dongqiao9015 2016-06-03 03:13
浏览 34
已采纳

通过cURL抓取受保护的内容

I'm currently developing a Dashboard for users that grabs graph data from another site. To get this graph, it requires you to be logged in.

The form I'm attempting to replicate contains this code:

<form method="POST" action="https://redacted/auth/login" accept-charset="UTF-8" id="loginform" name="loginform"><input name="_token" type="hidden" value="xyxRW0w8ZjHyP7ZvrCFygqcNkPZ37P35wh8NifuC">
    <table class="form spaceform">
        <tr>
            <td class='label'><label for="email">Email address:</label></td>
            <td><input name="email" type="text" id="email"></td>
        </tr>
        <tr>
            <td class='label'></td>
            <td>
                <input id="has_account_new" name="has_account" type="radio" value="new">
                <label for="has_account_new">I am a new customer</label><br />
                <input id="has_account_return" checked="checked" name="has_account" type="radio" value="return">
                <label for="has_account_return">I am a returning customer</label>
            </td>
        </tr>
        <tr>
            <td class='label'><label for="password">Password:</label></td>
            <td><input name="password" type="password" value="" id="password"></td>
        </tr>
        <tr>
            <td></td>
            <td><a href="https://redacted/auth/forgot">Forgot your password?</a></td>
        </tr>
        <tr>
            <td colspan='2' align='center' class='noborder'><br />
                <input type="submit" value="Login">
            </td>
        </tr>
    </table>
    <input name="_token" type="hidden" value="xyxRW0w8ZjHyP7ZvrCFygqcNkPZ37P35wh8NifuC">        
    <input type="hidden" name="page_transfer" value="0" />
</form>

and the PHP code I'm currently using to try and login and grab the graphs:

$username = 'demo@demo.com';
$password = 'demo';
$loginUrl = 'https://redacted/auth/login/';


$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $loginUrl);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'email='.$username.'&password='.$password.'&has_account=return&_token=PM2dY2hlbkPLvB97FyjL7cnPwryHXgfiex5050Iy&page_transfer=0');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

$store = curl_exec($ch);

curl_setopt($ch, CURLOPT_URL, 'https://redacted/ucp/view-graph/157/0/1');

$content = curl_exec($ch);

curl_close($ch);

echo $content;

The current output is HTML redirecting me back to their login form which I'm guessing is because I'm missing something on the POST request. I'm also seeing tokens inside the login form which I'm unsure of, could this be something to-do with it?

  • 写回答

2条回答 默认 最新

  • doucong8553 2016-06-04 01:12
    关注

    Definitely. The server may be denying any login attempt not containing a token value issued by the same server. I suggest adding the token value to the posted fields.

    Moreover, you should first get the login page in order to have a "fresh" token, then post with it. Let me add that you will probably be receiving some cookie after you do the get. That cookie you should send along in the post. I think curl does that by default if you don't close the handle.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 matlab实现基于主成分变换的图像融合。
  • ¥15 对于相关问题的求解与代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料
  • ¥15 使用R语言marginaleffects包进行边际效应图绘制
  • ¥20 usb设备兼容性问题
  • ¥15 错误(10048): “调用exui内部功能”库命令的参数“参数4”不能接受空数据。怎么解决啊