originally posted in:BungieNetPlatform
So after a long and tedious process, I've gotten down the basics with public APIs but wanted to start looking at the private ones.
Using a modified version of someone's PHP function I'm able to successfully authenticate. I also collect and save the cookies from the bungie sign in request which gives me
[spoiler]
[__cfduid]
[bungled]
[bungledid]
[bunglecounts]
[sto-id-sg_www_bungie_net]
[/spoiler]
Then I collect the cookies from the PSN auth
[spoiler]
[npsso]
[bunglefrogblastventcore]
[bunglecounts]
[bunglesony]
[bungleatk]
[tk]
[bungleme]
[bungleloc]
[lcin]
[/spoiler]
At this point, my authentication was successful, all of the sessions are closed. The cookies still saved.
I now use curl or file_get_contents to make a private request, but i'm required to sign in. I know it has to do with the cookies i have, i just don't know what to pass and to where.
I can set the headers using
[spoiler]<?php
$opts = array(
'http'=>array(
'method'=>"GET",
'header'=>"Accept-language: en\r\n" .
"Cookie: foo=bar\r\n"
)
);
$context = stream_context_create($opts);[/spoiler]
Again, just not sure which cookies to use and what else i'd need to send or append to the url
-
If you use curl for making one request you should use it for all of them to keep track of all the cookies. You should set the CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR values to the/a file to store them and use the same file whenever you make a request. Think of a cookie file as an incognito browsing session if that helps. I'd also recommend [i]not[/i] using streams in this scenario because you'll inevitably need to deal with managing all the cookies, encoding them, and putting the cookie string in the header for each request - cURL does that for you. Don't forget to add the x-csrf header to your requests with the value of the bungled cookie as the value for the that header.