eBay Doorbuster 2008 script; eBay automated purchase section is still useful

ebaydoorbuster.php

<?php

   /* Original code written by Abe Voelker, copyright 2008 */

   /* Last updated: 12/07/08 3:45am CST - added IP Ban workaround - set $ALTERNATE_INTERFACE to an alternate IP/hostname/adapter (but only if your server has access to it!); also cleaned up some of the code */
   
   /* NOTE - If you can't seem to get logged in to eBay, remove any special characters from your password OR userid such as )(*&^%$#@!./,";?><}{][ */

   /*  This code is released for educational purposes only, as a proof of concept.  Please do not execute it against any eBay 
       server as it probably violates eBay's ToS.  In addition, some of the code I have used are snippets from other sources; I
       make no claim to the originality of each line of code.  However, the bulk of it is of my own design.  In addition, this
       code is provided AS-IS and I relinquish myself from any harmful consequences caused either directly or indirectly from
       the use of this code. */

	//User parameters
	$EBAY_USER_ID = 'xxxxxx'; // eBay user ID
	$EBAY_USER_PASSWORD = 'yyyyyy'; // eBay password
	$APP_ID = 'zzzzzz'; //eBay DEV app ID (from generating production keys)
	$WEB_OUTPUT = 1; //If using console, set this to 0
	$IGNORE_LOGON_CHECK = 0; //Set to 1 to skip logon check.  Please check eBay username/pass for special chars before setting this.  Use at your own risk - if your login fails, bids will never go through!
	$ALTERNATE_INTERFACE = ''; //IP Ban workaround - specify a different IP, hostname, or adapter to use.  Only if it is accessible from the server though.  Ex: '192.168.1.102', 'eth1', etc.
	
	//Search parameters
	$CATEGORY_ID = ''; //optional category ID to use to aid searches
	$SEARCH_WITHIN_DESCRIPTIONS = '0'; //Set to 0 to only search titles
	$KEYWORD_QUERY = '(wii,d70,train,polar,express,lionel,iron,ironman,sauna,frame,barbie,doll,playskool,kota,triceratops,dinosaur,madden,flip,video,flipvideo,camcorder,camera,digcam,digicam,lost,dvd,series,hamster,human,ball,golf*,club*,titleist,907,d2,driver,baby,alive,potty,ping)';  // This is the keyword query - keep me updated!!
	
	//Files for temporary storage
	$COOKIE_FILE_PATH = 'cookies.txt'; // Cookie File path
	$FOUND_AUCTIONS_FILE_PATH = 'foundauctions.html'; // Saves a list of auction #'s that were successfully found and bid attempts placed
	
	//Should probably not need to change these
	$USER_AGENT = 'Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4';
	set_time_limit(0); //Do not timeout the script
	
// 0-Setup stuff:
	if (file_exists($COOKIE_FILE_PATH)) {
		unlink($COOKIE_FILE_PATH); //Delete cookie file so we start from scratch
	}
	
	$fhandle = fopen($COOKIE_FILE_PATH, 'w'); //Creates a fresh cookie file
	fclose($fhandle);

	$newLine = '<br />'; //Decide how to format new lines; default to web style
	if (!$WEB_OUTPUT) {
		$newLine = chr(13);
	}


// 1- Get First Login Page http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn
	// This page will set some cookies and we will use them for Posting in Form data.
	
	$LOGINURL = "http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn";
	$sessionSignInPage = curl_init(); 
	curl_setopt($sessionSignInPage, CURLOPT_URL,$LOGINURL);
	curl_setopt($sessionSignInPage, CURLOPT_USERUSER_AGENT, $USER_AGENT);
	curl_setopt($sessionSignInPage, CURLOPT_RETURNTRANSFER, 1); 
	curl_setopt($sessionSignInPage, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($sessionSignInPage, CURLOPT_COOKIEFILE, $COOKIE_FILE_PATH);
	curl_setopt($sessionSignInPage, CURLOPT_COOKIEJAR, $COOKIE_FILE_PATH);
	$result = curl_exec($sessionSignInPage);
	curl_close($sessionSignInPage);

// 2- Post Login Data to Page http://signin.ebay.com/aw-cgi/eBayISAPI.dll

	$LOGINURL = "http://signin.ebay.com/aw-cgi/eBayISAPI.dll";
	$POSTFIELDS = 'MfcISAPICommand=SignInWelcome&siteid=0&co_partnerId=2&UsingSSL=0&ru=&pp=&pa1=&pa2=&pa3=&i1=-1&pageType=-1&userid='.urlencode($EBAY_USER_ID).'&pass='.urlencode($EBAY_USER_PASSWORD);
	$reffer = "http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn";

	$sessionDoLogin = curl_init(); 
	curl_setopt($sessionDoLogin, CURLOPT_URL,$LOGINURL);
	curl_setopt($sessionDoLogin, CURLOPT_USERUSER_AGENT, $USER_AGENT);
	curl_setopt($sessionDoLogin, CURLOPT_POST, 1); 
	curl_setopt($sessionDoLogin, CURLOPT_POSTFIELDS,$POSTFIELDS); 
	curl_setopt($sessionDoLogin, CURLOPT_RETURNTRANSFER, 1); 
	curl_setopt($sessionDoLogin, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($sessionDoLogin, CURLOPT_REFERER, $reffer);
	curl_setopt($sessionDoLogin, CURLOPT_COOKIEFILE, $COOKIE_FILE_PATH);
	curl_setopt($sessionDoLogin, CURLOPT_COOKIEJAR, $COOKIE_FILE_PATH);
	if ($ALTERNATE_INTERFACE != '') {
		curl_setopt($sessionDoLogin, CURLOPT_INTERFACE, $ALTERNATE_INTERFACE);
	}
	$result = curl_exec($sessionDoLogin);
	curl_close($sessionDoLogin); 
	
	if (!$IGNORE_LOGON_CHECK) {
		$pos = strpos($result, 'Hi, '.$EBAY_USER_ID.'!'); //Check for login success
		if ( ($pos === false) ) {
			exit('Login FAILED for '.$EBAY_USER_ID.'!  Script will now exit.');
		} else {
			echo 'Login successful for '.$EBAY_USER_ID.'... Running...'.$newLine.$newLine;
		}
	}
	
// 3- Cache the data we are able to of our remaining cURL queries
	    
	//Confirmation link:
	$CONFIRM_URL="http://offer.ebay.com/ws/eBayISAPI.dll";
	$sessionConfirmBid = curl_init();
	curl_setopt($sessionConfirmBid, CURLOPT_URL,$CONFIRM_URL);
	curl_setopt($sessionConfirmBid, CURLOPT_POST, 1); 
	curl_setopt($sessionConfirmBid, CURLOPT_RETURNTRANSFER, 1); 
	curl_setopt($sessionConfirmBid, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($sessionConfirmBid, CURLOPT_COOKIEFILE, $COOKIE_FILE_PATH);
	curl_setopt($sessionConfirmBid, CURLOPT_COOKIEJAR, $COOKIE_FILE_PATH);
	
	//Final purchase link:
	$PURCHASE_URL="http://offer.ebay.com/ws/eBayISAPI.dll";
	$sessionDoPurchase = curl_init(); 
	curl_setopt($sessionDoPurchase, CURLOPT_URL,$PURCHASE_URL);
	curl_setopt($sessionDoPurchase, CURLOPT_POST, 1); 
	curl_setopt($sessionDoPurchase, CURLOPT_RETURNTRANSFER, 1); 
	curl_setopt($sessionDoPurchase, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($sessionDoPurchase, CURLOPT_COOKIEFILE, $COOKIE_FILE_PATH);
	curl_setopt($sessionDoPurchase, CURLOPT_COOKIEJAR, $COOKIE_FILE_PATH);
	
// 4- Set up the API call
	$itemID; //Placeholder for item ID
	
	//Set the search parameters:
	$RESPONSE_ENCODING = 'XML';   // Format of the response
	$ENDPOINT_URL = 'http://open.api.ebay.com/shopping';  // URL to call
	$safeQuery = urlencode($KEYWORD_QUERY);

	//xmlRequest is what decides which items get returned from our search
	$xmlRequest  = '<?xml version="1.0" encoding="UTF-8" ?>';
	$xmlRequest .= '<FindItemsAdvancedRequest xmlns="urn:ebay:apis:eBLBaseComponents">';
	
	$xmlRequest .= '<QueryKeywords>';
	$xmlRequest .= $KEYWORD_QUERY;
	$xmlRequest .= '</QueryKeywords>';
	
	if ($CATEGORY_ID != '') {
		$xmlRequest .= '<CATEGORY_ID>';
		$xmlRequest .= $CATEGORY_ID;
		$xmlRequest .= '</CATEGORY_ID>';
	}
	
	$xmlRequest .= '<RESPONSE_ENCODING>';
	$xmlRequest .= $RESPONSE_ENCODING;
	$xmlRequest .= '</RESPONSE_ENCODING>';
	
	//Search within descriptions
	$xmlRequest .= '<DescriptionSearch>';
	$xmlRequest .= $SEARCH_WITHIN_DESCRIPTIONS;
	$xmlRequest .= '</DescriptionSearch>';
	
	//Restrict to items with free shipping - thank you Dan
	$xmlRequest .= '<SearchFlag>';
	$xmlRequest .= 'FreeShipping';
	$xmlRequest .= '</SearchFlag>';
	
	//Restrict to buy-it-now, non-store items
	$xmlRequest .= '<ItemType>';
	$xmlRequest .= 'FixedPriceExcludeStoreInventory';
	$xmlRequest .= '</ItemType>';
	
	//Restrict to items with exactly $1 value
	$xmlRequest .= '<PriceMax currencyID="USD">';
	$xmlRequest .= '1';
	$xmlRequest .= '</PriceMax>';
	$xmlRequest .= '<PriceMin currencyID="USD">';
	$xmlRequest .= '1';
	$xmlRequest .= '</PriceMin>';
	
	//Restrict to items with exactly 1 quantity
	$xmlRequest .= '<Quantity>'; 
	$xmlRequest .= '1'; 
	$xmlRequest .= '</Quantity>';
	$xmlRequest .= '<QuantityOperator>';
	$xmlRequest .= 'Equal';
	$xmlRequest .= '</QuantityOperator>';
	
	//Restrict to sellers with 0-1 feedback
	$xmlRequest .= '<FeedbackScoreMax>';
	$xmlRequest .= 1;
	$xmlRequest .= '</FeedbackScoreMax>';
	$xmlRequest .= '<FeedbackScoreMin>';
	$xmlRequest .= 0;
	$xmlRequest .= '</FeedbackScoreMin>';
	
	$xmlRequest .= '</FindItemsAdvancedRequest>';

	$headers = array(
		'X-EBAY-API-CALL-NAME: FindItemsAdvanced',
		'X-EBAY-API-SITE-ID: 0',                                 // Site 0 is for US
		'X-EBAY-API-APP-ID: '.$APP_ID,
		'X-EBAY-API-VERSION: 515',
		"X-EBAY-API-REQUEST-ENCODING: XML",    // for a POST request, the response by default is in the same format as the request
		'Content-Type: text/xml;charset=utf-8',
	);
	    
	$sessionAPIRequest  = curl_init($ENDPOINT_URL);                       // create a curl session
	curl_setopt($sessionAPIRequest, CURLOPT_POST, true);              // POST request type
	curl_setopt($sessionAPIRequest, CURLOPT_POSTFIELDS, $xmlRequest); // set the body of the POST
	curl_setopt($sessionAPIRequest, CURLOPT_RETURNTRANSFER, true);    // return values as a string - not to std out
	curl_setopt($sessionAPIRequest, CURLOPT_HTTPHEADER, $headers);    //set headers using the above array of headers
	if ($ALTERNATE_INTERFACE != '') {
		curl_setopt($sessionAPIRequest, CURLOPT_INTERFACE, $ALTERNATE_INTERFACE);
	}
	
// 5- Loop here, looking for valid item (currently using eBay API) [loop time has been reduced = more api calls / sec]
	
	$count = 0;
	$bidSuccess = 0;
	while (!$bidSuccess) {
		$foundAuction = 0;
		while (!$foundAuction) {
		
			$responseXML = curl_exec($sessionAPIRequest); // send the request
			$resp = simplexml_load_string($responseXML);

			if ($resp->Ack == 'Failure') {
				exit($newLine.$resp->Errors->ShortMessage.$newLine);  //thanks Kurt
			}
			if ($resp) { // If response valid, open it for parsing
				$item_cnt = count($resp->SearchResult->ItemArray->Item);
				if ($item_cnt > 0) {
					$itemID = $resp->SearchResult->ItemArray->Item[0]->ItemID; //We're assuming there is only 1 auction available
					$foundAuction = 1;
				}
			}
			$count++;
			if (($count % 100) == 0) {
				print "API Calls: ".$count.$newLine;
			}
		}
	
		//Valid item found, buy it!
		
// 6- Get to the confirmation step
		curl_setopt($sessionConfirmBid, CURLOPT_POSTFIELDS,'MfcISAPICommand=BinConfirm&item='.$itemID.'&quantity=1&input_bin=');
		$result = curl_exec($sessionConfirmBid);
	    
		//Parse the uiid from the result: [parse time has been reduced]
		$rest = substr(substr($result, strpos($result, 'input type="hidden" name="uiid" VALUE="')), 39); //Remove: input type="hidden" name="uiid" VALUE="
		$uiid = substr($rest, 0, strpos($rest, '>')-1); //Remove: ">
		
// 7- Confirm the purchase
		curl_setopt($sessionDoPurchase, CURLOPT_POSTFIELDS,'MfcISAPICommand=BinConfirm&item='.$itemID.'&mid=&hmid=&Quantity=1&javascriptenabled=0&mode=1&uiid='.$uiid); 
		$result = curl_exec($sessionDoPurchase);
		
// 8- Do output [more user-friendly output]
		$pos = strpos($result, 'you just bought'); //Check for bid confirmation
		$bidSuccess = 1;
		if ($pos === false) {
			$bidSuccess = 0;
		}
		
		$output = 'ID='.$itemID.' | Bid Success = '.$bidSuccess.' using '.$EBAY_USER_ID.' [~'.date("m-d-y : H:i:s", time()).']'.$newLine;
		print "Auction found! ".$output; //Print to browser/console
		
		$fhandle = fopen($FOUND_AUCTIONS_FILE_PATH, 'a'); //Write output to file
		fwrite($fhandle, $output.$newLine);
		fclose($fhandle);
	}
		
	//Done
	curl_close($sessionAPIRequest);
	curl_close($sessionConfirmBid);
	curl_close($sessionDoPurchase);
	
?>

Any follow ups to this, 5 years later?

I'm trying to make code that will buy-it-now automatically from a seller who continually posts a very attractive item at a low cost. But I don't presume this could pay for the item if immediate payment is required?

Thank!