使用CURL和Ajax进行授权

时间:2017-07-24 07:38:20

标签: php curl

我需要在管理面板https://mediavenus.com中自动执行某些操作。但我无法获得授权。

在身份验证页面上有一个包含字段的表单:_csrf,email,password。此表单由ajax:

处理 
submitLogin: function submitLogin(event) {
    var $input = $(event.currentTarget),
        $form = $(event.currentTarget).closest('form');

    console.log('submitLogin');

    var spinner = '<div class="js-loaded_wrapper"><div class="js-loaded"></div></div>';
    $('body').find('.button__login').html(spinner);
    $('body').find('.button__login').prop('disabled', true);

    App.ajax({
        type: 'POST',
        url: $form.attr('action'),
        data: $form.serialize(),
        callback: function callback(response) {
            if (response.status === true) {
                window.location.replace(response.response.action.redirect);
            }

            if (response.status === false) {
                $('#login-form').find('.yii__input_error').remove();

                _.each(response.response, function (error, key) {
                    $('#login-form').find(':input[name=' + key + ']').first().closest('div').append('<div class="yii__input_error">' + error[0] + '</div>');
                }, this);

                var loginButton = $('body').find('.button__login');
                $(loginButton).html($(loginButton).val());
                $(loginButton).prop('disabled', false);
            }
        }
    });
}

第1步。我将Cookie和变量_csrf用于授权:

include_once('simple_html_dom/simple_html_dom.php');

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://mediavenus.com');
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_COOKIEJAR, dirname(__FILE__) . '/cookie.txt');
curl_setopt($curl, CURLOPT_COOKIEFILE,  dirname(__FILE__) . '/cookie.txt');
curl_setopt($curl, CURLOPT_GET, 1);
$html = curl_exec($curl);
curl_close($curl);

$html = str_get_html($html);

$csrf = $html->find('meta[name="csrf-token"]', 0)->attr['content'];

结果cookie文件如下所示:

# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

.mediavenus.com TRUE    /   FALSE   0   FSID    7umuoi99pbs8cf62uugmoglhf5
#HttpOnly_mediavenus.com    FALSE   /   FALSE   0   _csrf   5c849ef13ae19a61f4c5a43d6796f1b5913ff34a9374803eeaf75a80d9122d3ba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22Z0O-FriufOx-FTHGQO3Lx6H_bs7-7bsK%22%3B%7D
mediavenus.com  FALSE   /   FALSE   1924991999  ipp_uid2    0aRtuiOGxLQfrRmC/tSwUvm390OA8SQTAITkrfA==
mediavenus.com  FALSE   /   FALSE   1924991999  ipp_uid1    1500879752900
mediavenus.com  FALSE   /   FALSE   1503471753  rerf    AAAAAFl1m4m0yoBfAyN0Ag==

但是firefox显示了更多数据: screen shot

第2步。我尝试登录:

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://mediavenus.com/site/ajax-login');
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_COOKIEJAR, dirname(__FILE__) . '/cookie.txt');
curl_setopt($curl, CURLOPT_COOKIEFILE,  dirname(__FILE__) . '/cookie.txt');
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode(array(
    '_csrf' => $csrf, // here variable from step 1
    'email' => $email, // here my login
    'password' => $password // here my password
)));
$html = curl_exec($curl);
curl_close($curl);

服务器返回错误:“无法验证您的数据提交”。

但是如果改变CURLOPT_POSTFIELDS:

curl_setopt($curl, CURLOPT_POSTFIELDS, '_csrf=' . $csrf . '&email=' . $email . '&password=' . $password);

然后服务器再次返回登录页面。

告诉我我做错了什么

0 个答案:

没有答案
相关问题
最新问题