dongpangfu6322 2013-05-13 23:15
浏览 39

cUrl登录无效

I'm trying to login to one of my sites using curl to pull information off the page. It does not seem to be working. Here's the code I'm trying. If it helps I can create a user/pass for just this scenario.

<?php

$username = 'xxx';
$password = 'xxx';
$loginUrl = 'http://gwintersdev.com/user';
$finalUrl = 'http://gwintersdev.com/admin';

$userinput = 'name';
$passwordinput = 'pass';

$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt($ch, CURLOPT_URL,$loginUrl);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "$userinput=$username&$passwordinput=$password");
curl_setopt($ch, CURLOPT_USERAGENT, 'user-agent');


ob_start();      // prevent any output
curl_exec ($ch); // execute the curl command
ob_end_clean();  // stop preventing output

curl_close ($ch);
unset($ch);

$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
curl_setopt($ch, CURLOPT_URL, $finalUrl);

$buf2 = curl_exec ($ch);

curl_close ($ch);
print $buf2;
?>

Update: I was able to get the above working, but I'm trying this on a different ASP site and it's not working. I grabbed all the hidden fields and added them to the post string, but it still won't login.

<?php
$username = 'xxx';
$password = 'xxx';
$loginUrl = 'http://vitalstim.com/health_professionals/certified_provider_resources/forum.aspx';
$finalUrl = 'http://vitalstim.com/health_professionals/certified_provider_resources/forum.aspx';
$userinput = 'ctl00$ContentPlaceHolder1$uc_login$txtUser';
$passwordinput = 'ctl00$ContentPlaceHolder1$uc_login$txtPass';
$login = 'ctl00$ContentPlaceHolder1$uc_login$butLogin';

$validation_input = '__EVENTVALIDATION';
$validation_input_value = '/wEWAgKf+PTrBQKItpn5BDXHCHsANbEpwkEBmMyNv+32L2Ec';
$view_state = '/wEPDwUJLTQyMjg0NzI0D2QWAmYPZBYGAgEPZBYEAgYPFgIeB1Zpc2libGVoZAIHDxYCHwBoZAIDD2QWBAIBD2QWCAIBD2QWBAIBDw8WAh4EVGV4dGVkZAIFDw8WAh8AaGRkAgcPZBYCAgEPZBYCAgMPZBYCAgEPFgIfAGhkAgkPDxYCHwBoZGQCCw8PFgIfAGhkZAIDDxYCHwBoZAIFDw8WAh8BBXY8c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0IiB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPgokKGRvY3VtZW50KS5yZWFkeShmdW5jdGlvbigpIHsKVml0YWxTdGltLkluaXQoNCk7Cn0pOwo8L3NjcmlwdD4KZGRkdz/7+FcQ1E1sbC0Gua3jJsCGSnM=';
$event_valid = '/wEWBwKeiM4xAoi2mfkEAurz/r4MAvTX0jYC+4GopQkCo6iimggC2pO41g77y84VwyhP6Ek+7PGZYDNgOawRZw==';

$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt($ch, CURLOPT_URL, $loginUrl);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,   "$userinput=$username&$passwordinput=$password&$validation_input=$validation_input_value&$login=login&__EVENTVALIDATION=$event_valid&_VIEWSTATE=$view_state");
curl_setopt($ch, CURLOPT_USERAGENT, 'user-agent');
curl_exec ($ch); // execute the curl command

curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
curl_setopt($ch, CURLOPT_URL, $finalUrl);

$buf2 = curl_exec ($ch);
curl_close ($ch);
print $buf2;
?>
  • 写回答

2条回答 默认 最新

  • duangutang3940 2013-05-13 23:48
    关注

    It looks like you are missing two hidden fields that are in the source of that form. CSRF protection kinda. You can try scrapeing that, by doing a third request, before the other two, and getting those values, and putting them in the second request.

    Also, like i said in my comment above, dont close your curl handler.

    Any more info you can give would be awesome

    EDIT:

    As for the ASP page: asp is terribly difficult to curl this with. It could easily be hiding fields that you need. My suggestion would be to create a fake page, that print_r's $_POST and $_GET, and change the action of the form on their page with chrome, or firebug, to submit to your page. Just to check if you are missing anything

    I did what i suggested to try, and i got this:

    Array
(
    [__EVENTTARGET] => 
    [__EVENTARGUMENT] => 
    [__VIEWSTATE] => /wEPDwUJLTQyMjg0NzI0D2QWAmYPZBYGAgEPZBYEAgYPFgIeB1Zpc2libGVoZAIHDxYCHwBoZAIDD2QWBAIBD2QWCAIBD2QWBAIBDw8WAh4EVGV4dGVkZAIFDw8WAh8AaGRkAgcPZBYCAgEPZBYCAgMPZBYCAgEPFgIfAGhkAgkPDxYCHwBoZGQCCw8PFgIfAGhkZAIDDxYCHwBoZAIFDw8WAh8BBXY8c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0IiB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPgokKGRvY3VtZW50KS5yZWFkeShmdW5jdGlvbigpIHsKVml0YWxTdGltLkluaXQoNCk7Cn0pOwo8L3NjcmlwdD4KZGRkdz/7+FcQ1E1sbC0Gua3jJsCGSnM=
    [ctl00$ContentPlaceHolder1$uc_login$txtUser] => test
    [ctl00$ContentPlaceHolder1$uc_login$txtPass] => test
    [ctl00$ContentPlaceHolder1$uc_login$butLogin] => Login
    [__EVENTVALIDATION] => /wEWBwKeiM4xAoi2mfkEAurz/r4MAvTX0jYC+4GopQkCo6iimggC2pO41g77y84VwyhP6Ek+7PGZYDNgOawRZw==
)
    评论

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度