我正在尝试使用curl登录ws1.com,但无论何时我将POST置为true我都会收到错误:错误请求,这是我尝试过的代码:
<?php
$LOGINURL = "https://secure2.ws1.com/login";
$agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$LOGINURL);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "_csrf=QTRvNkJKaUoWBFYDBHkLDHFkP0MdMhAPOUZCASR9Xh4ZRDx7BC8LGA%3D%3D&LoginForm%5Bemail%5D=naczzalid%40hotmail.com&LoginForm%5Bpassword%5D=csc1233&LoginForm%5BrememberMe%5D=0&login-button=");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
echo $result = curl_exec ($ch);
curl_close ($ch);
?>
任何人都可以向我解释这是什么问题所以我可以学习如何做到这一点?
答案 0 :(得分:2)
我使用此表单测试了一些内容,如果csrf
代码不正确,则会发出错误的请求。
每个请求的csrf值都会更改,并且与您的Cookie绑定。因此,您需要先提取登录页面,然后在提交之前提取正确的csrf代码。
工作代码:
<?php
$LOGINURL = "https://secure2.ws1.com/login";
$agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$LOGINURL);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");
$result = curl_exec ($ch);
// extract csrf token
preg_match('/<input type="hidden" name="_csrf" value="([^"]+)">/i', $result, $csrf);
$csrf = $csrf[1];
$csrf = urlencode($csrf);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "_csrf={$csrf}&LoginForm%5Bemail%5D=naczzalid%40hotmail.com&LoginForm%5Bpassword%5D=csc1233&LoginForm%5BrememberMe%5D=0&login-button=");
$result = curl_exec($ch);
curl_close ($ch);
var_dump($result);