Question

我尝试从我的PHP代码登录到此asp.net page，（设置用户名字段值，设置密码字段值，按下按钮，然后检查重定向的位置。）我可以设置用户名字段，但由于某种原因我无法设置密码字段（参见HTML文件中的第226行）。

<?php
$url = "https://www.lectio.dk/lectio/518/login.aspx";
$ckfile = tempnam("/tmp", "CURLCOOKIE");
$useragent = 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2';

$username = "XXXXXXX";
$password = "XXXXXXX";


$f = fopen('log.txt', 'w'); // file to write request header for debug purpose

/**
    Get __VIEWSTATE & __EVENTVALIDATION
 */
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);

$html = curl_exec($ch);

curl_close($ch);

preg_match('~<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="(.*?)" />~', $html, $viewstate);
preg_match('~<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="(.*?)" />~', $html, $eventValidation);

$viewstate = $viewstate[1];
$eventValidation = $eventValidation[1];

/**
 Start Login process
 */
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_STDERR, $f);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);

// Collecting all POST fields
$postfields = array();
$postfields['__EVENTTARGET'] = "m_Content_submitbtn2";
$postfields['__EVENTARGUMENT'] = "";
$postfields['__VIEWSTATE'] = $viewstate;
$postfields['__EVENTVALIDATION'] = $eventValidation;
$postfields['m$Content$username2'] = $username;
$postfields['m$Content$password2'] = $password;

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$ret = curl_exec($ch); // Get result after login page.
$last_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
print $last_url;
?>

Answer 1

从我所看到的密码似乎是通过POST字段m$Content$passwordHidden发送的。尝试将$postfields['m$Content$password2'] = $password;更改为$postfields['m$Content$passwordHidden'] = $password;

编辑：我发现了一些你可以改变的东西。当我发送登录请求时，我__EVENTTARGET设置为m$Content$submitbtn2而__VIEWSTATEX设置为__VIEWSTATE，所以：

preg_match('~<input type="hidden" name="__VIEWSTATEX" id="__VIEWSTATEX" value="(.*?)" />~', $html, $viewstate);
...
$postfields['__EVENTTARGET'] = "m$Content$submitbtn2";
...
$postfields['__VIEWSTATEX'] = $viewstate;

使用asp.net url设置密码字段的发布数据

1 个答案: