我買了一本書在網上抓取php。其中作者登錄到https://www.packtpub.com/。這本書已經過時了,所以我無法真正測試出想法,因爲網頁自發布以來已經發生了變化。這是我正在使用的修改後的代碼,但登錄失敗,我從「帳戶選項」字符串中得出的結論不在$results
變量中。我應該改變什麼?我相信錯誤來自錯誤地指定目的地。用cURL登錄到網頁與PHP
<?php
// Function to submit form using cURL POST method
function curlPost($postUrl, $postFields, $successString) {
$useragent = 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5;
en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3'; // Setting useragent of a popular browser
$cookie = 'cookie.txt'; // Setting a cookie file to storecookie
$ch = curl_init(); // Initialising cURL session
// Setting cURL options
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); // PreventcURL from verifying SSL certificate
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, TRUE); // Script shouldfail silently on error
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE); // Use cookies
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); // FollowLocation: headers
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); // Returningtransfer as a string
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie); // Settingcookiefile
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie); // Settingcookiejar
curl_setopt($ch, CURLOPT_USERAGENT, $useragent); // Settinguseragent
curl_setopt($ch, CURLOPT_URL, $postUrl); // Setting URL to POSTto
curl_setopt($ch, CURLOPT_POST, TRUE); // Setting method as POST
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postFields)); // Setting POST fields as array
$results = curl_exec($ch); // Executing cURL session
$httpcode = curl_getinfo($ch,CURLINFO_HTTP_CODE);
echo "$httpcode";
curl_close($ch); // Closing cURL session
// Checking if login was successful by checking existence of string
if (strpos($results, $successString)) {
echo "I'm in.";
return $results;
} else {
echo "Nope, sth went wrong.";
return FALSE;
}
}
$userEmail = '[email protected]'; // Setting your email address for site login
$userPass = 'yourpass'; // Setting your password for sitelogin
$postUrl = 'https://www.packtpub.com'; // Setting URL toPOST to
// Setting form input fields as 'name' => 'value'
$postFields = array(
'email' => $userEmail,
'password' => $userPass,
'destination' => 'https://www.packtpub.com',
'form_id' => 'packt-user-login-form'
);
$successString = 'Account Options';
$loggedIn = curlPost($postUrl, $postFields, $successString); //Executing curlPost login and storing results page in $loggedIn
編輯:POST請求:
我取代了線
'destination' => 'https://www.packtpub.com'
with
'op' => 'Login'
,加入
'form_build_id' => ''
和編輯
$postUrl = 'https://www.packtpub.com/register';
因爲這是我在選擇複製爲cURL並在編輯器中粘貼時所得到的URL。
我仍然在「沒有,出錯了信息」。我認爲這是因爲$successString
首先不會被存儲在curl中。應該設置的form-build-id是什麼?它每次登錄時都在變化。
'form_build_id'可能是一個CSRF令牌。如果是這樣,您將不得不向登錄頁面發出請求(GET請求),然後解析HTML以提取此值。這可能是隱藏的表單字段。嘗試使用空白'form_build_id'在Firefox中重播請求並檢查響應。 – BugHunterUK
看起來'form_build_id'是一個CSRF令牌。他們似乎在使用Drupal。我現在沒有時間用PHP編寫cURL請求。如果我有時間回家,我會爲你舉一個例子。以下是有關CSRF令牌的一些有用信息,以及爲什麼使用它們:https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29 – BugHunterUK
另請注意,您已使用'-' 'form_id'中的'_':p – BugHunterUK