我想在phpbb论坛中设置我的论坛签名,因为它包含优惠券代码,并且需要在优惠券到期时不时更新,例如。每月一次。所以我想自动实现这一点,例如使用cron作业。我想使用cURL命令行应用程序和Ruby,因为我已经熟悉它们了。然而,phpbb应用了一些称为表单creation_time和form_token的安全性测量器,以避免自动表单提交。它们是以这种方式创建的:
$now = time();
$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
$token = sha1($now . $user->data['user_form_salt'] . $form_name . $token_sid);
因此creation_time将时间表示为整数值(Ruby中的Time.now.to_i),form_token是40个字符的摘要哈希,它是4变量的函数:提到的时间值,某种盐(它取自phpbb数据库,并在用户第一次登录时设置),表单名称(我认为是ucp)和PHP会话ID。
我的代码如下所示:
#!/usr/bin/ruby
coupon_code=ARGV[0]
signature="For 20% discount, use this coupon code when buying from example.com: #{coupon_code}"
#getting a PHP session id, called sid from the login page before logging in
ret=%x{curl -c ~/example-com-cookie.txt 'http://www.example.com/ucp.php?mode=login' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Referer: http://www.example.com/' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' --compressed -L}
matchdata=/\<input type\=\"hidden\" name\=\"sid\" value\=\"(.*?)\".*?\/\>/.match(ret.scrub)
if matchdata != nil then
sid=matchdata[1]
else
sid=""
end
puts sid
#login to the forum, and getting the cookie values, storing the in a cookie file (cookie jar)
ret=%x{curl 'http://www.example.com/ucp.php?mode=login&sid=#{sid}' -c ~/example-com-cookie.txt -H 'Origin: http://www.example.com' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0' -H 'Referer: http://www.example.com' -H 'Connection: keep-alive' --data 'username=myusername&password=mypassword&sid=#{sid}&redirect=index.php&login=Login' --compressed -L}
#getting form_token and creation_time hidden HTML field values
ret=%x{curl 'http://www.example.com/ucp.php?i=profile&mode=signature' -b ~/example-com-cookie.txt -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Referer: http://www.example.com/ucp.php?i=profile&mode=signature' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' --compressed -L}
matchdata=(/\<input type\=\"hidden\" name\=\"creation_time\" value\=\"(.*?)\".*?\/\>.*?\<input type\=\"hidden\" name\=\"form_token\" value\=\"(.*?)\".*?\/\>/m).match(ret.scrub)
puts matchdata.inspect
creation_time=matchdata[1]
#creation_time="1435022180"
form_token=matchdata[2]
#form_token="7f9d14cac39a5c5bcaf91682b3ff0410ea7ba6b8"#
puts creation_time
puts form_token
#modifying signature
ret=%x{curl 'http://www.example.com/ucp.php?i=profile&mode=signature' -b ~/example-com-cookie.txt -H 'Origin: http://www.example.com' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0' -H 'Referer: http://www.example.com/ucp.php?i=profile&mode=signature' -H 'Connection: keep-alive' --data 'addbbcode20=100&signature=#{CGI.escape(signature)}&submit=Submit&creation_time=#{creation_time}&form_token=#{form_token}' --compressed -L}
matchdata=/\<span class\=\"genmed error\"\>(.*?)\<\/span\>/.match(ret.scrub)
if matchdata == nil then
puts "All OK!"
else
puts matchdata[1]
end
我将cURL专线作为一个真实的Chrome浏览器会话,我只是通过上下文菜单&#34;复制为cURL&#34;复制了来自开发者控制台的POST和GET请求(Ctrl + Shift + I)。然后我做了必要的替换。不幸的是我的代码不起作用。我总是得到一个HTML页面,其中包含错误消息&#34; Invalid Form&#34;。
但是当我在设置creation_time和form_token变量时使用两个注释行(它们来自真实的浏览器会话,我只是从HTML源代码中复制它们)
creation_time="1435022180"
form_token="7f9d14cac39a5c5bcaf91682b3ff0410ea7ba6b8"
即使我退出并再次登录该真实的浏览器会话,我的脚本也会再次运行!这里发生了什么?
答案 0 :(得分:0)
好的,问题解决了。我不得不在两个连续的cURL请求之间设置至少1秒的休眠时间。
答案 1 :(得分:0)
phpBB3检查CSRF令牌以查看以下请求并假设机器人:https://github.com/phpbb/phpbb/blob/master/phpBB/includes/functions.php#L2102