我尝试使用以下代码登录Steam。
steamcommunity.com/login/getrsakey第一次请求成功。
始终请求steamcommunity.com/login/dologin/给出错误incorrect login.
也许处理加密密码或需要添加ssl。
我用来加密http://phpseclib.sourceforge.net/
function geturl($url, $ref, $cookie, $postdata, $header, &$info, &$output)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36');
if ($ref)
{
curl_setopt($ch, CURLOPT_REFERER, $ref);
}
if ($cookie)
{
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
}
if ($postdata)
{
curl_setopt($ch, CURLOPT_POST, true);
$postStr = "";
foreach ($postdata as $key => $value)
{
if ($postStr)
$postStr .= "&";
$postStr .= $key . "=" . $value;
}
curl_setopt($ch, CURLOPT_POSTFIELDS, $postStr);
}
curl_setopt($ch, CURLOPT_HEADER, $header);
$info = curl_getinfo($ch);
$output = curl_exec($ch);
curl_close($ch);
}
geturl("https://steamcommunity.com/login/getrsakey", null, null, array('username' => $login), 0, $info, $output);
$data = json_decode($output, true);
if ($data['success'] === true)
{
$publickey_exp = $data['publickey_exp'];
$publickey_mod = $data['publickey_mod'];
$RSA = new Crypt_RSA();
$RSA->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$n = new Math_BigInteger($publickey_mod, 16);
$e = new Math_BigInteger($publickey_exp, 16);
$key = array("modulus"=>$n, "publicExponent"=>$e);
$RSA->loadKey($key, CRYPT_RSA_PUBLIC_FORMAT_RAW);
$encryptedPassword = base64_encode($RSA->encrypt($password, false));
$captchaGid = -1;
$captchaText;
$emailAuth;
$emailSteamId;
$params = array(
'username' => $login,
'password' => $encryptedPassword,
'rsatimestamp' => $data['timestamp'],
'captcha_gid' => $captchaGid,
'captcha_text' => $captchaText,
'emailauth' => $emailAuth,
'emailsteamid' => $emailSteamId
);
geturl("https://steamcommunity.com/login/dologin/", null, null, $params, 0, $info, $output);
$data = json_decode($output, true);
var_dump($data);
if ($data['captcha_needed'])
{
$captchaGid = $data['captcha_gid'];
echo '<img src="https://steamcommunity.com/public/captcha.php?gid=' . $captchaGid . '">';
}
}
答案 0 :(得分:1)
我认为使用第三方库进行身份验证会更好。 检查一下:https://github.com/SmItH197/SteamAuthentication
它会创建登录按钮,例如“通过Facebook登录”。
编辑:Steam已经拥有自己的API https://steamcommunity.com/dev
答案 1 :(得分:0)
我无法确定,但看起来您尝试使用Steam作为登录方法将用户登录到您的网站。这是你想要做的吗?如果是这样,我建议使用LightOpenID库。
<?php
require 'includes/lightopenid/openid.php';
$_STEAMAPI = "YOURSTEAMAPIKEY";
try
{
$openid = new LightOpenID('http://URL.TO.REDIRECT.TO.AFTER.LOGIN/');
if(!$openid->mode)
{
if(isset($_GET['login']))
{
$openid->identity = 'http://steamcommunity.com/openid/?l=english'; // This is forcing english because it has a weird habit of selecting a random language otherwise
header('Location: ' . $openid->authUrl());
}
?>
<form action="?login" method="post">
<input type="image" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png">
</form>
<?php
}
elseif($openid->mode == 'cancel')
{
echo 'User has canceled authentication!';
}
else
{
if($openid->validate())
{
$id = $openid->identity;
// identity is something like: http://steamcommunity.com/openid/id/76561197960435530
// we only care about the unique account ID at the end of the URL.
$ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
preg_match($ptn, $id, $matches);
echo "User is logged in (steamID: $matches[1])\n";
// $matches[1] is the profile ID you will want to use for additional API calls
}
else
{
echo "User is not logged in.\n";
}
}
}
catch(ErrorException $e)
{
echo $e->getMessage();
}
?>
在此登录结束时,您将拥有用户的个人资料ID(即76561197960435530),您可以使用该个人资料API's that Steam provides来收集有关播放器的更多信息。
答案 2 :(得分:0)
使用"urlencode()"功能
$encryptedPassword = urlencode(base64_encode($RSA->encrypt($password, false)));