dpv50040 2012-08-08 16:47
浏览 42
已采纳

卷曲登录,会话cookie两次通过

I try to login with curl to a SSL secured website but somehow I don't get it right.

The first curl connection retrieves the login form. An SSL issue in the beginning is resolved now. The fields used for authentication and all hidden fields are identified and used for the following POST. The cookie file is defined and the jar to read from as well. The cookie file is accessible and gets updated with each login attempt. A session cookie is successfully set by curl. The HTTPHEADER is removed to stop the request from hitting the 100 Continue wall. Curl is configured to follow up and to send a referer. However, I still cannot find where the script gets stuck. Neither Curl nor PHP issue any error messages or warnings.

Here is the shortened script:

$ch = curl_init();
curl_setopt($ch, CURLOPT_VERBOSE,       1);
curl_setopt($ch, CURLOPT_HEADER,        1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_AUTOREFERER,   1);
curl_setopt($ch, CURLOPT_HTTPHEADER,    array('Expect:')); // remove Expect header to avoid 100 Continue situations
curl_setopt($ch, CURLOPT_USERAGENT,     'Mozilla [abbreviated]');
curl_setopt($ch, CURLOPT_CAINFO,        dirname(__FILE__).'/cacert.pem');
curl_setopt($ch, CURLOPT_COOKIEFILE,    dirname(__FILE__).'/cookie.hq.txt'); // write cookies
curl_setopt($ch, CURLOPT_COOKIEJAR,     dirname(__FILE__).'/cookie.hq.txt'); // read cookies
curl_setopt($ch, CURLOPT_COOKIESESSION, 1);
curl_setopt($ch, CURLOPT_URL,           'https://the_url.jsp');

$data = curl_exec($ch);
$error= curl_error($ch);
if(!empty($error))
    echo '<p>'.$error.'</p>';
else
    echo '<p>ok</p>';

Now the script reads the form, fills in the credentials and POSTs it back using the same curl_init handle:

curl_setopt($ch, CURLOPT_POST,       1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $options);
$data = curl_exec($ch);
$error=curl_error($ch);

But all I get back is the same form again and the same session cookie or a new one depending on the CURLOPT_COOKIESESSION setting.

When I log in manually I notice that there are two more cookies set: LtpaToken and LtpaToken2 but I never see them appearing in the request headers printed by the script. Manually submitting the form works even without Javascript aktivated. So there cannot be some JS magic modifying the form data under the hood before submitting it. Obviously I am missing something here. Any ideas where I can look further?

Solved: Finally the issue was due to an encoding issue in the POST. Initially the POST data was created from an array with http_build_query(). Now the POST data is simply concatenated and both keys and values are urlencoded separately:

    $options.=urlencode($fieldName).'='.urlencode($element->getAttribute('value'));
  • 写回答

2条回答 默认 最新

  • douyin6188 2012-08-11 09:07
    关注

    Solved: Finally the issue was due to an encoding issue in the POST. Initially the POST data was created from an array with http_build_query(). Now the POST data is simply concatenated and both keys and values are urlencoded separately:

    $options.=urlencode($fieldName).'='.urlencode($element->getAttribute('value'));
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 彩灯控制电路,会的加我QQ1482956179
  • ¥200 相机拍直接转存到电脑上 立拍立穿无线局域网传
  • ¥15 (关键词-电路设计)
  • ¥15 如何解决MIPS计算是否溢出
  • ¥15 vue中我代理了iframe,iframe却走的是路由,没有显示该显示的网站,这个该如何处理
  • ¥15 操作系统相关算法中while();的含义
  • ¥15 CNVcaller安装后无法找到文件
  • ¥15 visual studio2022中文乱码无法解决
  • ¥15 关于华为5g模块mh5000-31接线问题
  • ¥15 keil L6007U报错