当前位置: 动力学知识库 > 问答 > 编程问答 >

html - Login to website using cURL and PHP

问题描述:

Hey I am trying to login to the NJIT site to check if username and password are correct. For some reason I keep getting rejected even if I use correct credentials. Also how do I strip the $result to check if it contains "Fail" which would mean the credentials were wrong. Here is my code.

Main:

<?PHP

session_start();

require_once('functions.php');

//$UCID=$_POST['UCID'];

//$Pass=$_POST['Pass'];

$UCID="jko328";

$Pass="password";

$credentialsNJIT="user=".$UCID."&pass=".$Pass;

$njit_url="https://cp4.njit.edu/cp/home/login";

$njit_result=goCurlNJIT($credentialsNJIT, $njit_url);

echo $result;

?>

Here is the cURL function:

function goCurlNJIT($postdata, $url){

session_start();

$ch = curl_init();

curl_setopt ($ch, CURLOPT_URL, $url);

curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

curl_setopt ($ch, CURLOPT_TIMEOUT, 60);

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS);

curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);

curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true);

curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);

curl_setopt ($ch, CURLOPT_REFERER, $url);

curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);

curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");

curl_setopt ($ch, CURLOPT_POST, true);

$result = curl_exec($ch);

curl_close($ch);

if(strpos($result, "Failed") === false){

$response = "NJIT did not like credentials";

}

else{

$response = "NJIT liked your credentials";

}

echo $response;

}

网友答案:

Actually when we load a page it saves the cookie and send it . So to sign in you first need to acess the page without credential and save the cookies . In next request you need to send the cookies . To avoid bot script login usually websites have dynamic hidden fields and other securities .. in this case you cant log on .

网友答案:

I'm updating the function too much and making it way more flexible. --You can update it further more if you want.

First and most importantly, you need to create a text file named cookie.txt in the directory where your scrapping file is.

function goCurlNJIT($header = array(), $url, $post = false)
    {       
        $cookie = "cookie.txt";
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate,sdch');
        if (isset($header) && !empty($header))
        {
            curl_setopt($ch, CURLOPT_HTTPHEADER, $header);

        }
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_TIMEOUT, 200);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36");
        curl_setopt($ch, CURLOPT_COOKIEJAR, realpath($cookie));
        curl_setopt($ch, CURLOPT_COOKIEFILE, realpath($cookie));
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_REFERER, $url);

        //if it's a POST request instead of GET

        if (isset($post) && !empty($post) && $post)
        {
            curl_setopt($ch, CURLOPT_POST, true);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
        } //endif
        $data = curl_exec($ch);
        curl_close($ch);
        if($info['http_code'] == 200){
            return ($data);     //this will return page on successful, false otherwise
        }else{
            return false;
        }
    }

if you'd paid a close look to Requested Headers, you can notice that there is one unusual header there, that is Upgrade-Insecure-Requests:1(I personally haven't seen this before, so it's wise to send this along with request).

Next the request that you're posting is not like as it should be, you're missing stuff.

$UCID="jko328";
$Pass="password";
$credentialsNJIT="user=".$UCID."&pass=".$Pass;    // where is uuid?

it should be something like this. You're skipping uuid from post string.

pass=password&user=jko328&uuid=0xACA021

so putting altogether,

$post['user'] = "jko328";
$post['pass'] = "password";
$post['uuid'] = '0xACA021';
$urlToPost = "https://cp4.njit.edu/cp/home/login";
$header['Upgrade-Insecure-Requests'] = 1;
//Now make call to function, and it'll work fine.
echo goCurlNJIT($header, $urlToPost, http_build_query($post));

and this will work fine. Make sure you've created cookie.txt file in the directory where your this scripts is.

分享给朋友:
您可能感兴趣的文章:
随机阅读: