') .' attempt login' ."\n";
$output = array();
$run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp --data "username='. $direktbankingNr .'&px2='. $pwdOnline .'&secP=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF&fp=&directBankingLoginForm%3AloginPanel%3AloginCommand=Anmelden&directBankingLoginForm%3A_idcl=&directBankingLoginForm%3A_link_hidden_=&directBankingLoginForm_SUBMIT=1&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
if (!$run) {
print "could not execute CURL line ". __LINE__;
return false;
}
if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
print_r($output);
return false;
}
sleep(rand($sleepMin,$sleepMax));
echo date('Y-m-d H:i:s') .' attempt KONTO homepage' ."\n";
$output = array();
$run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp '. $curlParameters, $output);
if (!$run) {
print "could not execute CURL line ". __LINE__;
return false;
}
if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
print_r($output);
return false;
}
$ViewState = '';
# find the changed "ViewState"
foreach ($output as $line) {
if ($ViewState=='' && strpos($line, 'hidden')!==false && strpos($line, 'ViewState')!==false) {
echo date('Y-m-d H:i:s') .' identified ViewState Line' ."\n";
$challenge_line = split('"', $line);
if ($ViewState = $challenge_line[13]) {
echo date('Y-m-d H:i:s') .' identified ViewState: '. $ViewState ."\n";
}
}
}
if (strlen($ViewState)<=10 || strlen($ViewState)>=200) {
echo date('Y-m-d H:i:s') .' FATAL: weird ViewState: '. $ViewState ."\n";
return false;
}
echo date('Y-m-d H:i:s') .' setting the time-frame' ."\n";
$output = array();
$fromMonth = strftime("%B+%Y", time() - 31*24*3600);
$toMonth = strftime("%B+%Y", time() - 4*24*3600);
$toDay = strftime("%d", time() - 4*24*3600);
echo date('Y-m-d H:i:s') ." TIMEFRAME: 01+$fromMonth - $toDay+$toMonth" ."\n";
$run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp --data "accountManagement%3AdayFrom=1&accountManagement%3AmonthFrom='. $fromMonth .'&accountManagement%3AdayTo='. $toDay .'&accountManagement%3AmonthTo='. $toMonth .'&accountManagement%3AnumberOfTurnovers=9999&accountManagement%3Arefresh=Anzeigen&accountManagement%3Apurpose=&accountManagement%3AamountMin=&accountManagement%3AamountMax=&accountManagement%3A_link_hidden_=&accountManagement%3A_idcl=&accountManagement_SUBMIT=1&&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
if (!$run) {
print "could not execute CURL line ". __LINE__;
return false;
}
if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
print_r($output);
return false;
}
sleep(rand($sleepMin,$sleepMax));
# fetch live & old Kontostand
$liveStart = false;
foreach ($output as $line) {
if (strpos($line, 'Aktueller Kontosaldo')!== false) {
$liveStart = true;
}
if (strpos($line, '</fieldset>')!== false) {
$liveStart = false;
}
if ($liveStart && trim($line) == trim(strip_tags($line)) && strpos($line, 'EUR')!== false) {
$Betrag[0] = trim(str_replace('EUR', '', $line));
}
if ($liveStart && strpos($line, 'negbal')!==false && strpos($line, 'EUR')!== false) {
$Betrag[0] = trim(str_replace('EUR', '', strip_tags($line)));
}
if (strpos($line, 'Kontostand am')!== false) {
$linePart = strip_Tags(substr($line, strpos($line, 'Kontostand am')));
$lineParts = explode(date('Y'), $linePart);
$lineParts2 = explode(' ', trim(str_replace('EUR', '', $lineParts[1])));
if ($lineParts2[1]) {
$Betrag[1] = $lineParts2[1];
} else {
$Betrag[1] = trim(str_replace('EUR', '', $lineParts[1]));
}
}
}
echo date('Y-m-d H:i:s ') . ("Kontostand live ... " . $Betrag[0] ." EUR"). "\n";
echo date('Y-m-d H:i:s ') . ("Kontostand old .... " . $Betrag[1] ." EUR"). "\n";
if (!$Betrag) {
print 'no Betrag in line: '. __LINE__;
return false;
}
sleep(rand($sleepMin,$sleepMax));
echo date('Y-m-d H:i:s') .' attempt CSV Download' ."\n";
$output = array();
$run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp --data "accountManagement%3AdayFrom=1&accountManagement%3AmonthFrom='. $fromMonth .'&accountManagement%3AdayTo='. $toDay .'&accountManagement%3AmonthTo='. $toMonth .'&accountManagement%3AnumberOfTurnovers=9999&accountManagement%3Apurpose=&accountManagement%3AamountMin=&accountManagement%3AamountMax=&accountManagement%3AbuttonNavigation%3Aj_id_id182=Download+Kontoums%E4tze+&accountManagement%3A_link_hidden_=&accountManagement%3A_idcl=&accountManagement_SUBMIT=1&&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
if (!$run) {
print "could not execute CURL line ". __LINE__;
return false;
}
if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
print_r($output);
return false;
}
if ($output) {
$fileName = 'hypo_'.date('Y-m-d.H-i-s'). '.csv';
$result = file_put_contents($fileName, implode("\n", $output)."\n") || die (print "could not dump CSV content to file");
echo date('Y-m-d H:i:s') .' '. count($output). ' lines written to file: '. $fileName .''. "\n";
}
sleep(rand($sleepMin,$sleepMax));
echo date('Y-m-d H:i:s') .' attempt Logout' ."\n";
$output = array();
$run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/logout.jsp '. $curlParameters, $output);
if (!$run) {
print "could not execute CURL line ". __LINE__;
return false;
}
if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
print_r($output);
return false;
}
if ((strpos(implode(' ', $output), 'korrekt'))) {
return true;
}
sleep(rand($sleepMin,$sleepMax));
return false;
} // end func
# EOF
?>
Revision: 12454
Updated Code
at February 23, 2013 02:31 by uioreanu
Updated Code
<?php
/**
* fetch CSV data from hypovereinsbank Direct B@nking
*
* @author CU
* @version 1.0
* @requires curl in CLI mode
*/
getHypoData();
/**
* retrieves CSV data from hypovereinsbank Direct B@nking website.
* @return boolean successful or not
* @access public
* @static makes the class property accessible without needing an instantiation of the class
*/
function getHypoData()
{
# CONFIG
$sleepMin = 5;
$sleepMax = 10;
# $proxyCfg = ' -x 62.240.129.2:8443';
$direktbankingNr = 'XXXXXXXXXX';
$pwdOnline = 'XXXXXXXX';
# CONFIG
# to use strftime's magic
setlocale(LC_TIME, "de_DE");
$curlParameters = $proxyCfg. ' --silent --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" -b cookies_hypo.txt -c cookies_hypo.txt --location';
# to debug CURL simply uncomment next line
# $curlParameters = ' --include --trace-ascii debugdump0.txt -x 62.240.129.2:8443 --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" -b cookies_hypo.txt -c cookies_hypo.txt --location';
if (file_exists('cookies_hypo.txt')) {
unlink('cookies_hypo.txt') || die (print 'Cannot remove cookies_hypo.txt');
}
echo date('Y-m-d H:i:s') .' initial URL fetch' ."\n";
$output = array();
$run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp '. $curlParameters, $output);
if (!$run) {
print "could not execute CURL line ". __LINE__;
return false;
}
if (count($output)<=10 || count($output)>=1000) {
print_r($output);
print "FATAL: buggy input. ";
return false;
}
$ViewState = '';
# find the "ViewState"
foreach ($output as $line) {
if ($ViewState=='' && strpos($line, 'hidden')!==false && strpos($line, 'ViewState')!==false) {
echo date('Y-m-d H:i:s') .' identified ViewState Line' ."\n";
$challenge_line = split('"', $line);
if ($ViewState = $challenge_line[7]) {
echo date('Y-m-d H:i:s') .' identified ViewState: '. $ViewState ."\n";
}
}
}
if (strlen($ViewState)<=10 || strlen($ViewState)>=200) {
echo date('Y-m-d H:i:s') .' FATAL: weird ViewState: '. $ViewState ."\n";
return false;
}
sleep(rand($sleepMin,$sleepMax));
echo date('Y-m-d H:i:s') .' attempt login' ."\n";
$output = array();
$run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp --data "username='. $direktbankingNr .'&px2='. $pwdOnline .'&secP=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF&fp=&directBankingLoginForm%3AloginPanel%3AloginCommand=Anmelden&directBankingLoginForm%3A_idcl=&directBankingLoginForm%3A_link_hidden_=&directBankingLoginForm_SUBMIT=1&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
if (!$run) {
print "could not execute CURL line ". __LINE__;
return false;
}
if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
print_r($output);
return false;
}
sleep(rand($sleepMin,$sleepMax));
echo date('Y-m-d H:i:s') .' attempt KONTO homepage' ."\n";
$output = array();
$run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp '. $curlParameters, $output);
if (!$run) {
print "could not execute CURL line ". __LINE__;
return false;
}
if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
print_r($output);
return false;
}
$ViewState = '';
# find the changed "ViewState"
foreach ($output as $line) {
if ($ViewState=='' && strpos($line, 'hidden')!==false && strpos($line, 'ViewState')!==false) {
echo date('Y-m-d H:i:s') .' identified ViewState Line' ."\n";
$challenge_line = split('"', $line);
if ($ViewState = $challenge_line[13]) {
echo date('Y-m-d H:i:s') .' identified ViewState: '. $ViewState ."\n";
}
}
}
if (strlen($ViewState)<=10 || strlen($ViewState)>=200) {
echo date('Y-m-d H:i:s') .' FATAL: weird ViewState: '. $ViewState ."\n";
return false;
}
# fetch live & old Kontostand
$liveStart = false;
foreach ($output as $line) {
if (strpos($line, 'Aktueller Kontosaldo')!== false) {
$liveStart = true;
}
if (strpos($line, '</fieldset>')!== false) {
$liveStart = false;
}
if ($liveStart && trim($line) == trim(strip_tags($line)) && strpos($line, 'EUR')!== false) {
$Betrag[0] = trim(str_replace('EUR', '', $line));
}
if ($liveStart && strpos($line, 'negbal')!==false && strpos($line, 'EUR')!== false) {
$Betrag[0] = trim(str_replace('EUR', '', strip_tags($line)));
}
if (strpos($line, 'Kontostand am')!== false) {
$linePart = strip_Tags(substr($line, strpos($line, 'Kontostand am')));
$lineParts = explode(date('Y'), $linePart);
$lineParts2 = explode(' ', trim(str_replace('EUR', '', $lineParts[1])));
if ($lineParts2[1]) {
$Betrag[1] = $lineParts2[1];
} else {
$Betrag[1] = trim(str_replace('EUR', '', $lineParts[1]));
}
}
}
echo date('Y-m-d H:i:s ') . ("Kontostand live ... " . $Betrag[0] ." EUR"). "\n";
echo date('Y-m-d H:i:s ') . ("Kontostand old .... " . $Betrag[1] ." EUR"). "\n";
if (!$Betrag) {
print 'no Betrag in line: '. __LINE__;
return false;
}
sleep(rand($sleepMin,$sleepMax));
echo date('Y-m-d H:i:s') .' setting the time-frame' ."\n";
$output = array();
$fromMonth = strftime("%B+%Y", time() - 31*24*3600);
$toMonth = strftime("%B+%Y", time());
$run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp --data "accountManagement%3AdayFrom=1&accountManagement%3AmonthFrom='. $fromMonth .'&accountManagement%3AdayTo='. date('d') .'&accountManagement%3AmonthTo='. $toMonth .'&accountManagement%3AnumberOfTurnovers=9999&accountManagement%3Arefresh=Anzeigen&accountManagement%3Apurpose=&accountManagement%3AamountMin=&accountManagement%3AamountMax=&accountManagement%3A_link_hidden_=&accountManagement%3A_idcl=&accountManagement_SUBMIT=1&&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
if (!$run) {
print "could not execute CURL line ". __LINE__;
return false;
}
if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
print_r($output);
return false;
}
sleep(rand($sleepMin,$sleepMax));
echo date('Y-m-d H:i:s') .' attempt CSV Download' ."\n";
$output = array();
$fromMonth = strftime("%B+%Y", time() - 31*24*3600);
$toMonth = strftime("%B+%Y", time());
$run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp --data "accountManagement%3AdayFrom=1&accountManagement%3AmonthFrom='. $fromMonth .'&accountManagement%3AdayTo='. date('d') .'&accountManagement%3AmonthTo='. $toMonth .'&accountManagement%3AnumberOfTurnovers=9999&accountManagement%3Apurpose=&accountManagement%3AamountMin=&accountManagement%3AamountMax=&accountManagement%3AbuttonNavigation%3Aj_id_id182=Download+Kontoums%E4tze+&accountManagement%3A_link_hidden_=&accountManagement%3A_idcl=&accountManagement_SUBMIT=1&&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
if (!$run) {
print "could not execute CURL line ". __LINE__;
return false;
}
if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
print_r($output);
return false;
}
if ($output) {
$fileName = 'hypo_'.date('Y-m-d.H-i-s'). '.csv';
$result = file_put_contents($fileName, implode("\n", $output)."\n") || die (print "could not dump CSV content to file");
echo date('Y-m-d H:i:s') .' '. count($output). ' lines written to file: '. $fileName .''. "\n";
}
sleep(rand($sleepMin,$sleepMax));
echo date('Y-m-d H:i:s') .' attempt Logout' ."\n";
$output = array();
$run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/logout.jsp '. $curlParameters, $output);
if (!$run) {
print "could not execute CURL line ". __LINE__;
return false;
}
if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
print_r($output);
return false;
}
if ((strpos(implode(' ', $output), 'korrekt'))) {
return true;
}
sleep(rand($sleepMin,$sleepMax));
return false;
} // end func
# EOF
?>
Revision: 12453
Updated Code
at February 12, 2010 10:25 by uioreanu
Updated Code
<?php
setlocale(LC_TIME, "de_DE");
global $location; #keep track of location/redirects
global $cookiearr; #store cookies here
global $ch;
global $Betrag;
$inputUsername = 'XXXXXXXXXX'; # place here the Direct banking number
$inputPassword = 'XXXXXX'; # place here your pass
$outputCSV = '/tmp/Umsatzliste.csv';
require_once 'func/hypo_functions.php';
$step = 0;
logF("fetch start");
define ('RND_LOW', 2);
define ('RND_HIGH', 4);
#define ('RND_LOW', 5);
#define ('RND_HIGH', 10);
$headers[] = 'Connection: Keep-Alive';
$headers[] = 'Host: my.hypovereinsbank.de';
$headers[] = 'Content-type: application/x-www-form-urlencoded';
$headers[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
$headers[] = 'Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
$headers[] = 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7';
$headers[] = 'Keep-Alive: 300';
###################################################################
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";
# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
}
if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
# $javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
die (logF('no tr_sid'));
}
if (!$javax) {
die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");
###################################################################
$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
# 'directBankingLoginForm:viewInitialized' => 'true',
'username' => $inputUsername,
'px2' => $inputPassword,
'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
'directBankingLoginForm:_idcl' => '',
'directBankingLoginForm:_link_hidden_' => '',
'directBankingLoginForm_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_wrong($postFields);
# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################
###################################################################
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";
# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
}
if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
# $javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
die (logF('no tr_sid'));
}
if (!$javax) {
die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");
###################################################################
$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
# 'directBankingLoginForm:viewInitialized' => 'true',
'username' => $inputUsername,
'px2' => $inputPassword,
'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
'directBankingLoginForm:_idcl' => '',
'directBankingLoginForm:_link_hidden_' => '',
'directBankingLoginForm_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);
# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
$lines = split ("\n", $Html);
foreach ($lines as $line) {
if (strpos($line, 'mystartpage_finanzstatus')!== false) {
$pieces = explode('\'', $line);
$Var_idcl = $pieces[3];
}
}
if (!$Var_idcl) {
print "ERROR: Cannot fetch idcl";
# exit;
}
logF($step ."th idcl: $Var_idcl");
$cookieStr = '';
print_r($cookiearr);
foreach ($cookiearr as $cookieName => $cookieVal) {
$cookieStr.=$cookieName.'='.$cookieVal.'; ';
}
$cookieStr = substr($cookieStr, 0, -2);
###################################################################
###################################################################
# go to account
$Url='https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################
$lines = split ("\n", $Html);
$liveStart = false;
foreach ($lines as $line) {
if (strpos($line, 'Aktueller Kontosaldo')!== false) {
$liveStart = true;
}
if (strpos($line, '</fieldset>')!== false) {
$liveStart = false;
}
if ($liveStart && trim($line) == trim(strip_tags($line)) && strpos($line, 'EUR')!== false) {
$Betrag[0] = trim(str_replace('EUR', '', $line));
}
if ($liveStart && strpos($line, 'negbal')!==false && strpos($line, 'EUR')!== false) {
$Betrag[0] = trim(str_replace('EUR', '', strip_tags($line)));
}
if (strpos($line, 'Kontostand am')!== false) {
$linePart = strip_Tags(substr($line, strpos($line, 'Kontostand am')));
$lineParts = explode(date('Y'), $linePart);
$lineParts2 = explode(' ', trim(str_replace('EUR', '', $lineParts[1])));
if ($lineParts2[1]) {
$Betrag[1] = $lineParts2[1];
} else {
$Betrag[1] = trim(str_replace('EUR', '', $lineParts[1]));
}
}
}
logF("Kontostand live ... " . $Betrag[0] ." EUR");
logF("Kontostand old ... " . $Betrag[1] ." EUR");
if (!$Betrag) {
die (print 'no Betrag in step: '. $step);
}
$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
}
if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
# $javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
die (logF('no tr_sid'));
}
if (!$javax) {
die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");
#var_dump($Betrag);
###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
'accountManagement:dayFrom' => '1',
'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
'accountManagement:dayTo' => date('d'),
'accountManagement:monthTo' => strftime("%B %Y"),
'accountManagement:numberOfTurnovers' => '9999',
'accountManagement:refresh' => 'Anzeigen',
# 'accountManagement:buttonNavigation:j_id_id142' => 'Download Kontoums�¤tze ',
'accountManagement:_link_hidden_' => '',
'accountManagement:_idcl' => '',
'accountManagement_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);
# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
}
if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
# $javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
die (logF('no tr_sid'));
}
if (!$javax) {
die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################
###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
'accountManagement:dayFrom' => max(date('d')-7, 1),
'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
## 'accountManagement:monthFrom' => strftime("%B %Y"),
'accountManagement:dayTo' => date('d'),
'accountManagement:monthTo' => strftime("%B %Y"),
'accountManagement:numberOfTurnovers' => '9999',
## 'accountManagement:numberOfTurnovers' => '20',
# 'accountManagement:refresh' => 'Anzeigen',
'accountManagement:buttonNavigation:j_id_id147' => 'Download Kontoums'. substr(strftime("%B", strtotime('2001-03-01 00:00:00')), 1, 1) .'tze ',
'accountManagement:_link_hidden_' => '',
'accountManagement:_idcl' => '',
'accountManagement_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
print_R($postFields);
$postUrl = http_build_query_urlencode($postFields);
print_R($postUrl);
# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
#curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
#curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
#curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_REFERER, $Url);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
#curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################
unlink($outputCSV);
copy("$step.html", $outputCSV);
###################################################################
###################################################################
# party over, logout
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/logout.jsp';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################
###################################################################
function http_build_query_urlencode($postFields)
{
$postUrl = "";
foreach ($postFields as $fName => $fValue) {
$postUrl.=urlencode($fName).'='.urlencode($fValue)."&";
# $postUrl.=($fName).'='.rawurlencode($fValue)."&";
}
return substr($postUrl, 0, -1);
}
function http_build_query_wrong($postFields)
{
$postUrl = "";
foreach ($postFields as $fName => $fValue) {
$postUrl.=urlencode($fName).'='.utf8_encode($fValue)."&";
# $postUrl.=($fName).'='.rawurlencode($fValue)."&";
}
return substr($postUrl, 0, -1)."\n";
}
function read_header($ch, $string)
{
global $location; #keep track of location/redirects
global $cookiearr; #store cookies here
global $ch;
# ^overrides the function param $ch
# this is okay because we need to
# update the global $ch with
# new cookies
$length = strlen($string);
if(!strncmp($string, "Location:", 9))
{ #keep track of last redirect
$location = trim(substr($string, 9, -1));
}
if(!strncmp($string, "Set-Cookie:", 11))
{ #get the cookie
$cookiestr = trim(substr($string, 11, -1));
$cookie = explode(';', $cookiestr);
$cookie = explode('=', $cookie[0]);
$cookiename = trim(array_shift($cookie));
$cookiearr[$cookiename] = trim(implode('=', $cookie));
}
$cookie = "";
if(trim($string) == "")
{ #execute only at end of header
foreach ($cookiearr as $key=>$value)
{
$cookie .= "$key=$value; ";
}
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
}
return $length;
}
?>
Revision: 12452
Updated Code
at February 12, 2010 09:46 by uioreanu
Updated Code
<?php
setlocale(LC_TIME, "de_DE");
global $location; #keep track of location/redirects
global $cookiearr; #store cookies here
global $ch;
global $Betrag;
$inputUsername = 'XXXXXXXXXX'; # place here the Direct banking number
$inputPassword = 'XXXXXX'; # place here your pass
$outputCSV = '/tmp/Umsatzliste.csv';
require_once 'func/hypo_functions.php';
$step = 0;
logF("fetch start");
define ('RND_LOW', 2);
define ('RND_HIGH', 4);
#define ('RND_LOW', 5);
#define ('RND_HIGH', 10);
$headers[] = 'Connection: Keep-Alive';
$headers[] = 'Host: my.hypovereinsbank.de';
$headers[] = 'Content-type: application/x-www-form-urlencoded';
$headers[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
$headers[] = 'Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
$headers[] = 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7';
$headers[] = 'Keep-Alive: 300';
###################################################################
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";
# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
}
if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
# $javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
die (logF('no tr_sid'));
}
if (!$javax) {
die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");
###################################################################
$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
# 'directBankingLoginForm:viewInitialized' => 'true',
'username' => $inputUsername,
'px2' => $inputPassword,
'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
'directBankingLoginForm:_idcl' => '',
'directBankingLoginForm:_link_hidden_' => '',
'directBankingLoginForm_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_wrong($postFields);
# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################
###################################################################
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";
# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
}
if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
# $javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
die (logF('no tr_sid'));
}
if (!$javax) {
die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");
###################################################################
$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
# 'directBankingLoginForm:viewInitialized' => 'true',
'username' => $inputUsername,
'px2' => $inputPassword,
'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
'directBankingLoginForm:_idcl' => '',
'directBankingLoginForm:_link_hidden_' => '',
'directBankingLoginForm_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);
# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
$lines = split ("\n", $Html);
foreach ($lines as $line) {
if (strpos($line, 'mystartpage_finanzstatus')!== false) {
$pieces = explode('\'', $line);
$Var_idcl = $pieces[3];
}
}
if (!$Var_idcl) {
print "ERROR: Cannot fetch idcl";
# exit;
}
logF($step ."th idcl: $Var_idcl");
$cookieStr = '';
print_r($cookiearr);
foreach ($cookiearr as $cookieName => $cookieVal) {
$cookieStr.=$cookieName.'='.$cookieVal.'; ';
}
$cookieStr = substr($cookieStr, 0, -2);
###################################################################
###################################################################
# go to account
$Url='https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################
$lines = split ("\n", $Html);
$liveStart = false;
foreach ($lines as $line) {
if (strpos($line, 'Aktueller Kontosaldo')!== false) {
$liveStart = true;
}
if (strpos($line, '</fieldset>')!== false) {
$liveStart = false;
}
if ($liveStart && trim($line) == trim(strip_tags($line)) && strpos($line, 'EUR')!== false) {
$Betrag[0] = trim(str_replace('EUR', '', $line));
}
if ($liveStart && strpos($line, 'negbal')!==false && strpos($line, 'EUR')!== false) {
$Betrag[0] = trim(str_replace('EUR', '', strip_tags($line)));
}
if (strpos($line, 'Kontostand am')!== false) {
$linePart = strip_Tags(substr($line, strpos($line, 'Kontostand am')));
$lineParts = explode(date('Y'), $linePart);
$lineParts2 = explode(' ', trim(str_replace('EUR', '', $lineParts[1])));
if ($lineParts2[1]) {
$Betrag[1] = $lineParts2[1];
} else {
$Betrag[1] = trim(str_replace('EUR', '', $lineParts[1]));
}
}
}
logF("Kontostand live ... " . $Betrag[0] ." EUR");
logF("Kontostand old ... " . $Betrag[1] ." EUR");
if (!$Betrag) {
die (print 'no Betrag in step: '. $step);
}
$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
}
if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
# $javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
die (logF('no tr_sid'));
}
if (!$javax) {
die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");
#var_dump($Betrag);
###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
'accountManagement:dayFrom' => '1',
'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
'accountManagement:dayTo' => date('d'),
'accountManagement:monthTo' => strftime("%B %Y"),
'accountManagement:numberOfTurnovers' => '9999',
'accountManagement:refresh' => 'Anzeigen',
# 'accountManagement:buttonNavigation:j_id_id142' => 'Download Kontoumsätze ',
'accountManagement:_link_hidden_' => '',
'accountManagement:_idcl' => '',
'accountManagement_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);
# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
}
if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
$lineHtml = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34);
$javax = substr($lineHtml, 0, strpos($lineHtml, '"'));
# $javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
die (logF('no tr_sid'));
}
if (!$javax) {
die (logF('no javax'));
}
logF("retrieved tr_sid(". strlen($tr_sid) .")=$tr_sid");
logF("retrieved javax(". strlen($javax) .")=$javax");
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################
###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
'accountManagement:dayFrom' => max(date('d')-7, 1),
'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
## 'accountManagement:monthFrom' => strftime("%B %Y"),
'accountManagement:dayTo' => date('d'),
'accountManagement:monthTo' => strftime("%B %Y"),
'accountManagement:numberOfTurnovers' => '9999',
## 'accountManagement:numberOfTurnovers' => '20',
# 'accountManagement:refresh' => 'Anzeigen',
'accountManagement:buttonNavigation:j_id_id147' => 'Download Kontoums'. substr(strftime("%B", strtotime('2001-03-01 00:00:00')), 1, 1) .'tze ',
'accountManagement:_link_hidden_' => '',
'accountManagement:_idcl' => '',
'accountManagement_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
print_R($postFields);
$postUrl = http_build_query_urlencode($postFields);
print_R($postUrl);
# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
#curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
#curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
#curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_REFERER, $Url);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
#curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################
unlink($outputCSV);
copy("$step.html", $outputCSV);
###################################################################
###################################################################
# party over, logout
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/logout.jsp';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################
###################################################################
function http_build_query_urlencode($postFields)
{
$postUrl = "";
foreach ($postFields as $fName => $fValue) {
$postUrl.=urlencode($fName).'='.urlencode($fValue)."&";
# $postUrl.=($fName).'='.rawurlencode($fValue)."&";
}
return substr($postUrl, 0, -1);
}
function http_build_query_wrong($postFields)
{
$postUrl = "";
foreach ($postFields as $fName => $fValue) {
$postUrl.=urlencode($fName).'='.utf8_encode($fValue)."&";
# $postUrl.=($fName).'='.rawurlencode($fValue)."&";
}
return substr($postUrl, 0, -1)."\n";
}
function read_header($ch, $string)
{
global $location; #keep track of location/redirects
global $cookiearr; #store cookies here
global $ch;
# ^overrides the function param $ch
# this is okay because we need to
# update the global $ch with
# new cookies
$length = strlen($string);
if(!strncmp($string, "Location:", 9))
{ #keep track of last redirect
$location = trim(substr($string, 9, -1));
}
if(!strncmp($string, "Set-Cookie:", 11))
{ #get the cookie
$cookiestr = trim(substr($string, 11, -1));
$cookie = explode(';', $cookiestr);
$cookie = explode('=', $cookie[0]);
$cookiename = trim(array_shift($cookie));
$cookiearr[$cookiename] = trim(implode('=', $cookie));
}
$cookie = "";
if(trim($string) == "")
{ #execute only at end of header
foreach ($cookiearr as $key=>$value)
{
$cookie .= "$key=$value; ";
}
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
}
return $length;
}
?>
Revision: 12451
Updated Code
at March 15, 2009 15:13 by uioreanu
Updated Code
<?php
global $Betrag;
$KontoNummer = 'XXXXXX'; # place here your account number
$inputUsername = 'XXXXXX'; # place here your direct banking number
$inputPassword = 'XXXXXX'; # place here your direct banking PIN number
setlocale(LC_TIME, "de_DE");
global $location; #keep track of location/redirects
global $cookiearr; #store cookies here
global $ch;
#$outputCSV = $KontoNummer. '_Umsatzliste.csv';
$outputCSV = '/tmp/Umsatzliste.csv';
$step = 0;
logF("fetch start");
define ('RND_LOW', 2);
define ('RND_HIGH', 3);
#define ('RND_LOW', 5);
#define ('RND_HIGH', 10);
$headers[] = 'Connection: Keep-Alive';
$headers[] = 'Host: my.hypovereinsbank.de';
$headers[] = 'Content-type: application/x-www-form-urlencoded';
$headers[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
$headers[] = 'Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
$headers[] = 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7';
$headers[] = 'Keep-Alive: 300';
###################################################################
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";
# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
}
if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
var_dump ($Html);
die (logF('no tr_sid'));
}
logF("retrieved tr_sid=$tr_sid");
logF("retrieved javax=$javax");
###################################################################
$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
# 'directBankingLoginForm:viewInitialized' => 'true',
'username' => $inputUsername,
'px2' => $inputPassword,
'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
'directBankingLoginForm:_idcl' => '',
'directBankingLoginForm:_link_hidden_' => '',
'directBankingLoginForm_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_wrong($postFields);
# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################
###################################################################
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";
# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
}
if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
var_dump ($Html);
die (logF('no tr_sid'));
}
logF("retrieved tr_sid=$tr_sid");
logF("retrieved javax=$javax");
###################################################################
$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
# 'directBankingLoginForm:viewInitialized' => 'true',
'username' => $inputUsername,
'px2' => $inputPassword,
'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
'directBankingLoginForm:_idcl' => '',
'directBankingLoginForm:_link_hidden_' => '',
'directBankingLoginForm_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);
# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
$lines = split ("\n", $Html);
foreach ($lines as $line) {
if (strpos($line, 'mystartpage_finanzstatus')!== false) {
$pieces = explode('\'', $line);
$Var_idcl = $pieces[3];
}
}
if (!$Var_idcl) {
print "ERROR: Cannot fetch idcl";
exit;
}
logF($step ."th idcl: $Var_idcl");
$cookieStr = '';
foreach ($cookiearr as $cookieName => $cookieVal) {
$cookieStr.=$cookieName.'='.$cookieVal.';';
}
$cookieStr = substr($cookieStr, 0, -1);
###################################################################
###################################################################
# go to account
$Url='https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################
$lines = split ("\n", $Html);
$liveStart = false;
foreach ($lines as $line) {
if (strpos($line, 'Aktueller Kontosaldo')!== false) {
$liveStart = true;
}
if (strpos($line, '</fieldset>')!== false) {
$liveStart = false;
}
if ($liveStart && trim($line) == trim(strip_tags($line)) && strpos($line, 'EUR')!== false) {
$Betrag[0] = trim(str_replace('EUR', '', $line));
}
if (strpos($line, 'Kontostand am')!== false) {
$linePart = strip_Tags(substr($line, strpos($line, 'Kontostand am')));
$lineParts = explode(date('Y'), $linePart);
$Betrag[1] = trim(str_replace('EUR', '', $lineParts[1]));
}
}
logF("Kontostand live ... " . $Betrag[0] ." EUR");
logF("Kontostand old ... " . $Betrag[1] ." EUR");
if (!$Betrag) {
die (print 'no Betrag in step: '. $step);
}
#var_dump($Betrag);
###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
'accountManagement:dayFrom' => '1',
'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
'accountManagement:dayTo' => date('d'),
'accountManagement:monthTo' => strftime("%B %Y"),
'accountManagement:numberOfTurnovers' => '9999',
'accountManagement:refresh' => 'Anzeigen',
# 'accountManagement:buttonNavigation:j_id_id142' => 'Download Kontoumsätze ',
'accountManagement:_link_hidden_' => '',
'accountManagement:_idcl' => '',
'accountManagement_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);
# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################
###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
'accountManagement:dayFrom' => '1',
'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
'accountManagement:dayTo' => date('d'),
'accountManagement:monthTo' => strftime("%B %Y"),
'accountManagement:numberOfTurnovers' => '9999',
# 'accountManagement:refresh' => 'Anzeigen',
'accountManagement:buttonNavigation:j_id_id142' => 'Download Kontoums'. substr(strftime("%B", strtotime('2001-03-01 00:00:00')), 1, 1) .'tze ',
'accountManagement:_link_hidden_' => '',
'accountManagement:_idcl' => '',
'accountManagement_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);
# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################
unlink($outputCSV);
copy("$step.html", $outputCSV);
###################################################################
###################################################################
# party over, logout
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/logout.jsp';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################
###################################################################
function http_build_query_urlencode($postFields)
{
$postUrl = "";
foreach ($postFields as $fName => $fValue) {
$postUrl.=urlencode($fName).'='.urlencode($fValue)."&";
# $postUrl.=($fName).'='.rawurlencode($fValue)."&";
}
return substr($postUrl, 0, -1);
}
function http_build_query_wrong($postFields)
{
$postUrl = "";
foreach ($postFields as $fName => $fValue) {
$postUrl.=urlencode($fName).'='.utf8_encode($fValue)."&";
# $postUrl.=($fName).'='.rawurlencode($fValue)."&";
}
return substr($postUrl, 0, -1);
}
function read_header($ch, $string)
{
global $location; #keep track of location/redirects
global $cookiearr; #store cookies here
global $ch;
# ^overrides the function param $ch
# this is okay because we need to
# update the global $ch with
# new cookies
$length = strlen($string);
if(!strncmp($string, "Location:", 9))
{ #keep track of last redirect
$location = trim(substr($string, 9, -1));
}
if(!strncmp($string, "Set-Cookie:", 11))
{ #get the cookie
$cookiestr = trim(substr($string, 11, -1));
$cookie = explode(';', $cookiestr);
$cookie = explode('=', $cookie[0]);
$cookiename = trim(array_shift($cookie));
$cookiearr[$cookiename] = trim(implode('=', $cookie));
}
$cookie = "";
if(trim($string) == "")
{ #execute only at end of header
foreach ($cookiearr as $key=>$value)
{
$cookie .= "$key=$value; ";
}
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
}
return $length;
}
function LogF($message) {
echo date('Y-m-d H:i:s') ."\t$message\n";
flush();
}
function fWriteTo($file, $string) {
$fh=fopen($file, "w");
fwrite($fh, $string);
fclose($fh);
}
?>
Revision: 12450
Initial Code
Initial URL
Initial Description
Initial Title
Initial Tags
Initial Language
at March 15, 2009 15:12 by uioreanu
Initial Code
<?php
global $Betrag;
$KontoNummer = 'XXXXXX'; # place here your account number
$inputUsername = 'XXXXXX'; # place here your direct banking number
$inputPassword = 'XXXXXX'; # place here your direct banking PIN number
setlocale(LC_TIME, "de_DE");
global $location; #keep track of location/redirects
global $cookiearr; #store cookies here
global $ch;
#$outputCSV = $KontoNummer. '_Umsatzliste.csv';
$outputCSV = '/tmp/Umsatzliste.csv';
require_once 'func/hypo_functions.php';
$step = 0;
logF("fetch start");
define ('RND_LOW', 2);
define ('RND_HIGH', 3);
#define ('RND_LOW', 5);
#define ('RND_HIGH', 10);
$headers[] = 'Connection: Keep-Alive';
$headers[] = 'Host: my.hypovereinsbank.de';
$headers[] = 'Content-type: application/x-www-form-urlencoded';
$headers[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
$headers[] = 'Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
$headers[] = 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7';
$headers[] = 'Keep-Alive: 300';
###################################################################
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";
# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
}
if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
var_dump ($Html);
die (logF('no tr_sid'));
}
logF("retrieved tr_sid=$tr_sid");
logF("retrieved javax=$javax");
###################################################################
$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
# 'directBankingLoginForm:viewInitialized' => 'true',
'username' => $inputUsername,
'px2' => $inputPassword,
'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
'directBankingLoginForm:_idcl' => '',
'directBankingLoginForm:_link_hidden_' => '',
'directBankingLoginForm_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_wrong($postFields);
# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################
###################################################################
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp';
$cookieFilenameLogin="/tmp/hypo_login.cookie";
$cookieFilenameAuth="/tmp/hypo_auth.cookie";
# first HTTP session : retrieve tr_sid, setcookie etc
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
$linesHtml = split ("\n", $Html);
foreach ($linesHtml as $lineHtml) {
if (strpos($lineHtml, '<a href="https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp&tr_sid=')!== false) {
$tr_sid = substr($lineHtml, strpos($lineHtml, 'tr_sid=')+7, strlen('200806270805574786894478605040495919'));
}
if (strpos($lineHtml, 'id="javax.faces.ViewState" value="')!== false) {
$javax = substr($lineHtml, strpos($lineHtml, 'id="javax.faces.ViewState" value="')+34, 120);
}
}
$tr_sid=str_replace('"', '', $tr_sid);
if (!$tr_sid) {
var_dump ($Html);
die (logF('no tr_sid'));
}
logF("retrieved tr_sid=$tr_sid");
logF("retrieved javax=$javax");
###################################################################
$Url .= '&tr_sid='. $tr_sid;
$postFields = array (
# 'directBankingLoginForm:viewInitialized' => 'true',
'username' => $inputUsername,
'px2' => $inputPassword,
'secP' => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',
'directBankingLoginForm:loginPanel:loginCommand' => 'Anmelden',
'directBankingLoginForm:_idcl' => '',
'directBankingLoginForm:_link_hidden_' => '',
'directBankingLoginForm_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);
# second HTTP session : effective login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFilenameAuth);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFilenameLogin);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
$lines = split ("\n", $Html);
foreach ($lines as $line) {
if (strpos($line, 'mystartpage_finanzstatus')!== false) {
$pieces = explode('\'', $line);
$Var_idcl = $pieces[3];
}
}
if (!$Var_idcl) {
print "ERROR: Cannot fetch idcl";
exit;
}
logF($step ."th idcl: $Var_idcl");
$cookieStr = '';
foreach ($cookiearr as $cookieName => $cookieVal) {
$cookieStr.=$cookieName.'='.$cookieVal.';';
}
$cookieStr = substr($cookieStr, 0, -1);
###################################################################
###################################################################
# go to account
$Url='https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################
$lines = split ("\n", $Html);
$liveStart = false;
foreach ($lines as $line) {
if (strpos($line, 'Aktueller Kontosaldo')!== false) {
$liveStart = true;
}
if (strpos($line, '</fieldset>')!== false) {
$liveStart = false;
}
if ($liveStart && trim($line) == trim(strip_tags($line)) && strpos($line, 'EUR')!== false) {
$Betrag[0] = trim(str_replace('EUR', '', $line));
}
if (strpos($line, 'Kontostand am')!== false) {
$linePart = strip_Tags(substr($line, strpos($line, 'Kontostand am')));
$lineParts = explode(date('Y'), $linePart);
$Betrag[1] = trim(str_replace('EUR', '', $lineParts[1]));
}
}
logF("Kontostand live ... " . $Betrag[0] ." EUR");
logF("Kontostand old ... " . $Betrag[1] ." EUR");
if (!$Betrag) {
die (print 'no Betrag in step: '. $step);
}
#var_dump($Betrag);
###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
'accountManagement:dayFrom' => '1',
'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
'accountManagement:dayTo' => date('d'),
'accountManagement:monthTo' => strftime("%B %Y"),
'accountManagement:numberOfTurnovers' => '9999',
'accountManagement:refresh' => 'Anzeigen',
# 'accountManagement:buttonNavigation:j_id_id142' => 'Download Kontoumsätze ',
'accountManagement:_link_hidden_' => '',
'accountManagement:_idcl' => '',
'accountManagement_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);
# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################
###################################################################
$Url = 'https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp';
$postFields = array (
'accountManagement:dayFrom' => '1',
'accountManagement:monthFrom' => strftime("%B %Y", time() - 31*24*3600),
'accountManagement:dayTo' => date('d'),
'accountManagement:monthTo' => strftime("%B %Y"),
'accountManagement:numberOfTurnovers' => '9999',
# 'accountManagement:refresh' => 'Anzeigen',
'accountManagement:buttonNavigation:j_id_id142' => 'Download Kontoums'. substr(strftime("%B", strtotime('2001-03-01 00:00:00')), 1, 1) .'tze ',
'accountManagement:_link_hidden_' => '',
'accountManagement:_idcl' => '',
'accountManagement_SUBMIT' => '1',
'javax.faces.ViewState' => ($javax),
);
$postUrl = http_build_query_urlencode($postFields);
# post-login steps
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
#curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_REFERER, 'https://my.hypovereinsbank.de/portal?view=/banking/startpage.jsp');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
logF($step."th sleeping for ". $secs = rand(RND_LOW, RND_HIGH)); sleep($secs);
###################################################################
unlink($outputCSV);
copy("$step.html", $outputCSV);
###################################################################
###################################################################
# party over, logout
$Url='https://my.hypovereinsbank.de/login?view=/privatkunden/logout.jsp';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$Url);
curl_setopt($ch, CURLOPT_COOKIE, $cookieStr);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt($ch, CURLOPT_HEADER,true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
#curl_setopt($ch, CURLOPT_VERBOSE, 2);
$step++;
logF($step."th $Url");
$Html = curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close ($ch);
unset($ch);
logF($step."th ". strlen($Html));
fWriteTo("$step.html", $Html);
###################################################################
###################################################################
function http_build_query_urlencode($postFields)
{
$postUrl = "";
foreach ($postFields as $fName => $fValue) {
$postUrl.=urlencode($fName).'='.urlencode($fValue)."&";
# $postUrl.=($fName).'='.rawurlencode($fValue)."&";
}
return substr($postUrl, 0, -1);
}
function http_build_query_wrong($postFields)
{
$postUrl = "";
foreach ($postFields as $fName => $fValue) {
$postUrl.=urlencode($fName).'='.utf8_encode($fValue)."&";
# $postUrl.=($fName).'='.rawurlencode($fValue)."&";
}
return substr($postUrl, 0, -1);
}
function read_header($ch, $string)
{
global $location; #keep track of location/redirects
global $cookiearr; #store cookies here
global $ch;
# ^overrides the function param $ch
# this is okay because we need to
# update the global $ch with
# new cookies
$length = strlen($string);
if(!strncmp($string, "Location:", 9))
{ #keep track of last redirect
$location = trim(substr($string, 9, -1));
}
if(!strncmp($string, "Set-Cookie:", 11))
{ #get the cookie
$cookiestr = trim(substr($string, 11, -1));
$cookie = explode(';', $cookiestr);
$cookie = explode('=', $cookie[0]);
$cookiename = trim(array_shift($cookie));
$cookiearr[$cookiename] = trim(implode('=', $cookie));
}
$cookie = "";
if(trim($string) == "")
{ #execute only at end of header
foreach ($cookiearr as $key=>$value)
{
$cookie .= "$key=$value; ";
}
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
}
return $length;
}
?>
Initial URL
http://www.hypovereinsbank.de
Initial Description
updated 2013-04-18! just replace the XXX fields with your own numbers. Then run this PHP Script from the command line (CLI mode). It will fetch the online statements from Hypovereinsbank direct banking. The code works by tweaking CURL settings around the HTTPS connection.
Initial Title
Hypo CSV crawler - online banking statements downloader from Hypovereinsbank Munich, Germany using PHP & CURL CLI
Initial Tags
curl, download, csv, Online
Initial Language
PHP