使用CURL php和CSRF令牌登录 [英] Login with CURL php and CSRF token
本文介绍了使用CURL php和CSRF令牌登录的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个这样的形式,我喜欢用curl php和csrf登录改变每次我运行代码。请帮助我这样做。
i have a form like this and i like to login with curl php and csrf is changed every time i run the code . please help me to do that.
我的用户名:arasharash13721372
my username:arasharash13721372
我的密码:123789
my password:123789
登录网址: http://www.parscoders.com/login
<form action="/login_check" method="post">
<input type="hidden" name="_csrf_token" value="NBGeQMmLr09KcrvwTCfDQhZSiLFy3XLODDsErdyBVUg" />
<input type="hidden" name="_target_path" value="account" /> <div class="form-group">
<label for="username">نام کاربری:</label>
<input class="form-control ltr monospace" type="text" id="username" name="_username" value="" />
</div>
<div class="form-group">
<label for="password">رمز عبور:</label>
<input class="form-control ltr" type="password" id="password" name="_password" />
</div>
<div class="form-group">
<div class="pull-right">
<div class="checkbox">
<label for="remember_me">
<input type="checkbox" id="remember_me" name="_remember_me" value="on" />
مرا به یاد بسپار</label>
</div>
</div>
<div class="pull-left checkbox">
<a href="/resetting/request">
بازنشانی رمز عبور
</a>
</div>
<div class="clear"></div>
</div>
<div class="form-group">
<input type="submit" id="_submit" name="_submit" value="ورود" class="btn btn-primary btn-lg" />
</div>
</form>
推荐答案
获取令牌是很容易...不要读阿拉伯文,所以它是棘手的 - 你需要玩弄卷曲的东西,可能也掩盖你的用户名/密码。
Getting the token was the easy bit... I don't read arabic so it's tricky - you'll need to play around with the curl side of things and probably obscure your username / password from this too.
<?php
error_reporting( E_ALL );
$url='http://www.parscoders.com/login';
$field='_csrf_token';
$csrftoken=false;
/* Grab the html so we can extract the token */
$html=file_get_contents( $url );
/* Create DOMDocument to parse the html */
libxml_use_internal_errors( true );
$dom=new DOMDocument;
$dom->validateOnParse=false;
$dom->recover=true;
$dom->formatOutput=false;
$dom->loadHTML( $html );
libxml_clear_errors();
/* Use an XPath query to find the relevant info */
$xpath=new DOMXPath( $dom );
$col=$xpath->query('//input[@name="'.$field.'"]');
foreach( $col as $node ) $csrftoken=$node->getAttribute('value');
/* If you found the token, initialise curl */
if( $csrftoken ){
$params=array(
$field => $csrftoken,
'_target_path' => 'account',
'_username' => 'arasharash13721372',
'_password' => '123789',
'_remember_me' => 'on',
'_submit' => 'ورود'
);
$curl=curl_init( $url );
curl_setopt( $curl, CURLOPT_AUTOREFERER, true );
curl_setopt( $curl, CURLOPT_FOLLOWLOCATION, true );
curl_setopt( $curl, CURLOPT_FRESH_CONNECT, true );
curl_setopt( $curl, CURLOPT_FORBID_REUSE, true );
curl_setopt( $curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1 );
curl_setopt( $curl, CURLOPT_CLOSEPOLICY, CURLCLOSEPOLICY_OLDEST );
curl_setopt( $curl, CURLOPT_MAXCONNECTS, 1 );
curl_setopt( $curl, CURLOPT_FAILONERROR, true );
curl_setopt( $curl, CURLOPT_HEADER, true );
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $curl, CURLOPT_CONNECTTIMEOUT, 15 );
curl_setopt( $curl, CURLOPT_TIMEOUT, 90 );
curl_setopt( $curl, CURLOPT_USERAGENT, 'Mozilla - login...' );
curl_setopt( $curl, CURLINFO_HEADER_OUT, true );
curl_setopt( $curl, CURLOPT_POST, true );
curl_setopt( $curl, CURLOPT_POSTFIELDS, $params );
$payload=array_filter( array(
'response' => curl_exec( $curl ),
'info' => curl_getinfo( $curl ),
'errors' => curl_error( $curl )
)
);
curl_close( $curl );
print_r($payload);
}
?>
这篇关于使用CURL php和CSRF令牌登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文