dongqiang5541 2017-02-04 08:11
浏览 46
已采纳

使用asp.net url设置密码字段的发布数据

I'm trying to login to this asp.net page from my PHP code, (set username field value, set password field value, press button and then check where it is redirected.) I can set the username field, but for some reason I cannot set the password field (see line 226 in HTML file).

<?php
$url = "https://www.lectio.dk/lectio/518/login.aspx";
$ckfile = tempnam("/tmp", "CURLCOOKIE");
$useragent = 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2';

$username = "XXXXXXX";
$password = "XXXXXXX";


$f = fopen('log.txt', 'w'); // file to write request header for debug purpose

/**
    Get __VIEWSTATE & __EVENTVALIDATION
 */
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);

$html = curl_exec($ch);

curl_close($ch);

preg_match('~<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="(.*?)" />~', $html, $viewstate);
preg_match('~<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="(.*?)" />~', $html, $eventValidation);

$viewstate = $viewstate[1];
$eventValidation = $eventValidation[1];

/**
 Start Login process
 */
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_STDERR, $f);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);

// Collecting all POST fields
$postfields = array();
$postfields['__EVENTTARGET'] = "m_Content_submitbtn2";
$postfields['__EVENTARGUMENT'] = "";
$postfields['__VIEWSTATE'] = $viewstate;
$postfields['__EVENTVALIDATION'] = $eventValidation;
$postfields['m$Content$username2'] = $username;
$postfields['m$Content$password2'] = $password;

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$ret = curl_exec($ch); // Get result after login page.
$last_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
print $last_url;
?>
  • 写回答

1条回答 默认 最新

  • dragonlew9876 2017-02-04 08:31
    关注

    From what I can see the password seems to be sent through the POST field m$Content$passwordHidden. Try changing $postfields['m$Content$password2'] = $password; to $postfields['m$Content$passwordHidden'] = $password;

    Edit: I found something else you can change. When I send a login request I have __EVENTTARGET set to m$Content$submitbtn2 and __VIEWSTATEX instead of __VIEWSTATE so:

    preg_match('~<input type="hidden" name="__VIEWSTATEX" id="__VIEWSTATEX" value="(.*?)" />~', $html, $viewstate);
...
$postfields['__EVENTTARGET'] = "m$Content$submitbtn2";
...
$postfields['__VIEWSTATEX'] = $viewstate;
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?