1. 首頁
  2. 問答
  3. PHP的捲曲登錄Instagram的進入重定向循環

PHP的捲曲登錄Instagram的進入重定向循環

2017-01-16 87 views
0

我登錄到使用捲曲和PHP的Instagram,並在去重定向的循環,類似這樣的文字裏迴盪着每一個之間幾乎沒有變化呼應PHP的捲曲登錄Instagram的進入重定向循環

> HTTP/1.1 301 Moved Permanently Location: https://www.instagram.com/ 
> Content-Type: text/plain Server: proxygen Date: Mon, 16 Jan 2017 
> 12:53:26 GMT Connection: keep-alive Content-Length: 0 
> 
> HTTP/1.1 200 OK Content-Type: text/html Vary: Cookie, Accept-Language, 
> Accept-Encoding Content-Language: en Pragma: no-cache Expires: Sat, 01 
> Jan 2000 00:00:00 GMT Strict-Transport-Security: max-age=86400 Date: 
> Mon, 16 Jan 2017 12:53:27 GMT X-Frame-Options: SAMEORIGIN 
> Content-Encoding: gzip Cache-Control: private, no-cache, no-store, 
> must-revalidate Set-Cookie: sessionid=; expires=Thu, 01-Jan-1970 
> 00:00:00 GMT; Max-Age=0; Path=/; HttpOnly; Domain=instagram.com 
> Set-Cookie: csrftoken=uWHWfgmVVhdROoG3HsyIevXMq4mcEGVU; expires=Mon, 
> 15-Jan-2018 12:53:27 GMT; Max-Age=31449600; Path=/; Secure Connection: 
> keep-alive Content-Length: 3373

我正在使用的代碼是這樣的

<?php 

    include_once('simple_html_dom.php'); 

     $usuario = "username"; 
     $password = "password"; 

     $url = 'https://www.instagram.com/'; 
     $url_login = 'https://www.instagram.com/accounts/login/ajax/'; 
     $user_agent = array("Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 ", 
         "(KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36"); 

     $ch = curl_init(); 

     $headers = [ 
     'Accept-Encoding: gzip, deflate', 
     'Accept-Language: en-US;q=0.6,en;q=0.4', 
     'Connection: keep-alive', 
     'Content-Length: 0', 
     'Host: www.instagram.com', 
     'Origin: https://www.instagram.com', 
     'Referer: https://www.instagram.com/', 
     'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36', 
     'X-Instagram-AJAX: 1', 
     'X-Requested-With: XMLHttpRequest' 
     ]; 

     curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); 
     curl_setopt($ch, CURLOPT_URL, $url); 
     curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); 
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
     curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); 
     curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); 
     curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookie/pruebalogininsta3.txt"); 
     curl_setopt($ch, CURLOPT_REFERER, $sTarget); 
     curl_setopt($ch, CURLOPT_HEADER, TRUE); 

     $html = curl_exec($ch); 

     preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $html, $matches); 
     $cookies = array(); 
     foreach($matches[1] as $item) { 
      parse_str($item, $cookie); 
      $cookies = array_merge($cookies, $cookie); 
     } 


     $headers = [ 
     'Accept-Language: en-US;q=0.6,en;q=0.4', 
     'Connection: keep-alive', 
     'Content-Length: 0', 
     'Host: www.instagram.com', 
     'Origin: https://www.instagram.com', 
     'Referer: https://www.instagram.com/', 
     'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36', 
     'X-Instagram-AJAX: 1', 
     'X-Requested-With: XMLHttpRequest' 
     ]; 

     $cadena_agregar_vector = 'X-CSRFToken:'. $cookies["csrftoken"]; 

     $headers[] = $cadena_agregar_vector ; 

     $sPost=http_build_query(array('username'=>$usuario,'password'=>$password)); 


     # Creo que falta agregar la variable POST para que mande un POST y no un GET 

     curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); 
     curl_setopt($ch, CURLOPT_POSTFIELDS, $sPost); 
     curl_setopt($ch, CURLOPT_ENCODING, 'gzip, deflate'); 
     curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); 
     curl_setopt($ch, CURLOPT_URL, $url_login); 

     $html2 = curl_exec($ch); 

     curl_setopt($ch, CURLOPT_URL, "http://www.instagram.com/"); 

     $html4 = curl_exec($ch); 

     echo $html4; 

    ?>

來源

2017-01-16 Pablo

+0

您是否知道您發佈了一個真實在stackoverflow上公開的用戶名/密碼組合?我希望這個@pablodalmazzo賬戶可以在沒有問題的情況下妥協,比如我發佈的一次性賬戶。如果沒有,你應該儘快更改你的密碼。 – hanshenrik

+0

謝謝,我沒有注意到,雖然 – Pablo

+0

請注意,如果您檢查編輯歷史記錄(公開發佈於http://stackoverflow.com/posts/41676960/revisions),則仍然可以看到用戶名/密碼更改密碼 – hanshenrik

回答

2

你做了幾個失誤,

1:您手動添加'Accept-Encoding: gzip, deflate',頭。如果服務器選擇實際使用gzip/deflate,則響應主體會查看所有亂碼(二進制壓縮數據),如果要在curl中使用壓縮,請使用CURLOPT_ENCODING,curl會爲您解壓。 (至少你這樣做是正確的第二個呼叫)

2:你添加Referer: https://www.instagram.com/,只用curl_setopt($ch, CURLOPT_REFERER, $sTarget);後來覆蓋它的時刻,使得自定義頁眉忽略,$ sTarget似乎是一個未定義的變量。

3:你在你的http頭文件中使用captial字母。就我所見,登錄協議在任何標題中都不使用大寫字母。 (例如,你怎麼稱呼它X-Instagram-AJAX: 1,但在登錄頁面調用它x-instagram-ajax: 1

使用hhb_curl從https://github.com/divinity76/hhb_.inc.php/blob/master/hhb_.inc.php

這裏的工作示例代碼:

<?php 
declare(strict_types = 1); 
require_once('hhb_.inc.php'); 
$hc = new hhb_curl(); 
$hc->_setComfortableOptions(); 

$username = 'nigeriansdddd'; 
$password = '[email protected]'; 
// get a cookie session and login page etc 
$hc->exec ('https://www.instagram.com/'); 
// hhb_var_dump($hc->getStdErr(),$hc->getResponseBody()); 
$html = $hc->getResponseBody(); 
$token = getCsrfToken ($html); 
$hc->setopt_array (array (
     CURLOPT_URL => 'https://www.instagram.com/accounts/login/ajax/', 
     CURLOPT_POST => true, 
     CURLOPT_HTTPHEADER => array (
       'x-csrftoken: ' . $token, 
       'x-instagram-ajax: 1', 
       'x-requested-with: XMLHttpRequest', 
       'accept-language: en-US,en;q=0.8,nb;q=0.6', 
       'origin: https://www.instagram.com', 
       'referer: https://www.instagram.com/' 
     ) 
     , 
     CURLOPT_POSTFIELDS => http_build_query (array (
       'username' => $username, 
       'password' => $password 
     )) 
)); 
$hc->exec(); 
// hhb_var_dump ($hc->getStdErr(), $hc->getResponseBody()); 
$jsonRAW = $hc->getResponseBody(); 
$json = json_decode ($jsonRAW, true); 
if (! is_array ($json) || $json ['status'] !== 'ok' || $json ['authenticated'] !== true) { 
    throw new RuntimeException ('failed to login. last curl request: ' . $hc->getStdErr() . $hc->getResponseBody()); 
} 
$hc->exec ('https://www.instagram.com/'); 
$html = $hc->getResponseBody(); 
if (false === strpos ($html, $username)) { 
    throw new RuntimeException ('failed to confirm login. last curl request: ' . $hc->getStdErr() . $hc->getResponseBody()); 
} 
hhb_var_dump ($hc->getStdErr(), $hc->getResponseBody()); 


function getCsrfToken(string $html): string { 
    $matches = array(); 
    $rexret = preg_match ('/\"csrf_token\"\s*\:\s*\"([^\"]*)/', $html, $matches); 
    if ($rexret !== 1) { 
     throw new RuntimeException ('failed to find the csrf token!'); 
    } 
    // hhb_var_dump($rexret,$matches); 
    $csrftoken = $matches [1]; 
    return $csrftoken; 
}

(注:該帳戶,nigeriansdddd/[email protected]只是一個虛擬一次性賬戶,我不在乎賬戶是否受損,這顯然發生在我發佈憑證時)

來源

2017-01-16 20:32:03 hanshenrik

+0

我試過了代碼,但它似乎沒有工作。登錄後不能得到主要的飼料?我使用php7創建了一個帳戶,因爲該庫需要php7,但我得到了相同的結果,這裏是https://yotambienmerio.000webhostapp.com/phpversion.png,在第二次調用該文件後,它觸發了一個致命的錯誤在這裏你可以看到https://yotambienmerio.000webhostapp.com/codigo_del_pibe.php – Pablo

+1

@Pablo是的,你應該得到的主頁。奇怪,它適合我。似乎它失敗'if(!is_array($ json)|| $ json ['status']!=='ok'|| $ json ['authenticated']!== true){',用if(!is_array($ json)|| $ json ['status']!=='ok'|| $ json ['authenticated']!== true)hhb_var_dump($ hc-> getStdErr(), $ hc-> getResponseBody()); 拋出新的RuntimeException('登錄失敗,看標準輸出'); ',並再次運行它,你會得到什麼? – hanshenrik

+1

@Pablo奇怪,我的測試帳戶似乎被刪除了,'您輸入的用戶名不屬於一個帳戶。請檢查您的用戶名並重試。「 - 難怪測試代碼不適用於該帳戶,您是否使用工作帳戶對其進行了測試? – hanshenrik

相關問題

 相關問題