使用cURL和PHP登录网站

Question

嘿，我正在尝试登录到NJIT网站，检查用户名和密码是否正确。出于某种原因，即使我使用了正确的凭据，我仍然被拒绝。另外我如何去掉$ result来检查它是否包含“失败”，这意味着证书是错误的。这是我的代码。

主营：

<?PHP 
session_start(); 
require_once('functions.php'); 

//$UCID=$_POST['UCID']; 
//$Pass=$_POST['Pass']; 

$UCID="jko328"; 
$Pass="password"; 
$credentialsNJIT="user=".$UCID."&pass=".$Pass; 

$njit_url="https://cp4.njit.edu/cp/home/login"; 

$njit_result=goCurlNJIT($credentialsNJIT, $njit_url); 
echo $result; 

?> 

这里是卷曲功能：

function goCurlNJIT($postdata, $url){ 

session_start(); 

    $ch = curl_init(); 
    curl_setopt ($ch, CURLOPT_URL, $url); 
    curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); 
    curl_setopt ($ch, CURLOPT_TIMEOUT, 60); 
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 
    curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS); 
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY); 
    curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true); 
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true); 
    curl_setopt ($ch, CURLOPT_REFERER, $url); 
    curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata); 
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); 
    curl_setopt ($ch, CURLOPT_POST, true); 

    $result = curl_exec($ch); 
    curl_close($ch); 

    if(strpos($result, "Failed") === false){ 
     $response = "NJIT did not like credentials"; 
    } 
    else{ 
     $response = "NJIT liked your credentials"; 
     } 

echo $response; 

}

Answer 1

其实，当我们加载一个页面就保存Cookie，并发送。因此，要登录您首先需要访问没有凭据的页面并保存cookie。在下一个请求中，您需要发送Cookie。为了避免僵尸脚本登录，通常网站有动态隐藏字段和其他证券..在这种情况下，你不能登录。

Answer 2

我更新功能太多，使它更灵活。 - 如果需要，您可以进一步更新。

首先，也是最重要的，你需要创建在您的报废文件是目录text file命名cookie.txt。

function goCurlNJIT($header = array(), $url, $post = false) 
    {  
     $cookie = "cookie.txt"; 
     $ch = curl_init(); 
     curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate,sdch'); 
     if (isset($header) && !empty($header)) 
     { 
      curl_setopt($ch, CURLOPT_HTTPHEADER, $header); 

     } 
     curl_setopt($ch, CURLOPT_URL, $url); 
     curl_setopt($ch, CURLOPT_HEADER, 0); 
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
     curl_setopt($ch, CURLOPT_TIMEOUT, 200); 
     curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); 
     curl_setopt($ch, CURLOPT_MAXREDIRS, 5); 
     curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"); 
     curl_setopt($ch, CURLOPT_COOKIEJAR, realpath($cookie)); 
     curl_setopt($ch, CURLOPT_COOKIEFILE, realpath($cookie)); 
     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
     curl_setopt($ch, CURLOPT_REFERER, $url); 

     //if it's a POST request instead of GET 

     if (isset($post) && !empty($post) && $post) 
     { 
      curl_setopt($ch, CURLOPT_POST, true); 
      curl_setopt($ch, CURLOPT_POSTFIELDS, $post); 
     } //endif 
     $data = curl_exec($ch); 
     curl_close($ch); 
     if($info['http_code'] == 200){ 
      return ($data);  //this will return page on successful, false otherwise 
     }else{ 
      return false; 
     } 
    } 

，如果你付出了近距离观察Requested Headers，你可以看到，有一个不寻常的头那里，那是Upgrade-Insecure-Requests:1（我个人没有见过这个，所以它是明智的与请求一起发送）。

Next您要发布的请求并不像它应该的那样，你错过了一些东西。

$UCID="jko328"; 
$Pass="password"; 
$credentialsNJIT="user=".$UCID."&pass=".$Pass; // where is uuid? 

它应该是这样的。您从post string跳过uuid。

pass=password&user=jko328&uuid=0xACA021 

所以把干脆，

$post['user'] = "jko328"; 
$post['pass'] = "password"; 
$post['uuid'] = '0xACA021'; 
$urlToPost = "https://cp4.njit.edu/cp/home/login"; 
$header['Upgrade-Insecure-Requests'] = 1; 
//Now make call to function, and it'll work fine. 
echo goCurlNJIT($header, $urlToPost, http_build_query($post)); 

，这将很好地工作。确保您已在此脚本所在的目录中创建了cookie.txt文件。