使用cURL和PHP登錄網站

Question

嘿，我正在嘗試登錄到NJIT網站，檢查用戶名和密碼是否正確。出於某種原因，即使我使用了正確的憑據，我仍然被拒絕。另外我如何去掉$ result來檢查它是否包含「失敗」，這意味着證書是錯誤的。這是我的代碼。

主營：

<?PHP 
session_start(); 
require_once('functions.php'); 

//$UCID=$_POST['UCID']; 
//$Pass=$_POST['Pass']; 

$UCID="jko328"; 
$Pass="password"; 
$credentialsNJIT="user=".$UCID."&pass=".$Pass; 

$njit_url="https://cp4.njit.edu/cp/home/login"; 

$njit_result=goCurlNJIT($credentialsNJIT, $njit_url); 
echo $result; 

?> 

這裏是捲曲功能：

function goCurlNJIT($postdata, $url){ 

session_start(); 

    $ch = curl_init(); 
    curl_setopt ($ch, CURLOPT_URL, $url); 
    curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); 
    curl_setopt ($ch, CURLOPT_TIMEOUT, 60); 
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 
    curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS); 
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY); 
    curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true); 
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true); 
    curl_setopt ($ch, CURLOPT_REFERER, $url); 
    curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata); 
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); 
    curl_setopt ($ch, CURLOPT_POST, true); 

    $result = curl_exec($ch); 
    curl_close($ch); 

    if(strpos($result, "Failed") === false){ 
     $response = "NJIT did not like credentials"; 
    } 
    else{ 
     $response = "NJIT liked your credentials"; 
     } 

echo $response; 

}

Answer 1

其實，當我們加載一個頁面就保存Cookie，併發送。因此，要登錄您首先需要訪問沒有憑據的頁面並保存cookie。在下一個請求中，您需要發送Cookie。爲了避免殭屍腳本登錄，通常網站有動態隱藏字段和其他證券..在這種情況下，你不能登錄。

Answer 2

我更新功能太多，使它更靈活。 - 如果需要，您可以進一步更新。

首先，也是最重要的，你需要創建在您的報廢文件是目錄text file命名cookie.txt。

function goCurlNJIT($header = array(), $url, $post = false) 
    {  
     $cookie = "cookie.txt"; 
     $ch = curl_init(); 
     curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate,sdch'); 
     if (isset($header) && !empty($header)) 
     { 
      curl_setopt($ch, CURLOPT_HTTPHEADER, $header); 

     } 
     curl_setopt($ch, CURLOPT_URL, $url); 
     curl_setopt($ch, CURLOPT_HEADER, 0); 
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
     curl_setopt($ch, CURLOPT_TIMEOUT, 200); 
     curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); 
     curl_setopt($ch, CURLOPT_MAXREDIRS, 5); 
     curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"); 
     curl_setopt($ch, CURLOPT_COOKIEJAR, realpath($cookie)); 
     curl_setopt($ch, CURLOPT_COOKIEFILE, realpath($cookie)); 
     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
     curl_setopt($ch, CURLOPT_REFERER, $url); 

     //if it's a POST request instead of GET 

     if (isset($post) && !empty($post) && $post) 
     { 
      curl_setopt($ch, CURLOPT_POST, true); 
      curl_setopt($ch, CURLOPT_POSTFIELDS, $post); 
     } //endif 
     $data = curl_exec($ch); 
     curl_close($ch); 
     if($info['http_code'] == 200){ 
      return ($data);  //this will return page on successful, false otherwise 
     }else{ 
      return false; 
     } 
    } 

，如果你付出了近距離觀察Requested Headers，你可以看到，有一個不尋常的頭那裏，那是Upgrade-Insecure-Requests:1（我個人沒有見過這個，所以它是明智的與請求一起發送）。

Next您要發佈的請求並不像它應該的那樣，你錯過了一些東西。

$UCID="jko328"; 
$Pass="password"; 
$credentialsNJIT="user=".$UCID."&pass=".$Pass; // where is uuid? 

它應該是這樣的。您從post string跳過uuid。

pass=password&user=jko328&uuid=0xACA021 

所以把乾脆，

$post['user'] = "jko328"; 
$post['pass'] = "password"; 
$post['uuid'] = '0xACA021'; 
$urlToPost = "https://cp4.njit.edu/cp/home/login"; 
$header['Upgrade-Insecure-Requests'] = 1; 
//Now make call to function, and it'll work fine. 
echo goCurlNJIT($header, $urlToPost, http_build_query($post)); 

，這將很好地工作。確保您已在此腳本所在的目錄中創建了cookie.txt文件。