It also uses a captcha verification which means even if you try to submit the form, if you don't match the image's code with the session it stores upon visit, then its not considered validated. Course I can't help you with automatic captcha hacking.
no it doesnt use captcha to login..just trying to login with the inputted username and password through curl. have a look here: http://www.megaupload.com/?c=login
I noticed the form basically has these properties. login (which is set to 1) redir (which is set to 1) username and password There's no action= attribute but there's an onclick event for the submit button which basically calls this function. function postlogin() { if(document.getElementById('username').value == '') { document.getElementById('username').focus(); alert('Please enter your username.'); } else if(document.getElementById('password').value == '') { document.getElementById('password').focus(); alert('Please enter your password.'); } else { document.getElementById('loginfrm').submit(); } } Code (markup): With no action, its assumed that the same page will be the target. So your url would be http://www.megaupload.com/ In curl you'd need to do a POST to that url. $query = "login=1&redir=1&username=myusername&password=mypassword"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,"http://www.megaupload.com/"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,$query); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1); $data = curl_exec($ch); curl_close($ch); PHP: The above code will send a post to http://www.megaupload.com/ , and $data will contain the response (be it an html page or some error). PS: Normally in a form the javascript would be called via onsubmit, also the JS is only used to validate that a username and password has been supplied, so technically you could rewrite the form to a standard pure-html and it would be the same ( just without the blank warning ).