1. 首頁
  2. 問答
  3. PHP不能,捲曲

PHP不能,捲曲

2017-05-03 199 views
2

登錄我有這樣的形式在頁面上:PHP不能,捲曲

<form name="logForm" method="post" action="j_security_check" onsubmit="return validateLogin(this);" _lpchecked="1"> 
    <input type="hidden" name="j_username"> 
    <input type="hidden" name="catId" value="10000"> 
    <input type="hidden" name="redURL" value="/loggedIn.do">  
     <table border="0" bordercolor="pink" id="login-table"> 
      <tbody><tr> 
       <td><input id="userId" type="text" name="username" class="login-fields phfield" value="username"></td> 
       <td><input id="pwd" type="password" name="j_password" class="login-fields phfield" value="password"></td> 
       <td rowspan="2" style="width: 105px;"> 
        <input type="submit" value="" class="login_btn" id="login-submit"> 
       </td> 
      </tr> 
     </tbody></table> 
    </form>

在這裏,有什麼隱藏爲j_username和輸入名稱用戶名之間的區別?我是否需要發佈「用戶名」,不是嗎?

所以,這個形式我設置VAR和嘗試登錄:

$cookiefile = tempnam ("/tmp", "mycookiefile.txt"); 
$login = 'https://example.com/folder/j_security_check'; 
$cookiedata = array(
"username" => "myusername", 
"j_password" => "mypassword" 
); 

// try to login 
$ch = curl_init ($login); 
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookiefile); 
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15); 
curl_setopt($ch, CURLOPT_TIMEOUT, 15); 
curl_setopt($ch, CURLOPT_VERBOSE, true); 
$verbose = fopen('verbose.txt', 'w+'); 
curl_setopt($ch, CURLOPT_STDERR, $verbose); 
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true); 
curl_setopt ($ch, CURLOPT_POST, true); 
curl_setopt ($ch, CURLOPT_POSTFIELDS, $cookiedata); 
$out = curl_exec ($ch); 
$headers = curl_getinfo($ch, CURLINFO_HTTP_CODE); 

      if ($headers == 404 || curl_errno($ch) != 0) 
      { 
        echo "Error \n"; 
      } 
echo $out;

我無法登錄,它重定向在登錄失敗頁面。

請問,它錯在哪裏?由於

詳細:

* About to connect() to example.com port 443 (#0) 
* Trying xxx.xxx.xxx.xxx... 
* Connected to example.come (xxx.xxx.xxx.xxx) port 443 (#0) 
* Initializing NSS with certpath: sql:/etc/pki/nssdb 
* CAfile: /etc/pki/tls/certs/ca-bundle.crt 
    CApath: none 
* SSL connection using TLS_RSA_WITH_AES_128_GCM_SHA256 
* Server certificate: 
* subject: CN=*.example.com 
* start date: Aug 10 00:00:00 2016 GMT 
* expire date: Aug 10 23:59:59 2017 GMT 
* common name: *.example.com 
* issuer: CN=RapidSSL SHA256 CA,O=GeoTrust Inc.,C=US 
> POST /folder/j_security_check HTTP/1.1 
Host: example.com 
Accept: */* 
Content-Length: 370 
Expect: 100-continue 
Content-Type: multipart/form-data; boundary=----------------------------e6df4811bbdc 

< HTTP/1.1 100 Continue 
< HTTP/1.1 302 Found 
< Date: Wed, 03 May 2017 14:38:21 GMT 
< X-Powered-By: Servlet/3.0 
< Location: https://example.com/folder/loginFailure.do 
< Content-Length: 0 
* Added cookie logged-user="""" for domain example.com, path /, expire 786297600 
< Set-Cookie: logged-user=""; Expires=Thu, 01-Dec-94 16:00:00 GMT; Path=/; Domain=example.com 
* Added cookie JSESSIONID="0000CKKhQSS79AIRXhTP-REhHSI:18hmtvfl9" for domain example.com, path /, expire 0 
< Set-Cookie: JSESSIONID=0000CKKhQSS79AIRXhTP-REhHSI:18hmtvfl9; Path=/; HttpOnly 
< Expires: Thu, 01 Dec 1994 16:00:00 GMT 
< Cache-Control: no-cache="set-cookie, set-cookie2" 
< Content-Type: text/plain 
< Content-Language: en-US 
* HTTP error before end of send, stop sending 
< 
* Closing connection 0

這些都是複製的捲髮是Chrome時瀏覽器登錄...

//homepage 

curl "https://example.com/folder/viewHome.do" -H "Accept-Encoding: gzip, deflate, sdch, br" -H "Accept-Language: it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4,fr;q=0.2" -H "Upgrade-Insecure-Requests: 1" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" -H "Referer: https://example.com/" -H "Cookie: JSESSIONID=0000IqYX1pKkYILlDsHqo2TfZLO:18hmtvhe1; LtpaToken2=... ...; LtpaToken=... ...; logged-user=myuser" -H "Connection: keep-alive" --compressed 

//j_security_check 
curl "https://example.com/folder/j_security_check" -H "Cookie: JSESSIONID=0000IqYX1pKkYILlDsHqo2TfZLO:18hmtvhe1; LtpaToken2=tokenLongString... ...; LtpaToken=tokenLongString... ..." -H "Origin: https://example.com" -H "Accept-Encoding: gzip, deflate, br" -H "Accept-Language: it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4,fr;q=0.2" -H "Upgrade-Insecure-Requests: 1" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36" -H "Content-Type: application/x-www-form-urlencoded" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" -H "Cache-Control: max-age=0" -H "Referer: https://example.com/folder/viewHome.do" -H "Connection: keep-alive" --data "j_username=myuser^&catalogId=10000^&redirectURL=^%^2FloggedIn.do^&username=myuser^&j_password=mypassword" --compressed

來源

2017-05-03 kenwarr

+0

您已經輸出到冗長的文件,但不包括任何輸出。將verbose.txt的內容添加到您的問題中。 – Luke

+0

@Luke增加了詳細...謝謝 – kenwarr

+0

'發送結束之前的HTTP錯誤,停止發送'行表明響應被目標服務器 – Luke

回答

0

您需要提供JavaScript方法,validateLogin()的代碼。

j_username對用戶隱藏且無法訪問。可見輸入... name="username" ...將包含用戶提供的用戶名。將此傳遞給您的PHP代碼以成功登錄。

編輯:評論中提供的新信息 您沒有使用$ _POST數據。您正在嘗試傳遞尚未設置的curl代碼中的數據(我們可以看到)。試試這個替代:

$cookiedata = array(
    "username" => $_POST['j_username'], 
    "j_username" => $_POST['j_username'], 
    "j_password" => $_POST['j_password'] 
);

編輯:添加,因爲您的Chrome的兩個用戶名字段,捲曲更新看起來是同時使用

來源

2017-05-03 15:33:57

+0

確實我通過了...但是失敗 – kenwarr

+0

仍然需要你的javascript代碼。這將數據傳遞給PHP,對吧? –

+0

你的意思是什麼?這不是我的服務器...什麼是JavaScript代碼? – kenwarr

0

答案是:

如果選中「要求更好頭部「由瀏覽器,以模擬確切的請求。

在這種情況下的Content-Type必須應用程序/ x-WWW窗體-urlencoded

所以,curl_setopt ($ch, CURLOPT_POSTFIELDS, $cookiedata);是不好的。

您需要:

curl_setopt ($ch, CURLOPT_POSTFIELDS, http_build_query($cookiedata));

來源

2017-05-03 20:46:55 kenwarr

相關問題

 相關問題