使用cURL和PHP

Question

嘿我试图登录NJIT网站检查用户名和密码是否正确。出于某种原因，即使我使用正确的凭证，我仍然会被拒绝。另外我如何剥离$ result以检查它是否包含＆＃34;失败＆＃34;这意味着凭证是错误的。这是我的代码。

主：

<?PHP
session_start();
require_once('functions.php');

//$UCID=$_POST['UCID'];
//$Pass=$_POST['Pass'];

$UCID="jko328";
$Pass="password";
$credentialsNJIT="user=".$UCID."&pass=".$Pass;

$njit_url="https://cp4.njit.edu/cp/home/login";

$njit_result=goCurlNJIT($credentialsNJIT, $njit_url);
echo $result;

?>

这是cURL函数：

function goCurlNJIT($postdata, $url){

session_start();

  $ch = curl_init();
    curl_setopt ($ch, CURLOPT_URL, $url);
    curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS);
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
    curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt ($ch, CURLOPT_REFERER, $url);
    curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
    curl_setopt ($ch, CURLOPT_POST, true);

    $result = curl_exec($ch);
    curl_close($ch);

    if(strpos($result, "Failed") === false){
       $response = "NJIT did not like credentials";
    }
    else{
       $response = "NJIT liked your credentials";
       }

echo $response;

}

Answer 1

实际上，当我们加载页面时，它会保存cookie并发送它。因此，要登录您首先需要访问没有凭据的页面并保存cookie。在下一个请求中，您需要发送cookie。为了避免机器人脚本登录通常网站有动态隐藏字段和其他证券..在这种情况下，你无法登录。

Answer 2

我正在更新功能并使其更灵活。 - 如果需要，您可以进一步更新。

首先，最重要的是，您需要在您的报废文件所在的目录中创建一个名为text file的 cookie.txt 。

function goCurlNJIT($header = array(), $url, $post = false)
    {       
        $cookie = "cookie.txt";
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate,sdch');
        if (isset($header) && !empty($header))
        {
            curl_setopt($ch, CURLOPT_HTTPHEADER, $header);

        }
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_TIMEOUT, 200);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36");
        curl_setopt($ch, CURLOPT_COOKIEJAR, realpath($cookie));
        curl_setopt($ch, CURLOPT_COOKIEFILE, realpath($cookie));
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_REFERER, $url);

        //if it's a POST request instead of GET

        if (isset($post) && !empty($post) && $post)
        {
            curl_setopt($ch, CURLOPT_POST, true);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
        } //endif
        $data = curl_exec($ch);
        curl_close($ch);
        if($info['http_code'] == 200){
            return ($data);     //this will return page on successful, false otherwise
        }else{
            return false;
        }
    }

如果您仔细查看了Requested Headers，您会发现其中有一个异常标题，即 Upgrade-Insecure-Requests:1 （我个人之前没有看过这个，所以发送这个请求是明智的。）

下一步您发布的请求不像应该的那样，您错过了一些东西。

$UCID="jko328";
$Pass="password";
$credentialsNJIT="user=".$UCID."&pass=".$Pass;    // where is uuid?

它应该是这样的。您正在从uuid跳过post string。

pass=password&user=jko328&uuid=0xACA021

完全放完，

$post['user'] = "jko328";
$post['pass'] = "password";
$post['uuid'] = '0xACA021';
$urlToPost = "https://cp4.njit.edu/cp/home/login";
$header['Upgrade-Insecure-Requests'] = 1;
//Now make call to function, and it'll work fine.
echo goCurlNJIT($header, $urlToPost, http_build_query($post));

这将正常工作。确保您已在此脚本所在的目录中创建了 cookie.txt 文件。