php curl登录espn.com

时间:2018-06-29 16:17:57

标签: php curl php-curl

我正在尝试许多不同的事情,但没有找到任何解决方案,为了使用cUrl登录http://www.espn.com/login/,登录后我想获取受保护的密码区域http://games.espn.com/ffl/clubhouse?leagueId=93772&teamId=1&seasonId=2018

我尝试使用的是:

$username = 'email';
$password = 'password!';
$loginUrl = 'http://www.espn.com/login/';

//init curl
$ch = curl_init();

//Set the URL to work with
curl_setopt($ch, CURLOPT_URL, $loginUrl);

// ENABLE HTTP POST
curl_setopt($ch, CURLOPT_POST, 1);

//Set the post parameters
curl_setopt($ch, CURLOPT_POSTFIELDS, 'user='.$username.'&pass='.$password);

//Handle cookies for the login
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');

//Setting CURLOPT_RETURNTRANSFER variable to 1 will force cURL
//not to print out the results of its query.
//Instead, it will return the results as a string return value
//from curl_exec() instead of the usual true/false.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

//execute the request (the login)
$store = curl_exec($ch);

//the login is now done and you can continue to get the
//protected content.
sleep(3);
//set the URL to the protected file
curl_setopt($ch, CURLOPT_URL, 'http://games.espn.com/ffl/clubhouse?leagueId=93772&teamId=1&seasonId=2018');

//execute the request
$content = curl_exec($ch);

curl_close($ch);

//save the data to disk
file_put_contents('download.txt', $content);

但再次在脚本登录后未检索html!

1 个答案:

答案 0 :(得分:2)

此页面的登录过程比您的代码显示的要复杂得多,而且非常不寻常,这是第一个网站登录系统我已经看到它不使用cookie(这是几乎通用的方法)-以下是登录方法:

1:向标头OPTIONShttps://registerdisney.go.com/jgc/v6/client/ESPN-ONESITE.WEB-PROD/api-key?langPref=en-USAccess-Control-Request-Method: POST发送Access-Control-Request-Headers: cache-control,content-type,conversation-id,correlation-id,expires,pragma请求到Origin: https://cdn.registerdisney.go.com, 它将以类似于correlation-id: 13fb884f-d873-4344-9f32-fdeaa64cec7c的标题进行响应,您必须解析并保存此correlation-id标题。

2:这很棘手,您需要生成一个conversation-id,我为您提取了生成算法,它隐藏在缩小的js中,由uuid函数生成,如下所示:< / p> 

function f() { return g() + g() + "-" + g() + "-" + g("4") + "-" + g((Math.floor(10 * Math.random()) % 4 + 8).toString(16)) + "-" + g() + g() + g() }

function g(e) { for (var t = Math.floor(65535 * Math.random()).toString(16), n = 4 - t.length; n > 0; n--) t = "0" + t; return e = ("" + e).substring(0, 4), !isNaN(parseInt(e, 16)) && e.length ? e + t.substr(e.length) : t }

function uuid(){return f();}

(并且因为您正在运行PHP,而不是javascript,所以必须将此代码转换为PHP。如果您同时知道javascript和PHP,则相当简单,例如cba atm),输出类似于conversation-id: e2e3b494-2b67-4fe1-b0a2-21e0f7fa84ff ,生成后将其保存。现在向https://registerdisney.go.com/jgc/v6/client/ESPN-ONESITE.WEB-PROD/api-key?langPref=en-US发送POST请求,其中请求正文的字面值包含字符串null,标头为Referer: https://cdn.registerdisney.go.com/v2/ESPN-ONESITE.WEB-PROD/en-US?include=config,l10n,js,html&scheme=http&postMessageOrigin=http%3A%2F%2Fwww.espn.com%2Flogin%2F&cookieDomain=www.espn.com&config=PROD&logLevel=LOG&topHost=www.espn.com&cssOverride=https%3A%2F%2Fsecure.espncdn.com%2Fcombiner%2Fc%3Fcss%3Ddisneyid%2Fcore.css&responderPage=https%3A%2F%2Fwww.espn.com%2Flogin%2Fresponder%2F&buildId=16388ed5943Content-Type: application/json以及conversation-id: $conversation_id和{{1 }}(并且请注意,referer-header是硬编码和伪造的,您不会重定向到该URL,但是编写了javascript代码来伪造它,使其看起来像是一个重定向。很奇怪,对吧?)

响应将包含一个correlation-id: $correlation_id标头,看起来像api-key,您必须解析并保存此api密钥。

3:使用标头api-key: MR6UpmRG0VAqAvKStLzof79sbb+1w/HHBextDPqktXf9eXoDfklhgRMFKBpOqt5j63AqoYFx0VHH7/eePYnuw9U7Rg1Fhttps://ha.registerdisney.go.com/jgc/v6/client/ESPN-ONESITE.WEB-PROD/guest/login?langPref=en-US HTTP/1.1Access-Control-Request-Method: POSTAccess-Control-Request-Headers: authorization,cache-control,content-type,conversation-id,correlation-id,expires,pragma进行OPTIONS请求

注意:它将在标头中提供一个新的related-id令牌,但忽略它,它似乎没有在任何地方使用,旧的related-token是您应该继续使用的1下一个请求。

4:对Origin: https://cdn.registerdisney.go.com进行POST请求,主体必须使用用户名和密码进行json编码,并且看起来像https://ha.registerdisney.go.com/jgc/v6/client/ESPN-ONESITE.WEB-PROD/guest/login?langPref=en-US,标头为json_encode(array('loginValue'=>$username,'password'=>$password))和{{ 1}}和Referer: https://cdn.registerdisney.go.com/v2/ESPN-ONESITE.WEB-PROD/en-US?include=config,l10n,js,html&scheme=http&postMessageOrigin=http%3A%2F%2Fwww.espn.com%2Flogin%2F&cookieDomain=www.espn.com&config=PROD&logLevel=LOG&topHost=www.espn.com&cssOverride=https%3A%2F%2Fsecure.espncdn.com%2Fcombiner%2Fc%3Fcss%3Ddisneyid%2Fcore.css&responderPage=https%3A%2F%2Fwww.espn.com%2Flogin%2Fresponder%2F&buildId=16388ed5943(请注意,您必须从字面上以大写字符串APIKEY开头,后跟一个空格和您之前提取的实际api键)以及Content-Type: application/jsonAuthorization: APIKEY $api_key和{ {1}}

在此它以json响应,大概是如果登录成功,则json的correlation-id: $correlation_id成员为空,但是例如,当用户名不存在时,错误对象将包含其他内容, 下列: conversation-id: $conversation_id

(表示我使用的用户名Origin: https://cdn.registerdisney.go.com不存在。)

如果现在登录成功,我认为它会为您提供令牌或cookie,您可以将其提供给http://games.espn.com/ffl/clubhouse?leagueId=93772&teamId=1&seasonId=2018来检查登录页面,但是由于我没有有效的用户名/密码来测试,我实际上无法确认。

相关问题
最新问题