PHP cURL重定向到登录页面

时间:2016-06-27 07:17:41

标签: php curl libcurl

我正在尝试使用以下php代码绕过" Ubiquiti Networks-CPE" 的登录页面。虽然,我的代码正确保存了cookie信息,但它无法登录,我被重定向到登录页面并显示错误消息:

  

'无效的凭据'

Cookie Info from the actual page

实际登录页面的其他信息

Request URL:https://192.168.179.75/login.cgi
Request Method:POST
Status Code:302 Found
Remote Address:192.168.179.75:443
Response Headers
view source
Content-Type:text/html
Date:Tue, 28 May 2013 18:58:05 GMT
Location:/index.cgi
Server:lighttpd/1.4.31
Set-cookie:show_security_warning=true
Set-cookie:ui_language=en_US; expires=Tuesday, 19-Jan-38 03:14:07 GMT
Transfer-Encoding:chunked
Request Headers
view source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8,en-GB;q=0.6
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:332
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryszePSjmcB2JJIDDa
Cookie:last_check=1467001323935; AIROS_SESSIONID=8057f38405a60c6a17f05ef8d759bb42; ui_language=en_US
Host:192.168.179.75
Origin:https://192.168.179.75
Referer:https://192.168.179.75/login.cgi
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36
Request Payload
------WebKitFormBoundaryszePSjmcB2JJIDDa
Content-Disposition: form-data; name="uri"


------WebKitFormBoundaryszePSjmcB2JJIDDa
Content-Disposition: form-data; name="username"

ubnt
------WebKitFormBoundaryszePSjmcB2JJIDDa
Content-Disposition: form-data; name="password"

ubnt
------WebKitFormBoundaryszePSjmcB2JJIDDa-

PHP代码:

<?php
define('USERNAME', 'ubnt');
define('PASSWORD', 'ubnt');
define('USER_AGENT', 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36');

$cookie_file_path = str_replace('\\','/', getcwd().'/cookies');

define('COOKIE_FILE', $cookie_file_path);
define('LOGIN_FORM_URL', 'https://192.168.179.75/login.cgi');
define('REQUESTED_URL', 'https://192.168.179.75/status.cgi');
define('LOGIN_ACTION_URL', 'https://192.168.179.75/login.cgi');

$postValues = array(
    'username' => USERNAME,
    'password' => PASSWORD,
);

$curl = curl_init(LOGIN_FORM_URL);
curl_setopt($curl, CURLOPT_URL, LOGIN_ACTION_URL);

//curl_setopt($curl, CURLOPT_HEADER, 1);
//curl_setopt($curl, CURLOPT_COOKIE,  $cookies);     
//curl_setopt($curl,CURLOPT_COOKIESESSION,'AIROS_SESSIONID=ae60748359be4bd0468f51a346f4f3b9; last_check=1467001323935; show_security_warning=true; ui_language=en_US');
curl_setopt($curl, CURLOPT_COOKIEJAR, COOKIE_FILE);
curl_setopt($curl, CURLOPT_COOKIEFILE, COOKIE_FILE);

curl_setopt($curl, CURLOPT_POST, true);
//curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "POST");
//Set our post fields / date (from the array above).
//curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postValues));


curl_setopt($curl, CURLOPT_POSTFIELDS,$postValues);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);

//curl_setopt($curl, CURLOPT_HTTPHEADER, array('REMOTE_ADDR: 192.168.179.75','Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryAbpUbGA4FIs529Z6'));
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Host: 192.168.179.75','Expect: ','Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryAbpUbGA4FIs529Z6'));
curl_setopt($curl, CURLOPT_REFERER, LOGIN_FORM_URL);
$result = curl_exec($curl);

if(curl_errno($curl)){
    throw new Exception(curl_error($curl));
}
//curl_setopt($curl, CURLOPT_URL, 'https://192.168.179.75/status.cgi');
//
//curl_setopt($curl, CURLOPT_COOKIEJAR, COOKIE_FILE);
//curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
//curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
//curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
//$result = curl_exec($curl);
//echo $result;
print_r($result);
curl_close($curl);
?>

1 个答案:

答案 0 :(得分:0)

  1. 设置像boundary=----WebKitFormBoundaryAbpUbGA4FIs529Z6这样的强制边界是行不通的。 curl生成它自己的边界,它将被使用。如果您设置该自定义,POST将最终格式错误。删除整个自定义Content-Type:标头,因为curl会自行执行此操作。您也不需要像这样设置Host:标题,curl会从您使用的网址中提取必要的主机。

  2. 登录页面可能甚至可能设置您在登录POST时需要拥有的cookie。这是一种常见的做法。要做到这一点,首先需要获取登录页面并存储cookie,然后在随后的登录POST中使用它们。

  3. 您希望让curl遵循登录帖子最有可能发送给您的重定向。将CURLOPT_FOLLOWLOCATION设为true。

相关问题
最新问题