使用cURL的PHP NTLM会话 [英] PHP NTLM session with cURL
问题描述
那么先来点琐事..
有一个用ASP.NET网站编写的网站,该网站使用NTLM协议对要登录的用户进行身份验证.通常情况下,用户可以输入网站URL,提供凭据,进行身份验证并维护会话,这完全可以网络浏览器.
There is written in ASP.NET website, which uses NTLM protocol to authenticate users that want to log in. It's perfectly ok when they normally use it, they type in website URL, they provide their credentials, authenticate and maintain session in web browser.
我想做的是创建将充当bot的PHP网站.这是我公司的内部网站,我已被批准这样做.我遇到的问题是管理会话.用户将能够在我的PHP网站中输入其凭据,而我的PHP网站将使用cURL将其身份验证到目标站点.
What I want to do, is create PHP website that will act as bot. It is my companys internal website and I am approved to do so. The problem I run into, is managing session. Users will be able to type in their credentials in my PHP website, and my PHP website will authenticate them to target site, using cURL.
到目前为止,我得到的代码是:
The code I got so far is:
$cookie_file_path = dirname(__FILE__) . '/cookies.txt';
$ch = curl_init();
//==============================================================
curl_setopt($ch, CURLOPT_USERPWD, $username. ':' . $password);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_MAXREDIRS, 100);
//=============================================================
$ret = curl_exec($ch);
上面的代码通过cURL(似乎管理NTLM握手)登录到目标网站,并获取网站内容.它还存储发送回cookie文件中的会话ID.
Above code logs in to target website by cURL (which manages NTLM handshake, as it seems), and fetches websites content. It also stores Session ID that is sent back in cookie file.
接下来我要做的是注释CURLOPT_USERPWD选项,希望此脚本将使用存储在cookie文件中的会话ID来验证该脚本的第二次执行中先前登录的用户.它可能会摆脱用户凭证,并且不会以这种方式存储在用户凭证中,因为将其存储在手动创建的会话,数据库或其他任何地方都是不安全的.
What I'm trying to do next, is comment the CURLOPT_USERPWD option, in hope that this script will use session ID stored in cookie file to authenticate previously logged in user in second execution of this script. It could get rid of user credentials and do not store it anywhere that way, becouse it is not safe to store it in manually created session, database, or anywhere else.
我需要这个机器人,因为该机器人将使用CRON定期检查网站状态是否已更改,并对此进行一些用户操作.但是要做到这一点,首先必须对用户进行身份验证,并且不能将用户名和密码存储在任何地方,因此我必须使用他初次登录时确定的会话信息.
I need this becouse bot will be using CRON to periodically check if website status has changed and perform some user actions as reaction to this. But to do this, user first must be authenticated, and his username and password must not be stored anywhere, so I have to use session information estabilished when he initially logged in.
CURL似乎不这样做.当我第二次使用带注释的CURLOPT_USERPWD选项执行脚本时,它不使用存储的cookie来保持对beeing的身份验证.相反,它会通过 REWRITES Cookie文件将不相关的数据从服务发送给我,作为对 NOT AUTHRORISED 访问请求的响应.
CURL seems to NOT DO THIS. When I execute script second time with commented CURLOPT_USERPWD option, it does not use stored cookie to keep beeing authenticated. Instead, it REWRITES cookie file with not relevant data send to me from service as response to NOT AUTHRORISED access request.
我的问题是: 为什么cURL不使用存储的会话信息来保持蜜蜂身份验证? 有什么方法可以通过基于cURL和NTLM协议的网站维护此会话?
My questions are: Why cURL doesnt use stored session information to keep beeing authenticated? Is there any way to maintain this session with cURL and NTLM protocol based website?
谢谢.
推荐答案
我有同样的问题,我使用curl_setopt($ch, CURLOPT_COOKIEFILE, "");行代码解决了.该字符串应完全为空.
I have the same problem and i solved it using curl_setopt($ch, CURLOPT_COOKIEFILE, ""); line of code. The string should be exactly empty.
这篇关于使用cURL的PHP NTLM会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
