Login doesn't work anymore

[LordTiggy]

Seems like Rockstar changed something to the way you have to log in on their site; I can't seem to make the api log in anymore. I get redirected to the login screen (https://socialclub.rockstargames.com/profile/signin) every single time I try to log in.

[frdmn]

Thanks for the issue, I'll try to take a look later this week! :)

[GameGuyLive]

Hey, has this been fixed at all?

[LordTiggy]

Don't know but I don't think so :( waiting for this too so I can get my page working again

[Naoto-Ida]

They(Rockstar) are definitely amping up security measures. A few months back, they added some token that we weren't aware of, then it didn't let us in because we were lacking it on the login. Probably something similar this time around too.

[LordTiggy]

They did hide it good in the code then, because I didn't see anything special except that "token"

[frdmn]

Sorry guys for not getting back to this issue yet. I hope I can prioritize this, so you guys can continue with your projects. Anyways, I am sick since about a week and won't be able to work on this until next week.

[GameGuyLive]

No worries about it :) Do you think you'll be able to fix it or is it completely on Rockstar's side, if you just take a guess. On 30 Oct 2015 12:23, "Jonas Friedmann" notifications@github.com wrote:

Sorry guys for not getting back to this issue yet. I hope I can prioritize this, so you guys can continue with your projects. Anyways, I am sick since about a week and won't be able to work on this until next week.

— Reply to this email directly or view it on GitHub https://github.com/gta5-map/Social-Club-API-cheat-sheet/issues/1#issuecomment-152510590 .

[frdmn]

Even though if it's on Rockstar's side: I am pretty sure we can fix this and automate the login again using our scripts. Just needs some debugging done :)

[GameGuyLive]

Awesome dude! You never stop impressing me :) On 30 Oct 2015 12:28, "Jonas Friedmann" notifications@github.com wrote:

Even though if it's on Rockstar's side: I am pretty sure we can fix this and automate the login again using our scripts. Just needs some debugging done :)

— Reply to this email directly or view it on GitHub https://github.com/gta5-map/Social-Club-API-cheat-sheet/issues/1#issuecomment-152511249 .

[LordTiggy]

Take some well disserved rest pal :) Sure you will work this out :D

[frdmn]

Here's what i've found out so far:

1. New request headers are required!

   // New default header
   $defaultHeaders = array(
    'Pragma: no-cache',
    'Accept-Encoding: gzip, deflate, sdch',
    'Accept-Language: en-US,en;q=0.8,en-US;q=0.6,en;q=0.4',
    'Upgrade-Insecure-Requests: 1',
    'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2460.0 Safari/537.36',
    'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
    'Cache-Control: no-cache',
    'Connection: keep-alive'
   );

2. If Rockstar notices that you're trying to use curl to send the requests, your IP gets temporarily short-time blacklisted for any HTTP/HTTPS traffic . So make sure you're using the exact same headers as sent by the browser.
3. They added reCAPTCHA (Google's Captcha-less Captcha) which is my main issue right now. Hopefully we can find a way to bypass this.

Stay tuned

[LordTiggy]

Nice progress :) I was blocked before allready; couldn't open the stats page anymore for a while. Isn't the recaptcha not only needed when you got banned or haven't got the good headers?

[r3m4k3]

For me sth like this is working:

$defaultHeaders = array( 'Pragma: no-cache', 'Accept-Encoding: gzip, deflate, sdch', 'Accept-Language: en-US,en;q=0.8,en-US;q=0.6,en;q=0.4', 'Upgrade-Insecure-Requests: 1', 'User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36', 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8', 'Cache-Control: no-cache', 'Connection: keep-alive' );

$ch = curl_init(); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_VERBOSE, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $defaultHeaders); curl_setopt($ch, CURLOPT_URL, $url);

I'm not genuinely blocked in web browser. Of course I have sent requests before. Any captcha found. :)

[frdmn]

@r3m4k3 Yup the requests issue should be okay if we just sent the same headers like the browsers. However i am still stuck with the stubborn NoCAPTCHA.

I'm not sure if I got it right, but you don't have to solve any Captchas and still can send and receive data?

[r3m4k3]

Yes, you got it right, I don't have to solve captcha and still I can both receive and send data. Where did you stuck? Your ip address was blocked, and now you're getting captcha protection even when you're using browser, ya?

[frdmn]

Yeah! It looks like they randomly/sporadically inject the captchas but not all the time.

Just tried to capture a screenshot for you, so you can see the captcha in action in my browser, but now it doesn't show up for me either.

This is getting interesting :P

[r3m4k3]

Yes, it seems to be randomly operation. Btw, I don't even understand the reasons why Rockstar make this api accessible only to web browsers. Who will look through json data in web browser? It's illogical! On the other hand why they're publishing method which returns data in html format, really, html format? IMHO that's misunderstanding and frustrating.

Let me know if you solve your problem. :)

[frdmn]

Ha, just ran into the Captcha again. Here's a screenshot:

Relevant DOM:

<div class="newRow">
    <div id="reCaptchaInput" class=" recaptcha_nothad_incorrect_sol recaptcha_isnot_showing_audio">
        <div id="recaptcha_area">
            <table id="recaptcha_table" class="recaptchatable recaptcha_theme_clean">
                <tbody>
                    <tr height="73">
                        <td class="recaptcha_image_cell" width="302">
                            <center>
                                <div id="recaptcha_image" style="width: 300px; height: 57px;"><img id="recaptcha_challenge_image" alt="reCAPTCHA challenge image" height="57" width="300" src="https://www.google.com/recaptcha/api/image?c=03AHJ_Vusn2FAEmmT7gfTqLZwe5WbW871x8QzoxfBAU_nriG4IDHcEn1H4vjUZidjjAFNGqfPjjVmr99b-sR-yEG50oWUm5t7WMDuAwLNpYtssIUZWy7ooro-XXX&amp;th=,XX-ABqyLbuYc6yd9YS9K0Ij4V8HIRvlUJItTybmBTYK_u95wFRVCf38pUkP2rIBs0-P2sRW7IaYJ9-2DS1LFrP1-XXX-XX-s1OFX35L9N5EP58uFIa6hC-XXX-ryEuNPPPhu1xrlOvYvItdY9YELdx9ODnlutT-XXX"></div>
                            </center>
                        </td>
                        <td style="padding: 10px 7px 7px 7px;">
                            <a id="recaptcha_reload_btn" title="Get a new challenge" tabindex="4"><img id="recaptcha_reload" width="25" height="18" alt="Get a new challenge" src="https://www.google.com/recaptcha/api/img/clean/refresh.png"></a>
                            <a id="recaptcha_switch_audio_btn" class="recaptcha_only_if_image" title="Get an audio challenge" tabindex="5"><img id="recaptcha_switch_audio" width="25" height="15" alt="Get an audio challenge" src="https://www.google.com/recaptcha/api/img/clean/audio.png"></a>
                            <a id="recaptcha_switch_img_btn" class="recaptcha_only_if_audio" title="Get a visual challenge" tabindex="6"><img id="recaptcha_switch_img" width="25" height="15" alt="Get a visual challenge" src="https://www.google.com/recaptcha/api/img/clean/text.png"></a>
                            <a id="recaptcha_whatsthis_btn" title="Help" tabindex="7"><img id="recaptcha_whatsthis" width="25" height="16" src="https://www.google.com/recaptcha/api/img/clean/help.png" alt="Help"></a>
                        </td>
                        <td style="padding: 18px 7px 18px 7px;"> <img id="recaptcha_logo" alt="" width="71" height="36" src="https://www.google.com/recaptcha/api/img/clean/logo.png"> </td>
                    </tr>
                    <tr>
                        <td style="padding-left: 7px;">
                            <div class="recaptcha_input_area" style="padding-top: 2px; padding-bottom: 7px;"> <span id="recaptcha_challenge_field_holder" style="display: none;"><input type="hidden" name="recaptcha_challenge_field" id="recaptcha_challenge_field" value="XXX-sR-XXX-XXX"></span>
                                <input style="border: 1px solid #3c3c3c; width: 302px;" name="recaptcha_response_field" id="recaptcha_response_field" type="text" placeholder="Type the text" autocomplete="off" tabindex="3" autocorrect="off" autocapitalize="off" spellcheck="false"> </div>
                        </td>
                        <td colspan="2"><span id="recaptcha_privacy" class="recaptcha_only_if_privacy" tabindex="7"><a href="http://www.google.com/intl/en/policies/" target="_blank">Privacy &amp; Terms</a></span></td>
                    </tr>
                </tbody>
            </table>
        </div>
    </div>
</div>

[r3m4k3]

@frdmn Ha, it's incredible. I couldn't believe it. Have you found a solution?

Btw, hoi. Ik zie dat je uit Nederland komt. Groetjes uit Polen! :)

[r3m4k3]

Now when I'm trying to sign in, I'm getting: Error! Please ensure you have cookies enabled.

@frdmn Maybe do you know this problem?

[frdmn]

@r3m4k3 sorry, I haven't figured this out yet.

Whenever I try to give this a shot, im stuck with the Captcha after a bunch of tries :(

[r3m4k3]

@frdmn Tthat's incredible. Is this an official api? Is there any different official api? I've been looking for, but didn't found anything.

[frdmn]

@r3m4k3 No there is no official or different API from that we use right now.

Parsing the endpoints which are implemented in the public frontend are our best bet right now :/

[frdmn]

I'm going to close this, since the problem of this issue is definitely the implementation of ReCaptcha by R*.

As mentioned in #3, a temporary workaround for this is to manually sign in to SC via your desktop browser and "provoke" the captcha to show up. Solve it manually to sign it, sign out again and retry the parser.