OLD CODE
<?
define('CLIENT_ID', 'CLIENT_ID');
define('REDIRECT_URI', 'URL');
define('USERNAME', 'USERNAME');
define('PASSWORD', 'PASSWORD');
function curl_request($url, $cookie = '', $post_data = '', $headers_ary = '') {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0.1) Gecko/20100101 Firefox/8.0.1");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
if ($cookie) {
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
}
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
if ($post_data) {
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
}
if ($headers_ary) {
curl_setopt($ch,CURLOPT_HTTPHEADER, $headers_ary);
}
curl_setopt($ch, CURLOPT_TIMEOUT, 7);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
$result = curl_request('https://login.live.com/oauth20_authorize.srf?client_id='.CLIENT_ID.'&redirect_uri='.REDIRECT_URI.'&response_type=token&scope=wl.basic&locale=en', 'cookie1.txt');
// one step in between to give consent to this client id, i've done this manually for my account with my client_id.
// Probably doesn't matter how you do the above, as long as you log the user into live.com to get those cookies
// log into live.com
$pattern = "/urlPost\:\'(.*?)\'/is";
preg_match($pattern, $result, $urlPost);
$pattern = '/PPFT\" id=\"(.*?)\" value=\"(.*?)\"/is';
preg_match($pattern, $result, $PPFT);
$pattern = "/,h\:\'(.*?)\'/is";
preg_match($pattern, $result, $PPSX);
$result = curl_request($urlPost[1], "cookie1.txt", "PPFT=".$PPFT[2]."&login=".USERNAME."&passwd=".PASSWORD."&LoginOptions=1&NewUser=1&MobilePost=1&PPSX=".$PPSX[1]."&type=11&i3=9500&m1=1440&m2=900&m3=0&i12=1&i17=0&i18=__HostMobileLogin|1,");
// get xbox.com form
$result = curl_request("https://live.xbox.com/Account/Signin?returnUrl=http%3a%2f%2flive.xbox.com%2fen-US%2fHome", "cookie1.txt");
// log into xbox.com
$pattern = "/action\=\"(.*?)\"/is";
preg_match($pattern, $result, $urlPost);
$pattern = "/id\=\"NAPExp\" value\=\"(.*?)\"/is";
preg_match($pattern, $result, $NAPExp);
$pattern = "/id\=\"NAP\" value\=\"(.*?)\"/is";
preg_match($pattern, $result, $NAP);
$pattern = "/id\=\"ANON\" value\=\"(.*?)\"/is";
preg_match($pattern, $result, $ANON);
$pattern = "/id\=\"ANONExp\" value\=\"(.*?)\"/is";
preg_match($pattern, $result, $ANONExp);
$pattern = "/id\=\"t\" value\=\"(.*?)\"/is";
preg_match($pattern, $result, $t);
$result = curl_request($urlPost[1], "cookie1.txt", "NAPExp=".$NAPExp[1]."&NAP=".$NAP[1]."&ANON=".$ANON[1]."&ANONExp=".$ANONExp[1]."&t=".$t[1]);
// get the partner token, needs xbox.com cookies
$result = curl_request("https://sts.xbox.com/tokens.svc/partnertoken?gameId=1297290147&gameVersion=2&audienceUri=".urlencode("http://xboxlive.com/userdata"), "cookie1.txt", "", array('Accept: text/html, application/xhtml+xml, */*','Accept-Encoding: gzip, deflate'));
$pattern = "/\<Partner\>(.*?)\<\/Partner\>/is";
preg_match($pattern, $result, $partnerToken);
$val = html_entity_decode($partnerToken[1]);
// this api provides a ton of data with different section flags. There's also help files
// Profile.svc/help, Message.svc/help Friend.svc/help
// those features will really have what you need, a way to send messages and manage friends via the correct api instead of scraping the web
$result = curl_request("https://uds-part.xboxlive.com/Profile.svc/profile?sectionFlags=41", "", "", array('X-Locale: us-EN','X-Platform-Type: 5','Cache-Control: no-store, no-cache, must-revalidate', 'PRAGMA: no-cache', 'X-PartnerAuthorization: XBL1.0 x='.$val));
print_r($result);