Fatal编程技术网
  • php/
  • PHP+;cURL网站登录';403禁止';

PHP+;cURL网站登录';403禁止';

php curl cookies https

PHP+;cURL网站登录';403禁止';,php,curl,cookies,https,http-status-code-403,Php,Curl,Cookies,Https,Http Status Code 403,我已经在这里学习了很多教程和问题,但仍然不明白为什么我在尝试使用cURL和PHP登录网站时会被“403禁止”。有问题的网站登录名是: 初始请求有效(代码200),cookie保存到文件中。然后,我剥离这个cookie,并根据需要将其添加到post表单中 另外,我必须补充一点,我正在本地主机wamp服务器上运行这个php脚本,如果这可能是一个问题的话 如果有人能给我指出正确的方向,那就太好了,因为我已经为此工作了一段时间,但没有结果 PHP+cURL代码: <?php $base_

我已经在这里学习了很多教程和问题,但仍然不明白为什么我在尝试使用cURL和PHP登录网站时会被“403禁止”。有问题的网站登录名是:

初始请求有效(代码200),cookie保存到文件中。然后,我剥离这个cookie,并根据需要将其添加到post表单中

另外,我必须补充一点,我正在本地主机wamp服务器上运行这个php脚本,如果这可能是一个问题的话

如果有人能给我指出正确的方向,那就太好了,因为我已经为此工作了一段时间,但没有结果

PHP+cURL代码:

<?php

    $base_url  = 'https://science.swansea.ac.uk/intranet/accounts/login/?next=/intranet/';
    $login_url  = 'https://science.swansea.ac.uk/intranet/accounts/login/';
    $user_agent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36";
    $username = '*******';
    $password = '*******';
    $cookie = 'cookie.txt';

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $base_url);
    curl_setopt($ch, CURLOPT_USERAGENT,$user_agent);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION,true);
    curl_setopt($ch, CURLOPT_AUTOREFERER, 1);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_ENCODING, 'gzip, deflate, br');
    curl_setopt($ch, CURLOPT_COOKIEJAR, realpath($cookie));
    curl_setopt($ch, CURLOPT_COOKIEFILE, realpath($cookie));
    curl_setopt($ch, CURLOPT_TIMEOUT,30);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

    curl_setopt($ch, CURLOPT_VERBOSE, 1);
    curl_setopt($ch, CURLOPT_STDERR, fopen(realpath("verbose.txt"), 'w'));

    $resp = curl_exec($ch);
    var_dump($resp);


    $headers = array(
        'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
        'Connection: keep-alive',
        'Cache-Control: max-age=0',
        'Origin: https://science.swansea.ac.uk',
        'Upgrade-Insecure-Requests: 1',
        'Referer: https://science.swansea.ac.uk/intranet/accounts/login/?next=/intranet/',
        'Accept-Language: en-US,en;q=0.8'
    );


    // Strip cookie to get token
    $csrfmiddlewaretoken = explode('csrftoken', file_get_contents(realpath($cookie)));
    $csrfmiddlewaretoken = trim($csrfmiddlewaretoken[1]);
    $csrfmiddlewaretoken = substr($csrfmiddlewaretoken, 0, strpos($csrfmiddlewaretoken, "#"));

    $post = array(
        'csrfmiddlewaretoken' => $csrfmiddlewaretoken,
        'username' => $username,
        'password' => $password,
        'next' => "/intranet/"
    );

    curl_setopt($ch, CURLOPT_URL, $login_url);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));

    // Add headers
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);


      //Set headers out for debug
     // curl_setopt($ch, CURLINFO_HEADER_OUT, true);

    $exec = curl_exec($ch);
    echo($exec);

    $info = curl_getinfo($ch);
    $hinfo = curl_getinfo($ch, CURLINFO_HEADER_OUT);

    if ($info['http_code'] != 200) {
        echo "Login failed! HTTP code {$info['http_code']}<br>\n";
        var_dump($exec);

        // Echo post params
        $params= http_build_query($post);
        $params = str_replace("%0D%0A", '', $params);
        echo("$params <br>\n");
        echo($hinfo);
        exit;
    }

    echo "Login successful!<br>\n";

    // you are now logged in, use $ch to request pages as the logged in user

    $url = $base_url;

    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, 0);

    $account = curl_exec($ch);

?>

$csrfmiddlewaretoken,
“用户名”=>$username,
“密码”=>$password,
“下一步”=>“/intranet/”
);
curl_setopt($ch,CURLOPT_URL,$login_URL);
卷曲设置($ch,卷曲设置桩,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,http_build_query($post));
//添加标题
curl_setopt($ch,CURLOPT_HTTPHEADER,$headers);
//设置用于调试的标题
//curl_setopt($ch,CURLINFO_HEADER_OUT,true);
$exec=curl\u exec($ch);
echo($exec);
$info=curl\u getinfo($ch);
$hinfo=curl\u getinfo($ch,CURLINFO\u HEADER\u OUT);
如果($info['http_code']!=200){
echo“登录失败!HTTP代码{$info['HTTP_code']}
\n”;
var_dump($exec);
//回音后参数
$params=http_build_query($post);
$params=str_replace(“%0D%0A”,”$params);
echo(“$params
\n”);
echo($hinfo);
出口
}
echo“登录成功!
\n”;
//您现在已登录,请使用$ch作为登录用户请求页面
$url=$base\u url;
curl_setopt($ch,CURLOPT_URL,$URL);
curl_setopt($ch,CURLOPT_POST,0);
$account=curl_exec($ch);
?>
详细输出:

*   Trying 137.44.2.221...
* Connected to science.swansea.ac.uk (137.44.2.221) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* NPN, negotiated HTTP1.1
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*  subject: C=GB; ST=West Glamorgan; L=SWANSEA; O=Swansea University; OU=College of Science; CN=science.swansea.ac.uk
*  start date: Apr 29 11:54:39 2016 GMT
*  expire date: Apr 29 11:54:36 2019 GMT
*  issuer: C=BM; O=QuoVadis Limited; CN=QuoVadis Global SSL ICA G2
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> GET /intranet/accounts/login/?next=/intranet/ HTTP/1.1
Host: science.swansea.ac.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept: */*
Accept-Encoding: gzip, deflate, br
Cookie: csrftoken=BNmrRv29juCijlFX63mpMkzkL4pO2x67; sessionid=unanto4vhu3k4s3cz3ngyjfq5zloihjr

< HTTP/1.1 200 OK
< Date: Thu, 19 Jan 2017 21:24:10 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Server: gunicorn/0.17.2
< Last-Modified: Thu, 19 Jan 2017 21:24:10 GMT
< Expires: Thu, 19 Jan 2017 21:24:10 GMT
< Vary: Cookie
< Cache-Control: max-age=0
* Replaced cookie csrftoken="BNmrRv29juCijlFX63mpMkzkL4pO2x67" for domain science.swansea.ac.uk, path /intranet/, expire 1516310650
< Set-Cookie: csrftoken=BNmrRv29juCijlFX63mpMkzkL4pO2x67; expires=Thu, 18-Jan-2018 21:24:10 GMT; Max-Age=31449600; Path=/intranet/; secure
* Replaced cookie sessionid="unanto4vhu3k4s3cz3ngyjfq5zloihjr" for domain science.swansea.ac.uk, path /intranet/, expire 1485033850
< Set-Cookie: sessionid=unanto4vhu3k4s3cz3ngyjfq5zloihjr; expires=Sat, 21-Jan-2017 21:24:10 GMT; httponly; Max-Age=172800; Path=/intranet/; secure
< Content-Encoding: gzip
< 
* Connection #0 to host science.swansea.ac.uk left intact
* Found bundle for host science.swansea.ac.uk: 0x264f6c800d0 [can pipeline]
* Re-using existing connection! (#0) with host science.swansea.ac.uk
* Connected to science.swansea.ac.uk (137.44.2.221) port 443 (#0)
> POST /intranet/accounts/login/ HTTP/1.1
Host: science.swansea.ac.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept-Encoding: gzip, deflate, br
Cookie: csrftoken=BNmrRv29juCijlFX63mpMkzkL4pO2x67; sessionid=unanto4vhu3k4s3cz3ngyjfq5zloihjr
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
Cache-Control: max-age=0
Origin: https://science.swansea.ac.uk
Upgrade-Insecure-Requests: 1
Referer: https://science.swansea.ac.uk/intranet/accounts/login/
Accept-Language: en-US,en;q=0.8
Content-Length: 140
Content-Type: application/x-www-form-urlencoded

* upload completely sent off: 140 out of 140 bytes
< HTTP/1.1 403 FORBIDDEN
< Date: Thu, 19 Jan 2017 21:24:10 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Server: gunicorn/0.17.2
< Vary: Cookie
* Replaced cookie sessionid="unanto4vhu3k4s3cz3ngyjfq5zloihjr" for domain science.swansea.ac.uk, path /intranet/, expire 1485033850
< Set-Cookie: sessionid=unanto4vhu3k4s3cz3ngyjfq5zloihjr; expires=Sat, 21-Jan-2017 21:24:10 GMT; httponly; Max-Age=172800; Path=/intranet/; secure
< Content-Encoding: gzip
< 
* Connection #0 to host science.swansea.ac.uk left intact

*正在尝试137.44.2.221。。。
*连接至science.swansea.ac.uk(137.44.2.221)端口443(#0)
*密码选择:全部:!出口:!出口40:!出口56:!阿努尔:!低:!RC4:@强度
*NPN,协商的HTTP1.1
*使用TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384的SSL连接
*服务器证书:
*主题:C=GB;ST=西格拉摩根;L=斯旺西;O=斯旺西大学;OU=理学院;CN=science.swansea.ac.uk
*开始日期:2016年4月29日11:54:39 GMT
*到期日期:4月29日11:54:36格林尼治标准时间2019
*发行人:C=BM;O=QuoVadis有限公司;CN=QuoVadis全局SSL ICA G2
*SSL证书验证结果:证书链(19)中的自签名证书,仍在继续。
>GET/intranet/accounts/login/?next=/intranet/HTTP/1.1
主持人:science.swansea.ac.uk
用户代理:Mozilla/5.0(Windows NT 10.0;WOW64)AppleWebKit/537.36(KHTML,如Gecko)Chrome/55.0.2883.87 Safari/537.36
接受:*/*
接受编码:gzip,deflate,br
Cookie:csrftoken=bnmrrrv29jucijlfx63mpmkzkl4po2x67;sessionid=unanto4vhu3k4s3cz3ngyjfq5zloihjr
POST/intranet/accounts/login/HTTP/1.1
主持人:science.swansea.ac.uk
用户代理:Mozilla/5.0(Windows NT 10.0;WOW64)AppleWebKit/537.36(KHTML,如Gecko)Chrome/55.0.2883.87 Safari/537.36
接受编码:gzip,deflate,br
Cookie:csrftoken=bnmrrrv29jucijlfx63mpmkzkl4po2x67;sessionid=unanto4vhu3k4s3cz3ngyjfq5zloihjr
接受:text/html、application/xhtml+xml、application/xml;q=0.9,图像/webp,*/*;q=0.8
连接:保持活力
缓存控制:最大年龄=0
来源:https://science.swansea.ac.uk
升级不安全的请求:1
推荐人:https://science.swansea.ac.uk/intranet/accounts/login/
接受语言:en-US,en;q=0.8
内容长度:140
内容类型:application/x-www-form-urlencoded
*上传已完全发送:140字节中的140字节
您的问题在于以下几行:

$csrfmiddlewaretoken = explode('csrftoken', file_get_contents(realpath($cookie)));
$csrfmiddlewaretoken = trim($csrfmiddlewaretoken[1]);
$csrfmiddlewaretoken = substr($csrfmiddlewaretoken, 0, strpos($csrfmiddlewaretoken, "#"));
如果您在这一行后面放置一个
echo'].$csrfmiddlewaretoken.[';
$csrfmiddlewaretoken=substr($csrfmiddlewaretoken,0,strpos($csrfmiddlewaretoken,“#”);
您可以看到,
$csrfmiddlewaretoken
字符串的末尾有一个额外的空间(请参阅更新)。因此,这将是一个不同于服务器所寻找的令牌,也是获得
响应的原因

因此,只需将上面块的最后两行更改为:

$csrfmiddlewaretoken = $csrfmiddlewaretoken[1];
$csrfmiddlewaretoken = trim(substr($csrfmiddlewaretoken, 0, strpos($csrfmiddlewaretoken, "#")));
您将得到
响应

更新< 
science.swansea.ac.uk   FALSE   /intranet/  TRUE    1516357443  csrftoken   s5mbN2Fa5tty4UAkjjSix4cxlBLygsHg
#HttpOnly_science.swansea.ac.uk FALSE   /intranet/  TRUE    1485080643  sessionid   xvy7rikn6d3iv5xq0g6yisdrv00yjj0z

$csrfmiddlewaretoken = substr($csrfmiddlewaretoken, 0, strpos($csrfmiddlewaretoken, "#"))