我正在运行Symfony2应用程序,它已实现登录机制。
但是,我需要以某种方式从其他应用程序发送请求,检查该系统上是否存在请求的URL:
例如,我需要检查请求http://myapp/order/1111是否返回200 OK标题或404 Not Found状态;
当我发送请求时,它是未经授权的,并且被重定向到登录页面/登录页面,这将返回200 OK状态标题。
我需要的是以某种方式安全地绕过登录机制。有没有办法可以添加登录凭据来请求,或创建其他登录方法?
正如评论中所建议的那样,我尝试使用curl。但我无法弄清楚它是如何运作的。这是我所得到的,但它不起作用。
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://localhost/en/login');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6');
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_POST, true);
$html = new DOMDocument();
$html->loadHTML(curl_exec($ch));
if (curl_error($ch)) {
echo(curl_error($ch));
}
$csrf_token = $html->getElementById('csrf_token')->getAttribute('value');
curl_setopt($ch, CURLOPT_URL, 'http://localhost/en/login');
//curl_setopt($ch, CURLOPT_REFERER, 'http://localhost/en/login');
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'_username' => 'login_username',
'_password' => 'login_password',
'_remember_me' => 'on',
'_csrf_token' => $csrf_token
)));
curl_setopt($ch, CURLOPT_POST, true);
$result = curl_exec($ch);
if (curl_error($ch)) {
echo(curl_error($ch));
}
echo $result;
curl_close($ch);
有任何建议,如何在这种情况下使用curl?
答案 0 :(得分:0)
如果有其他人在努力解决这个问题,我写了一个解决方案:
$ch = curl_init();
//get login form
curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6');
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_path);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_path);
//parse html to get csrf_token, I added id attribute to it for easier retrieving
$html = new DOMDocument();
$html->loadHTML(curl_exec($ch));
$csrf_token = $html->getElementById('csrf_token')->getAttribute('value');
if (curl_error($ch)) {
throw new Exception(curl_error($ch));
}
//send post request to login_check with parameters (csrf_token included)
curl_setopt($ch, CURLOPT_URL, $check_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'_username' => $username,
'_password' => $password,
'_remember_me' => 'on', //if you use remember me functionality
'_csrf_token' => $csrf_token
)));
curl_exec($ch);
if (curl_error($ch)) {
throw new Exception(curl_error($ch));
}
//request login protected urls
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, false);
curl_exec($ch);
if (curl_error($ch)) {
throw new Exception(curl_error($ch));
}
$info = curl_getinfo($ch);
curl_close($ch);
//I used this code in a function returning url and http_code for further processing
return array(
'url' => $info['url'],
'http_code' => $info['http_code']
);
我遇到了本地化问题。我曾经使用像http://localhost/en/login_check这样的语言环境传递login_check网址,通过删除定位我修复了问题:http://localhost/login_check