djekl · January 17, 2014 00:10
diff --git a/Xbox oAuth Login.php b/Xbox oAuth Login.php
 <?
 define('CLIENT_ID', 'CLIENT_ID');
 define('REDIRECT_URI', 'URL');
 define('USERNAME', 'USERNAME');
 define('PASSWORD', 'PASSWORD');

 function curl_request($url, $cookie = '', $post_data = '', $headers_ary = '') {
 	    $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
            curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0.1) Gecko/20100101 Firefox/8.0.1");
            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            if ($cookie) {
            	    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
            	    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
            }
            curl_setopt($ch, CURLOPT_AUTOREFERER, true);
            if ($post_data) {
            	    curl_setopt($ch, CURLOPT_POST, true);
            	    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
            }
            if ($headers_ary) {
            	    curl_setopt($ch,CURLOPT_HTTPHEADER, $headers_ary);
            }
            curl_setopt($ch, CURLOPT_TIMEOUT, 7);
            $result = curl_exec($ch);
            curl_close($ch);
            return $result;
 }

 $result = curl_request('https://login.live.com/oauth20_authorize.srf?client_id='.CLIENT_ID.'&redirect_uri='.REDIRECT_URI.'&response_type=token&scope=wl.basic&locale=en', 'cookie1.txt');
 // one step in between to give consent to this client id, i've done this manually for my account with my client_id. 
 // Probably doesn't matter how you do the above, as long as you log the user into live.com to get those cookies

 // log into live.com
 $pattern = "/urlPost\:\'(.*?)\'/is";
 preg_match($pattern, $result, $urlPost);
 $pattern = '/PPFT\" id=\"(.*?)\" value=\"(.*?)\"/is';
 preg_match($pattern, $result, $PPFT);
 $pattern = "/,h\:\'(.*?)\'/is";
 preg_match($pattern, $result, $PPSX);
 $result = curl_request($urlPost[1], "cookie1.txt", "PPFT=".$PPFT[2]."&login=".USERNAME."&passwd=".PASSWORD."&LoginOptions=1&NewUser=1&MobilePost=1&PPSX=".$PPSX[1]."&type=11&i3=9500&m1=1440&m2=900&m3=0&i12=1&i17=0&i18=__HostMobileLogin|1,");

 // get xbox.com form
 $result = curl_request("https://live.xbox.com/Account/Signin?returnUrl=http%3a%2f%2flive.xbox.com%2fen-US%2fHome", "cookie1.txt");

 // log into xbox.com
 $pattern = "/action\=\"(.*?)\"/is";
 preg_match($pattern, $result, $urlPost);
 $pattern = "/id\=\"NAPExp\" value\=\"(.*?)\"/is";
 preg_match($pattern, $result, $NAPExp);
 $pattern = "/id\=\"NAP\" value\=\"(.*?)\"/is";
 preg_match($pattern, $result, $NAP);
 $pattern = "/id\=\"ANON\" value\=\"(.*?)\"/is";
 preg_match($pattern, $result, $ANON);
 $pattern = "/id\=\"ANONExp\" value\=\"(.*?)\"/is";
 preg_match($pattern, $result, $ANONExp);
 $pattern = "/id\=\"t\" value\=\"(.*?)\"/is";
 preg_match($pattern, $result, $t);
 $result = curl_request($urlPost[1], "cookie1.txt", "NAPExp=".$NAPExp[1]."&NAP=".$NAP[1]."&ANON=".$ANON[1]."&ANONExp=".$ANONExp[1]."&t=".$t[1]);

 // get the partner token, needs xbox.com cookies
 $result = curl_request("https://sts.xbox.com/tokens.svc/partnertoken?gameId=1297290147&gameVersion=2&audienceUri=".urlencode("http://xboxlive.com/userdata"), "cookie1.txt", "", array('Accept: text/html, application/xhtml+xml, */*','Accept-Encoding: gzip, deflate'));
  
 $pattern = "/\<Partner\>(.*?)\<\/Partner\>/is";
 preg_match($pattern, $result, $partnerToken);
 $val = html_entity_decode($partnerToken[1]);
 // this api provides a ton of data with different section flags. There's also help files
 // Profile.svc/help, Message.svc/help Friend.svc/help
 // those features will really have what you need, a way to send messages and manage friends via the correct api instead of scraping the web
 $result = curl_request("https://uds-part.xboxlive.com/Profile.svc/profile?sectionFlags=41", "", "", array('X-Locale: us-EN','X-Platform-Type: 5','Cache-Control: no-store, no-cache, must-revalidate', 'PRAGMA: no-cache', 'X-PartnerAuthorization: XBL1.0 x='.$val));
 print_r($result);
	<?
	define('CLIENT_ID', 'CLIENT_ID');
	define('REDIRECT_URI', 'URL');
	define('USERNAME', 'USERNAME');
	define('PASSWORD', 'PASSWORD');

	function curl_request($url, $cookie = '', $post_data = '', $headers_ary = '') {
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
	curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0.1) Gecko/20100101 Firefox/8.0.1");
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	if ($cookie) {
	curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
	curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
	}
	curl_setopt($ch, CURLOPT_AUTOREFERER, true);
	if ($post_data) {
	curl_setopt($ch, CURLOPT_POST, true);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
	}
	if ($headers_ary) {
	curl_setopt($ch,CURLOPT_HTTPHEADER, $headers_ary);
	}
	curl_setopt($ch, CURLOPT_TIMEOUT, 7);
	$result = curl_exec($ch);
	curl_close($ch);
	return $result;
	}

	$result = curl_request('https://login.live.com/oauth20_authorize.srf?client_id='.CLIENT_ID.'&redirect_uri='.REDIRECT_URI.'&response_type=token&scope=wl.basic&locale=en', 'cookie1.txt');
	// one step in between to give consent to this client id, i've done this manually for my account with my client_id.
	// Probably doesn't matter how you do the above, as long as you log the user into live.com to get those cookies

	// log into live.com
	$pattern = "/urlPost\:\'(.*?)\'/is";
	preg_match($pattern, $result, $urlPost);
	$pattern = '/PPFT\" id=\"(.?)\" value=\"(.?)\"/is';
	preg_match($pattern, $result, $PPFT);
	$pattern = "/,h\:\'(.*?)\'/is";
	preg_match($pattern, $result, $PPSX);
	$result = curl_request($urlPost[1], "cookie1.txt", "PPFT=".$PPFT[2]."&login=".USERNAME."&passwd=".PASSWORD."&LoginOptions=1&NewUser=1&MobilePost=1&PPSX=".$PPSX[1]."&type=11&i3=9500&m1=1440&m2=900&m3=0&i12=1&i17=0&i18=__HostMobileLogin\|1,");

	// get xbox.com form
	$result = curl_request("https://live.xbox.com/Account/Signin?returnUrl=http%3a%2f%2flive.xbox.com%2fen-US%2fHome", "cookie1.txt");

	// log into xbox.com
	$pattern = "/action\=\"(.*?)\"/is";
	preg_match($pattern, $result, $urlPost);
	$pattern = "/id\=\"NAPExp\" value\=\"(.*?)\"/is";
	preg_match($pattern, $result, $NAPExp);
	$pattern = "/id\=\"NAP\" value\=\"(.*?)\"/is";
	preg_match($pattern, $result, $NAP);
	$pattern = "/id\=\"ANON\" value\=\"(.*?)\"/is";
	preg_match($pattern, $result, $ANON);
	$pattern = "/id\=\"ANONExp\" value\=\"(.*?)\"/is";
	preg_match($pattern, $result, $ANONExp);
	$pattern = "/id\=\"t\" value\=\"(.*?)\"/is";
	preg_match($pattern, $result, $t);
	$result = curl_request($urlPost[1], "cookie1.txt", "NAPExp=".$NAPExp[1]."&NAP=".$NAP[1]."&ANON=".$ANON[1]."&ANONExp=".$ANONExp[1]."&t=".$t[1]);

	// get the partner token, needs xbox.com cookies
	$result = curl_request("https://sts.xbox.com/tokens.svc/partnertoken?gameId=1297290147&gameVersion=2&audienceUri=".urlencode("http://xboxlive.com/userdata"), "cookie1.txt", "", array('Accept: text/html, application/xhtml+xml, /','Accept-Encoding: gzip, deflate'));

	$pattern = "/\<Partner\>(.*?)\<\/Partner\>/is";
	preg_match($pattern, $result, $partnerToken);
	$val = html_entity_decode($partnerToken[1]);
	// this api provides a ton of data with different section flags. There's also help files
	// Profile.svc/help, Message.svc/help Friend.svc/help
	// those features will really have what you need, a way to send messages and manage friends via the correct api instead of scraping the web
	$result = curl_request("https://uds-part.xboxlive.com/Profile.svc/profile?sectionFlags=41", "", "", array('X-Locale: us-EN','X-Platform-Type: 5','Cache-Control: no-store, no-cache, must-revalidate', 'PRAGMA: no-cache', 'X-PartnerAuthorization: XBL1.0 x='.$val));
	print_r($result);