dpv50040 2012-08-08 16:47
浏览 42
已采纳

卷曲登录,会话cookie两次通过

I try to login with curl to a SSL secured website but somehow I don't get it right.

The first curl connection retrieves the login form. An SSL issue in the beginning is resolved now. The fields used for authentication and all hidden fields are identified and used for the following POST. The cookie file is defined and the jar to read from as well. The cookie file is accessible and gets updated with each login attempt. A session cookie is successfully set by curl. The HTTPHEADER is removed to stop the request from hitting the 100 Continue wall. Curl is configured to follow up and to send a referer. However, I still cannot find where the script gets stuck. Neither Curl nor PHP issue any error messages or warnings.

Here is the shortened script:

$ch = curl_init();
curl_setopt($ch, CURLOPT_VERBOSE,       1);
curl_setopt($ch, CURLOPT_HEADER,        1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_AUTOREFERER,   1);
curl_setopt($ch, CURLOPT_HTTPHEADER,    array('Expect:')); // remove Expect header to avoid 100 Continue situations
curl_setopt($ch, CURLOPT_USERAGENT,     'Mozilla [abbreviated]');
curl_setopt($ch, CURLOPT_CAINFO,        dirname(__FILE__).'/cacert.pem');
curl_setopt($ch, CURLOPT_COOKIEFILE,    dirname(__FILE__).'/cookie.hq.txt'); // write cookies
curl_setopt($ch, CURLOPT_COOKIEJAR,     dirname(__FILE__).'/cookie.hq.txt'); // read cookies
curl_setopt($ch, CURLOPT_COOKIESESSION, 1);
curl_setopt($ch, CURLOPT_URL,           'https://the_url.jsp');

$data = curl_exec($ch);
$error= curl_error($ch);
if(!empty($error))
    echo '<p>'.$error.'</p>';
else
    echo '<p>ok</p>';

Now the script reads the form, fills in the credentials and POSTs it back using the same curl_init handle:

curl_setopt($ch, CURLOPT_POST,       1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $options);
$data = curl_exec($ch);
$error=curl_error($ch);

But all I get back is the same form again and the same session cookie or a new one depending on the CURLOPT_COOKIESESSION setting.

When I log in manually I notice that there are two more cookies set: LtpaToken and LtpaToken2 but I never see them appearing in the request headers printed by the script. Manually submitting the form works even without Javascript aktivated. So there cannot be some JS magic modifying the form data under the hood before submitting it. Obviously I am missing something here. Any ideas where I can look further?

Solved: Finally the issue was due to an encoding issue in the POST. Initially the POST data was created from an array with http_build_query(). Now the POST data is simply concatenated and both keys and values are urlencoded separately:

    $options.=urlencode($fieldName).'='.urlencode($element->getAttribute('value'));
  • 写回答

2条回答 默认 最新

  • douyin6188 2012-08-11 09:07
    关注

    Solved: Finally the issue was due to an encoding issue in the POST. Initially the POST data was created from an array with http_build_query(). Now the POST data is simply concatenated and both keys and values are urlencoded separately:

    $options.=urlencode($fieldName).'='.urlencode($element->getAttribute('value'));
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 delta降尺度计算的一些细节,有偿
  • ¥15 Arduino红外遥控代码有问题
  • ¥15 数值计算离散正交多项式
  • ¥30 数值计算均差系数编程
  • ¥15 redis-full-check比较 两个集群的数据出错
  • ¥15 Matlab编程问题
  • ¥15 训练的多模态特征融合模型准确度很低怎么办
  • ¥15 kylin启动报错log4j类冲突
  • ¥15 超声波模块测距控制点灯,灯的闪烁很不稳定,经过调试发现测的距离偏大
  • ¥15 import arcpy出现importing _arcgisscripting 找不到相关程序