为什么我的登录无法与Python请求一起使用? [英] Why is my login not working with Python Requests?

问题描述

在过去的几天里，我一直在尝试使用Python Requests登录，并且遇到了问题.

I've been trying to login for the past couple days using Python Requests and have been having issues.

这是我的代码:

import requests

LOGINURL = "https://admin.neopets.knetik.com/admin/login"
PROTECTEDPAGE = "https://admin.neopets.knetik.com/admin/order_summary/list"

payload = {
    "_target_path": "https://admin.neopets.knetik.com/admin/dashboard",
    "_username": "***",
    "_password": "***",
    "_remember_me": "on",

}

with requests.session() as session:
     post = session.post(LOGINURL, data=payload)
     response = session.get(PROTECTEDPAGE)
     print(response.text)

我确定我具有所需的所有参数.我尝试搜索hidden_​​inputs，而我遇到的唯一一个是"_target_path".

I'm sure I have all the parameters needed. I've tried searching for hidden_inputs and the only one I encountered was the "_target_path".

知道我可能会缺少什么吗?

Any idea what I may be missing?

推荐答案

登录页面非常简单，但是您将发布到错误的URL.

The login page is pretty straightforward, but you are posting to the wrong URL.

您要发布到的URL提供登录表单，但不接受任何登录凭据.< form> 标记告诉您将其发送到哪里:

The URL you are posting to serves the login form, but it does not accept any login credentials. The <form> tag tells you where to send those to:

<form action="/admin/admin_login_check" ... method="POST">

action 属性是指向您需要发送POST数据的相对URL.

The action attribute is a relative URL pointing to were you need to send your POST data.

使用 that 路径作为登录URL:

Use that path as the login URL:

LOGINURL = "https://admin.neopets.knetik.com/admin/admin_login_check"
PROTECTEDPAGE = "https://admin.neopets.knetik.com/admin/order_summary/list"

payload = {
    "_target_path": "https://admin.neopets.knetik.com/admin/dashboard",
    "_username": "***",
    "_password": "***",
    "_remember_me": "on",

}

with requests.session() as session:
     post = session.post(LOGINURL, data=payload)
     response = session.get(PROTECTEDPAGE)
     print(response.text)

某些实现希望您首先将 GET 发送到表单页面，以建立会话cookie.该页面不使用任何CSRF保护，因此您不必加载表单即可解析该信息.

Some implementations want you to send a GET to the form page first, to establish a session cookie, however. The page doesn't use any CSRF protection, so you don't have to load the form to parse out that information.

由于这些页面使用HTTPS，因此您可能还希望将原始表单URL作为 Referer 标头传递(通常出于HTTP或遍历域的目的而被过滤掉，以确保安全和隐私))，则该网站可能会将其作为针对自动登录的附加措施:

Since these pages use HTTPS, you may also want to pass along the original form URL as a Referer header (It is commonly filtered out for HTTP or when traversing domains, as a security and privacy measure), the site may be using that as an additional measure against automated logins:

FORMURL = "https://admin.neopets.knetik.com/admin/login"
LOGINURL = "https://admin.neopets.knetik.com/admin/admin_login_check"
PROTECTEDPAGE = "https://admin.neopets.knetik.com/admin/order_summary/list"

payload = {
    "_target_path": "https://admin.neopets.knetik.com/admin/dashboard",
    "_username": "***",
    "_password": "***",
    "_remember_me": "on",

}

with requests.session() as session:
    session.get(FORMURL)
    post = session.post(LOGINURL, data=payload, headers={'Referer': FORMURL})
    response = session.get(PROTECTEDPAGE)
    print(response.text)

如果仍然不起作用，则服务器正在使用其他机器人嗅探技术.请参阅 python request.get always get 404 以获得有关如果您确实想推行此策略，可以采取哪种策略.

If that still doesn't work, the server is employing other robot-sniffing techniques. See python requests.get always get 404 for an overview of what kind of strategies you can follow if you really want to push this.

这篇关于为什么我的登录无法与Python请求一起使用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！