CURL身份验证丢失了吗?

时间:2009-10-18 03:22:36

标签: php authentication cookies curl

我通过CURL验证登录就好了。我有一个变量用于显示返回的HTML,它返回我的用户控制面板,就像我已登录一样。

在进行身份验证后,我想在站点内的另一个页面上与表单进行通信;但由于某种原因,该页面的HTML返回了一个未经过身份验证的标题版本(就像原始身份验证从未发生过一样。)

我有一个具有777权限的cookies.txt文件,并尝试在我进行身份验证时获取显示的同一页面的内容,就好像我在此过程中丢失任何关联的会话/ cookie数据一样。

这是我的curl.class文件 -

<?

class Curl {

    public $cookieJar = "";

    // Make sure the cookies.txt file is read/write permissions
    public function __construct($cookieJarFile = 'cookies.txt') {
        $this->cookieJar = $cookieJarFile;
    }

    function setup() {
        $header = array();
        $header[0]  = "Accept: text/xml,application/xml,application/xhtml+xml,";
        $header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
        $header[]   = "Cache-Control: max-age=0";
        $header[]   = "Connection: keep-alive";
        $header[]   = "Keep-Alive: 300";
        $header[]   = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
        $header[]   = "Accept-Language: en-us,en;q=0.5";
        $header[]   = "Pragma: "; // browsers keep this blank.

        curl_setopt($this->curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7');
        curl_setopt($this->curl, CURLOPT_HTTPHEADER, $header);
        curl_setopt($this->curl, CURLOPT_COOKIEJAR, $this->cookieJar);
        curl_setopt($this->curl, CURLOPT_COOKIEFILE, $this->cookieJar);
        curl_setopt($this->curl, CURLOPT_AUTOREFERER, true);
        curl_setopt($this->curl, CURLOPT_COOKIESESSION, true);
        curl_setopt($this->curl, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($this->curl, CURLOPT_RETURNTRANSFER, true);
    }

    function get($url) {
        $this->curl = curl_init($url);
        $this->setup();

        return $this->request();
    }

    function getAll($reg, $str) {
        preg_match_all($reg, $str, $matches);
        return $matches[1];
    }

    function postForm($url, $fields, $referer = '') {
        $this->curl = curl_init($url);
        $this->setup();
        curl_setopt($this->curl, CURLOPT_URL, $url);
        curl_setopt($this->curl, CURLOPT_POST, 1);
        curl_setopt($this->curl, CURLOPT_REFERER, $referer);
        curl_setopt($this->curl, CURLOPT_POSTFIELDS, $fields);
        return $this->request();
    }

    function getInfo($info) {
        $info = ($info == 'lasturl') ? curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL) : curl_getinfo($this->curl, $info);
        return $info;
    }

    function request() {
        return curl_exec($this->curl);
    }
}
?>

这是我的curl.php文件 -

<?
include('curl.class.php'); // This path would change to where you store the file
$curl = new Curl();

$url = "http://www.site.com/public/member/signin";
$fields = "MAX_FILE_SIZE=50000000&dado_form_3=1&member[email]=email&member[password]=pass&x=16&y=5&member[persistent]=true";

// Calling URL
$referer = "http://www.site.com/public/member/signin";

$html = $curl->postForm($url, $fields, $referer);

echo($html);
?>
<hr style="clear:both;"/>
<?

$html = $curl->postForm('http://www.site.com/index.php','nid=443&sid=733005&tab=post&eval=yes&ad=&MAX_FILE_SIZE=10000000&ip=63.225.235.30','http://www.site.com/public/member/signin');

echo $html; // This will show you the HTML of the current page you and logged into
?>

有什么想法吗?

2 个答案:

答案 0 :(得分:1)

在执行HTTP脚本编写时,您应该首先使用LiveHTTPHeaders或类似工具来记录手动会话,然后在编写curl内容时尽可能地模仿它。

另外(不幸的是)命令行工具curl提供了比PHP绑定更好的调试和跟踪选项,这使得它成为一个更好的工具,可以准确地计算出你需要做什么,一旦工作,你将它转换为PHP程序。

有关详细信息,请参阅http://curl.haxx.se/docs/httpscripting.html

答案 1 :(得分:0)

呃,请告诉我们服务器使用的身份验证方案。并非所有方案都使用cookie。