我买了一本书在网上抓取php。其中作者登录到https://www.packtpub.com/。这本书已经过时了,所以我无法真正测试出想法,因为网页自发布以来已经发生了变化。这是我正在使用的修改后的代码,但登录失败,我从“帐户选项”字符串中得出的结论不在$results
变量中。我应该改变什么?我相信错误来自错误地指定目的地。用cURL登录到网页与PHP
<?php
// Function to submit form using cURL POST method
function curlPost($postUrl, $postFields, $successString) {
$useragent = 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5;
en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3'; // Setting useragent of a popular browser
$cookie = 'cookie.txt'; // Setting a cookie file to storecookie
$ch = curl_init(); // Initialising cURL session
// Setting cURL options
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); // PreventcURL from verifying SSL certificate
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, TRUE); // Script shouldfail silently on error
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE); // Use cookies
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); // FollowLocation: headers
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); // Returningtransfer as a string
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie); // Settingcookiefile
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie); // Settingcookiejar
curl_setopt($ch, CURLOPT_USERAGENT, $useragent); // Settinguseragent
curl_setopt($ch, CURLOPT_URL, $postUrl); // Setting URL to POSTto
curl_setopt($ch, CURLOPT_POST, TRUE); // Setting method as POST
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postFields)); // Setting POST fields as array
$results = curl_exec($ch); // Executing cURL session
$httpcode = curl_getinfo($ch,CURLINFO_HTTP_CODE);
echo "$httpcode";
curl_close($ch); // Closing cURL session
// Checking if login was successful by checking existence of string
if (strpos($results, $successString)) {
echo "I'm in.";
return $results;
} else {
echo "Nope, sth went wrong.";
return FALSE;
}
}
$userEmail = '[email protected]'; // Setting your email address for site login
$userPass = 'yourpass'; // Setting your password for sitelogin
$postUrl = 'https://www.packtpub.com'; // Setting URL toPOST to
// Setting form input fields as 'name' => 'value'
$postFields = array(
'email' => $userEmail,
'password' => $userPass,
'destination' => 'https://www.packtpub.com',
'form_id' => 'packt-user-login-form'
);
$successString = 'Account Options';
$loggedIn = curlPost($postUrl, $postFields, $successString); //Executing curlPost login and storing results page in $loggedIn
编辑:POST请求:
我取代了线
'destination' => 'https://www.packtpub.com'
with
'op' => 'Login'
,加入
'form_build_id' => ''
和编辑
$postUrl = 'https://www.packtpub.com/register';
因为这是我在选择复制为cURL并在编辑器中粘贴时所得到的URL。
我仍然在“没有,出错了信息”。我认为这是因为$successString
首先不会被存储在curl中。应该设置的form-build-id是什么?它每次登录时都在变化。
'form_build_id'可能是一个CSRF令牌。如果是这样,您将不得不向登录页面发出请求(GET请求),然后解析HTML以提取此值。这可能是隐藏的表单字段。尝试使用空白'form_build_id'在Firefox中重播请求并检查响应。 – BugHunterUK
看起来'form_build_id'是一个CSRF令牌。他们似乎在使用Drupal。我现在没有时间用PHP编写cURL请求。如果我有时间回家,我会为你举一个例子。以下是有关CSRF令牌的一些有用信息,以及为什么使用它们:https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29 – BugHunterUK
另请注意,您已使用'-' 'form_id'中的'_':p – BugHunterUK