Updated PHP code to automatically bid/buy an eBay auction item

This code is now obsolete and has been updated again.

Updated code to automatically bid on an eBay item, I’m currently using it myself if a loop of searched items.

Most of the changes are improved return status checking. For testing use one cent items with free shipping.

// MAIN BIDDING FUNCTION
// this function performs no checking on the input variables
// $username  -  the eBay user name
// $password  -  the eBay user password
// $item      -  the eBay item number to bid on
// $bid       -  the bid amount in local currency i.e. 5.67
// $link      -  referral link, can leave empty i.e. '' or use 'http://ebay.com'
function place_bid($username, $password, $item, $bid, $link) {

	$cookies = dirname(__FILE__).'/cookies.txt';
	
	//set success as default false
	$success = false;
	$bid_success = false;

	$curl = curl_init();
	curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
	curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1');
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
	curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
	curl_setopt($curl, CURLOPT_REFERER, $link);
	curl_setopt($curl, CURLOPT_COOKIEFILE, $cookies);
	curl_setopt($curl, CURLOPT_COOKIEJAR, $cookies);
	
	//query the referal link page and grab tracking part
	curl_setopt($curl, CURLOPT_URL, $link);
	$ret = curl_exec ($curl);
	
	//query the sign-out page
	//curl_setopt($curl, CURLOPT_URL, "http://signin.ebay.com/ws/eBayISAPI.dll?SignIn&lgout=1");
	//$ret = curl_exec ($curl);
	
	//IMPORTANT		
	//query the sign-in page to set the cookies
	curl_setopt($curl, CURLOPT_URL, 'http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn&campid=5337161990&customid=7');
	curl_exec ($curl);
	
	//sign-in
	curl_setopt($curl, CURLOPT_URL, "http://signin.ebay.com/aw-cgi/eBayISAPI.dll?MfcISAPICommand=SignInWelcome&siteid=0&co_partnerId=2&UsingSSL=0&ru=&pp=&pa1=&pa2=&pa3=&i1=-1&pageType=-1&userid={$username}&pass={$password}&campid=5337161990&customid=7");
	$ret = curl_exec ($curl);
	if(curl_errno($curl)){
		ebaylog('Curl error: ' . curl_error($curl));
	}
	if (!$ret) {
		$ret = curl_exec ($curl);
		if(curl_errno($curl)){
			ebaylog('Curl error: ' . curl_error($curl));
		}
		if (!$ret) {
			$ret = curl_exec ($curl);
			if(curl_errno($curl)){
				ebaylog('Curl error: ' . curl_error($curl));
			}
		}
	}
	
	if (strpos($ret, "Member id {$username}") === FALSE) {
		if (preg_match('%<b class="altTitle">(.*)</b>%', $ret, $regs)) {
			$err = $regs[1];
			ebaylog("\"{$err}\"");
			if (strpos($err, 'The alerts below') === 0) {
				ebaylog("{$item}: 'The alerts below' found, successful");
				//set it to succes
			}
		} else {
			ebaylog("{$item}: Failed signing in");
			if (preg_match('%<font face=".*?" size="3"><b>(.*?)</b></font>%', $ret, $regs)) {
				$err = $regs[1];
				ebaylog("\"{$err}\"");
			}
			
			test_write($ret);
			goto end;
		}
		
		
	} else {
		ebaylog("{$item}: Success signing in");
	}
	
	
	//place the inital bid
	curl_setopt($curl, CURLOPT_URL, "http://offer.ebay.com/ws/eBayISAPI.dll?MakeBid&item={$item}&maxbid={$bid}&campid=5337161990&customid=7");
	$ret = curl_exec ($curl);
	if(curl_errno($curl)){
		ebaylog('Curl error: ' . curl_error($curl));
	}
	if (!$ret) {
		$ret = curl_exec ($curl);
	}

	if (preg_match_all('/(?:value="([-0-9a-zA-Z]*)" *)?name="stok"(?: *value="([-0-9a-zA-Z]*)")?/', $ret, $regs)) {
		$stok = $regs[1][0];
	} else {
		//Failed to get 'stok' value
		//try and determine why
		if (preg_match('%
<div class="statusDiv">(.*?)</div>

%', $ret, $regs)) {
			$err = $regs[1];
			ebaylog("'{$err}'");
			//if string starts with "Enter US $0.41 or more"
			if (stripos($err, 'Enter') === 0) {
				ebaylog("{$item}: 'Enter' found, aborting");
				//set it to success
				$success = true;
			} else if (stripos($err, 'To enter a') === 0) {
				ebaylog("{$item}: 'To enter a' found, aborting");
				//set it to success
				$success = true;
			} else if (stripos($err, 'Transaction Blocked') === 0) {
				ebaylog("{$item}: 'Transaction Blocked' found, aborting");
				//set it to success
				$success = true;
			}
			
		} else if (preg_match('%"\d*" - Invalid Item</div>

%', $subject)) {
			ebaylog("{$item}: 'Invalid Item' found, aborting");
			test_write($ret);
			//set it to success
			$success = true;
		} else if (preg_match('%
<div class="subTlt">
<ul class="errList">
<li>(.*?)</li>
</ul>
</div>

%', $subject)) {
			ebaylog("{$item}: 'no longer available' found, aborting");
			test_write($ret);
			//set it to success
			$success = true;
		} else if (preg_match('%id="w\d-\d-_msg".*?>(.*?)</span>%', $ret, $regs)) {
			ebaylog("'{$regs[1]}'");
		} else if (preg_match('%<div\s+class\s*=\s*"(?:errRed|errBlk|errTitle|statusDiv)"\s*>(.*?)</div>

%i', $ret, $regs)) {
			ebaylog("'{$regs[1]}'");
		} else {
			//don't know why so log the page
			ebaylog("{$item}: Failed to get 'stok' value");
			test_write($ret);
		}
		goto end;
	}
	
	if (preg_match_all('/(?:value="([-0-9a-zA-Z]*)" *)?name="uiid"(?: *value="([-0-9a-zA-Z]*)")?/', $ret, $regs)) {
		$uiid = $regs[1][0];
	} else {
		ebaylog("{$item}: Failed to get 'uiid' value");
		goto end;
	}
	

	if ($stok && $uiid) {
		ebaylog("{$item}: Success placing initial bid");
	} else {
		ebaylog("{$item}: Failed placing initial bid");
		goto end;
		
	}
	
	//confirm the bid
	curl_setopt($curl, CURLOPT_URL, "http://offer.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=MakeBid&maxbid={$bid}&quant=1&mode=1&stok={$stok}&uiid={$uiid}&co_partnerid=2&user={$username}&fb=0&item={$item}&campid=5337161990&customid=7");
	$ret = curl_exec ($curl);
	if(curl_errno($curl)){
		ebaylog('Curl error: ' . curl_error($curl));
	}
	if (!$ret) {
		$ret = curl_exec ($curl);
	}
	
	//perform a number of tests to determine if the bid was a success
	$bid_success = true;
	if (stripos($ret, "you're the first bidder") === FALSE) {
		if (stripos($ret, "you're the high bidder and currently in the lead") === FALSE) {
			if (stripos($ret, "you're currently the highest bidder") === FALSE) {
				$bid_success  = false;
				ebaylog("{$item}: Failed placing final bid");
				//try and determine why
				if (preg_match('%<div\s+class\s*=\s*"(?:errRed|errBlk|errTitle|statusDiv)"\s*>(.*?)</div>

%i', $ret, $regs)) {
					$err = $regs[1];
					ebaylog("'{$err}'");
					if (stripos($err, 'Enter') === 0) {
						ebaylog("{$item}: 'Enter' found, aborting");
						//set it to success
						$bid_success = true;
					} else if (stripos($err, "You've just been outbid") === 0) {
						ebaylog("{$item}: 'You've just been outbid' found, aborting");
						//set it to success
						$bid_success  = true;
					} else if (stripos($err, "You're currently the high bidder,") === 0) {
						ebaylog("{$item}: 'You're currently the high bidder, but the reserve hasn't been met.' found, aborting");
						//set it to success
						$bid_success  = true;
					}
				} else {
					//we don't know why it failed so write the data
					test_write($ret);
				}
			}
		}
	}
	
	if ($bid_success) {
		ebaylog("{$item}: Success placing final bid");
		$success = true;
	}
	
	end:
	
	//close the curl session
	curl_close ($curl);
	
	if ($success) {
		ebaylog("{$item}: Success: {$username}");
	} else {
		ebaylog("{$item}: Failure: {$username}");
	}
	
	return $success;
}

//for testing
function test_write($out) {
	$fh = fopen(dirname(__FILE__).'/'.date('Y-m-d H-i-s').'.html', 'w');
	fwrite($fh, $out);
	fclose($fh);
}

//simple logging function
function ebaylog($msg) {
	$msg = "{$msg}\r\n";
	echo $msg;
	$fh = fopen(dirname(__FILE__).'/ebay-log.txt', 'a');
	fwrite($fh, date('Y-m-d H-i-s')." {$msg}");
	fclose($fh);
}
  • pepe

    Hi, I’m getting the same cookies error, you script creates the cookies.txt, ebaylog and the “htmls” for testing in the same directory of script, opening the htmls the same browser is blocking cookies error appears

  • Are you using PHP 5?

  • else, not really sure what the issue is.
    The above code I am currently using personally.

    one last thing you can try, copy this pre-populated cookie file to the location,
    http://thydzik.com/downloads/cookies.txt

  • pepe

    yes 5.3

  • pepe

    after change with your cookie file the error persits but I cannot see the html file becuase the new files generated have 0 bites (empty files), and when I delete the your cookies file and let the script generate their own script the htmls come back with the cookies error

  • where are you reading the error from if the html file is empty?

  • pepe

    on the browser appears this error:,
    191023719989: Failed signing in
    191023719989: Failure: greatd******

  • this is when you use my cookies.txt file as well?
    what does the outputted html file say?

  • pepe

    the browser error is the same with one or the other cookies file, but. when I use your cookies file the html file generated have 0 bites, but when I use the self generated file of script the html have the cookies error,

  • you can’t use what you see on the browsers to troubleshoot the errors. the only way is to return the curl output to a html file. If a file is being generated with 0 bytes something else is wrong. you need to investigate more, I can’t really help you.
    Like I said, I use the code exactly as it is myself.

  • The Tooz

    Hey Travis – having issues with this script too.

    I can see the cookie.txt getting populated and I can also see the html files getting created which when I run them I get: “Your email/user ID or password is incorrect”. I can enter in the same username and password that is in the code on the html generated and it signs me in with no problem. Your thoughts.

  • The Tooz
  • Hi Tooz

    I am really not sure what the issue is, works perfectly for me.

    Does your username or password contain any special characters that need to be escaped prior to pass to http://signin.ebay.com?

    Download ‘Live HTTP Headers’ for Firefox, manually login to eBay and see if the string in Live HTTP Header is the same as that used in the code to sign in.

    Maybe do an echo “http://signin.ebay.com/aw-cgi/eBayISAPI.dll?MfcISAPICommand=SignInWelcome&siteid=0&co_partnerId=2&UsingSSL=0&ru=&pp=&pa1=&pa2=&pa3=&i1=-1&pageType=-1&userid={$username}&pass={$password}&campid=5337161990&customid=7”

    Travis

  • Tooz,

    That line is only there to initially set the cookies, I have found that it is an initial requirement, once the cookies are set you can comment this line out as long as you don’t delete you cookies.txt file.

    The ‘//sign-in’ code after it is what is used to actually sign in.

    You can remove ‘campid=5337161990&customid=7’ throughout as that is only my eBay Partner Network id.

    Travis

  • Tooz

    Travis –

    Thanks for the response back.

    My username contains dashes and my password contains pound sign and exclamation mark.

    I assumed it was not needed so removed your Ebay Partner Network id.

    For special characters I used ascii and when I echo the url here is what I get

    https://signin.ebay.com/aw-cgi/eBayISAPI.dll?MfcISAPICommand=SignInWelcome&siteid=0&co_partnerId=2&UsingSSL=1&ru=&pp=&pa1=&pa2=&pa3=&i1=-1&pageType=-1&userid=xxxxx-xxxxxxxxx&pass=#yyyyyyyyyyyyyyyyy!

    so it appears correct. I remove my real username and password but the url echo is exactly what I place in it.

    I downloaded the firefox add-on and have no clue what I am looking for.

    Your thoughts. Thanks

  • Tooz

    Travis – found this in the Ebay log:

    2015-01-12 21-20-35 : Failed signing in

    2015-01-12 21-20-35 : Failure: xxxxx-xxxxxxxxxxx-

    So I am going to assume it is the escaping special characters as the issue. Your thoughts?

    Tooz

  • hi Tooz

    I did a quick test on the pass word, if I have a password of “[email protected]#$%^&*()”, then what needs to be sent is “%21%40%23%24%25%5E%26*%28%29”

    So try adding the line;
    $password = urlencode($password);

    Travis

  • The Tooz

    Hey Travis –

    Using the code from the top of this page… this is what I did:

    I put this at the bottom of the page –
    $bid = place_bid(‘my username’, ‘my password’, ”, ”, ‘http://www.ebay.com’);

    Added this line:
    $password = urlencode($password);

    just after
    function place_bid($username, $password, $item, $bid, $link){

    have cookies.txt in the root (I can delete the data from it and it reappears the next time I run it so I know that works).

    and I send everything to this url:

    http://signin.ebay.com/aw-cgi/eBayISAPI.dll?MfcISAPICommand=SignInWelcome&siteid=0&co_partnerId=2&UsingSSL=0&ru=&pp=&pa1=&pa2=&pa3=&i1=-1&pageType=-1&userid={$username}&pass={$password}

    I get the same error:

    2015-01-12 23-46-29 : Failed signing in

    NOTE – If I take the url and copy/paste it into the browser replace the {$username} with my username and replace the {$password} with my encoded password…. it logs on through the browser.

    Your thoughts….

  • try removing ‘$password = urlencode($password);’

    and for your my_password pass it the encoded password that you know works, this is what I am currently doing myself.

  • The Tooz

    Hey Travis –

    Nothing changed. Still getting the login error. I can not figure out why the url will work in the browser, but not through your script.

  • The Tooz

    Also to note I am now getting the blocking cookies issue. Both chrome and safari and when I check cookies are enabled.

  • The Tooz

    Hey Travis – Not sure what you have to get your’s to work, but I could not get this to login along with others that have posted here. I am going to give up on this approach. Invested 8 hours already and I am no closer than from the beginning.

    Tooz

  • I am also stuck for ideas, like I said, this is the code I am actively using.
    I use it with Hostgator, PHP 5.4.

    If you are getting blocked cookies when you are manually logging in, you need to load the signin page first, this will set the cookie file read for the login.

    Still try Live HTTP headers, basically when you have the plugin running and you login manually, you can see the string that is sent to eBay, you can use this a verification that the scripts string is the same.

  • The Tooz

    Travis –

    I have a godaddy vpn and also using 5.4

    1) When I log in manually I have no issues.
    2) When I copy the url from the script and paste it in the browser I have no issues.
    3) When I run the script I get the cookies issue both in chrome and in firefox, but it will update my cookies.txt

  • The Tooz

    Travis – I am running Live HTTP Headers and you wrote ” you can see the string that is sent to eBay” …. which specific string should I be looking for? There is a lot.

  • The Tooz

    I ran Live HHTP Headers and I found a string starting with MfcISAPICommand=SignInWelcome followed by 1000 letters, numbers, characters.

    I added http://signin.ebay.com/aw-cgi/eBayISAPI.dll? to the front of it…. and pasted it into the browser and it logs me in no problem. I added that in the script and called it $url_test

    curl_setopt($curl, CURLOPT_URL, $url_test);

    when I run the script I get the cookies issue.

    I wonder since you have a ebay partner network id if maybe your site is registered so ebay does not block cookies.

  • The Tooz

    Travis – I suspect it is the cookies.txt

    When I run the code and get cookies for the cookies.txt vs just looking at the cookies in Live HTTP Headers they are not even close to the same.

    I looked at your cookies.txt that you attached as a link… you have a bunch of lines…. my cookies.txt has like maybe 5 or 6 and they do not even look like the one’s in Live HTTP so I am trying to figure out how to possibly rewrite the cookies.txt file to match what I see in Live HTTP.

  • Hi Tooz

    I realised something, have you been checking the output HTML or only the logs to check if it is signed in?

    A while back eBay changed the page after you signin so that my checks didn’t work any more and I had to change it.

    Can you try the following slightly modified;
    http://thydzik.com/downloads/ebay-v3.php.txt

    Alternatively, look at the output HTML when it signs in, it might actually be working.

    Travis

  • Here is a bit of code that I tested locally to signin to eBay and then output the myebay page.

    To know if it works the myebay page should show your username.

    php code;
    http://thydzik.com/downloads/ebay-test.php.txt

  • The Tooz

    Travis – “To know if it works the myebay page should show your username.” Success!!!!

    Testing the first txt that you sent me now…will update you.

    The Tooz

  • The Tooz

    Travis –

    ok I ran the new main script and I was able to sign in.

    I ran it a second time and I get “Sorry, we couldn’t complete your request. Try again later.” No HTML file was created either.

    so I tried your test script again, which ran through, but returned the same message “Sorry, we couldn’t complete your request. Try again later.”

    Your thoughts….

  • Where are you getting the ‘Sorry, we couldn’t complete your request. Try again later.’ message?

    To me that sounds like a message you receive if JavaScript is disabled which naturally be if you are using curl.

  • The Tooz

    Travis – I am getting that on Ebay’s My Ebay page …. it logs in where I can see my username and that message appears in the middle of the page below the username.

  • Tooz, that is normal, I think because the page uses JavaScript to fetch the items. Don’t worry about it.

    Does the rest of the code work?

  • Tooz, can you please let me know if you managed to get the code working. thanks

  • Trina McLaren

    Hello, any idea if this still works on eBay? I know they’ve been trying to make automatic bidding more difficult (even eBay developers have to go through a special application process to allow bidding).

    I will install Apache just to use this script if it still works!

  • Hi Trina
    It stopped working when eBay defaulted to HTTPS, I’ll update once I get it working again.