我遇到了一个相当奇怪的问题。
我尝试使用PHP中的curl登录远程moodle安装。
我有一个curl命令,在终端中完美运行。
当我将相同的东西翻译成PHP时,它可以工作,但它只是没有登录。通过终端成功登录的完全相同的值,以某种方式通过PHP访问登录系统并且它没有登录。相反,它会再次返回登录页面。
我的cURL命令(数据部分省略,因为它有我的用户名和密码):
curl 'http://moodle.tsrs.org/login/index.php'
-H 'Pragma: no-cache'
-H 'Origin: http://moodle.tsrs.org'
-H 'Accept-Encoding: gzip, deflate'
-H 'Accept-Language: en-US,en;q=0.8'
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36'
-H 'Content-Type: application/x-www-form-urlencoded'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8'
-H 'Cache-Control: no-cache'
-H 'Referer: http://moodle.tsrs.org/login/index.php'
-H 'Cookie: MoodleSession=ngcidh028m37gm8gbdfe07mvs7; MOODLEID_=%25F1%25CD%2519D%25B2k%25FE%251D%25EFH%25E5t%25B1%2503%258E; MoodleSessionTest=NhzaTNij6j; _ga=GA1.2.925953522.1416155774; _gat=1; __utmt=1; __utma=147409963.925953522.1416155774.1416642544.1416692798.3; __utmb=147409963.1.10.1416692798; __utmc=147409963; __utmz=147409963.1416155774.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)'
-H 'Connection: keep-alive'
相应的PHP代码:
function login() {
$username = $_POST['username'];
$password = $_POST['password'];
if(!isset($_POST['username']) || !isset($_POST['password'])) {
echo "No login data received";
return;
}
$creq = curl_init();
$data = array('username' => $username, 'password' => $password, 'testcookies'=> '1');
$headers = array('Pragma: no-cache', 'Origin: http://moodle.tsrs.org', 'Accept-Encoding: ', 'Accept-Language: en-US,en;q=0.8', 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36', 'Content-Type: application/x-www-form-urlencoded', 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Cache-Control: no-cache', 'Cookie: MoodleSession=ngcidh028m37gm8gbdfe07mvs7; MOODLEID_=%25F1%25CD%2519D%25B2k%25FE%251D%25EFH%25E5t%25B1%2503%258E; MoodleSessionTest=NhzaTNij6j; _ga=GA1.2.925953522.1416155774; _gat=1; __utmt=1; __utma=147409963.925953522.1416155774.1416642544.1416692798.3; __utmb=147409963.1.10.1416692798; __utmc=147409963; __utmz=147409963.1416155774.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)', 'Connection: keep-alive' );
curl_setopt_array($creq, array(
CURLOPT_URL => 'http://moodle.tsrs.org/login/index.php',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_ENCODING => '',
CURLINFO_HEADER_OUT => true,
CURLOPT_POSTFIELDS => $data,
CURLOPT_HTTPHEADER => $headers,
CURLOPT_FOLLOWLOCATION => false
));
$output = curl_exec($creq);
echo print_r(curl_getinfo($creq));
echo "\n" . $output . "\n";
}
curlinfo的输出:
Array
(
[url] => http://moodle.tsrs.org/login/index.php
[content_type] => text/html; charset=utf-8
[http_code] => 200
[header_size] => 541
[request_size] => 945
[filetime] => -1
[ssl_verify_result] => 0
[redirect_count] => 0
[total_time] => 1.462409
[namelookup_time] => 0.002776
[connect_time] => 0.330766
[pretransfer_time] => 0.330779
[size_upload] => 365
[size_download] => 8758
[speed_download] => 5988
[speed_upload] => 249
[download_content_length] => -1
[upload_content_length] => 365
[starttransfer_time] => 0.694866
[redirect_time] => 0
[certinfo] => Array
(
)
[primary_ip] => 125.22.33.149
[redirect_url] =>
[request_header] => POST /login/index.php HTTP/1.1
Host: moodle.tsrs.org
Pragma: no-cache
Origin: http://moodle.tsrs.org
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Cache-Control: no-cache
Cookie: MoodleSession=ngcidh028m37gm8gbdfe07mvs7; MOODLEID_=%25F1%25CD%2519D%25B2k%25FE%251D%25EFH%25E5t%25B1%2503%258E; MoodleSessionTest=NhzaTNij6j; _ga=GA1.2.925953522.1416155774; _gat=1; __utmt=1; __utma=147409963.925953522.1416155774.1416642544.1416692798.3; __utmb=147409963.1.10.1416692798; __utmc=147409963; __utmz=147409963.1416155774.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Connection: keep-alive
Content-Length: 365
Expect: 100-continue
Content-Type: application/x-www-form-urlencoded; boundary=----------------------------83564ee60d56
)
有谁知道这可能的原因?我尝试用COOKIEFILE和COOKIEJAR交换硬编码的cookie,但它没有改变任何东西。
答案 0 :(得分:7)
通过查看cURL实际完成的所有,可以更好地调试这个问题。这是通过向命令添加verbose标志来完成的:-v
。
$ curl localhost/login [...] -v
我们可以通过添加CURLOPT_VERBOSE
选项从PHP卷曲中获取相同的输出。请注意,通过添加此行,您将指示cURL向STDOUT输出相同的信息 - 它不会被返回,内容也不会被发送到浏览器,因此必须在终端中调试。
curl_setopt($curl, CURLOPT_VERBOSE, 1);
通过这种方式,您可以获得两个HTTP请求的一致且可比较的输出,它应该看起来像这样:
POST / HTTP/1.1
Host: localhost:3000
Pragma: no-cache
Origin: http://moodle.tsrs.org
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Cache-Control: no-cache
Cookie: MoodleSession=ngcidh028m37gm8gbdfe07mvs7; MOODLEID_=%25F1%25CD%2519D%25B2k%25FE%251D%25EFH%25E5t%25B1%2503%258E; MoodleSessionTest=NhzaTNij6j; _ga=GA1.2.925953522.1416155774; _gat=1; __utmt=1; __utma=147409963.925953522.1416155774.1416642544.1416692798.3; __utmb=147409963.1.10.1416692798; __utmc=147409963; __utmz=147409963.1416155774.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Connection: keep-alive
Content-Length: 250
Expect: 100-continue
Content-Type: application/x-www-form-urlencoded; boundary=------------------------b4d79f17a3887f2d
< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Content-Type: application/json; charset=utf-8
< Content-Length: 2
< ETag: W/"2-mZFLkyvTelC5g8XnyQrpOw"
< Date: Thu, 22 Dec 2016 19:13:40 GMT
< Connection: keep-alive
左:问题中提供的命令行cURL(带有额外的-v
标志)
右:问题中已发布的PHP cURL(已启用CURLOUT_VERBOSE
)
正如您所看到的,标题不是相同,这就清楚了。 PHP调用缺少Accept-Encoding
和Referer
标题。
如果没有显示任何内容,请尝试将PHP中的更多cURL设置更改回原来的cURL默认设置。
Internally, PHP opts to override some defaults in cURL没有告诉你。虽然这些设置应该没问题,但我们可以通过明确地将它们重新设置为cURL默认值来更改它们:
curl_setopt($curl, CURLOPT_DNS_CACHE_TIMEOUT, 60);
curl_setopt($curl, CURLOPT_DNS_USE_GLOBAL_CACHE, 0);
curl_setopt($curl, CURLOPT_MAXREDIRS, -1);
curl_setopt($curl, CURLOPT_NOSIGNAL, 0);
答案 1 :(得分:4)
在传递给curl之前,在http_build_query
数组上使用$data
以避免Content-Type: application/x-www-form-urlencoded; boundary=---
。这也确保了对密码中的任何特殊字符进行编码。
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
按如下方式重塑您的卷曲请求:
通过在$cookies = '/tmp/some/dir/xyz.cookie.txt'
指向cookie文件向登录页面发出GET请求。确保使用cookie名称的完整路径。然后关闭卷曲手柄。这会将cookie存储在cookie文件中。
$creq = curl_init();
curl_setopt_array($creq, array(
CURLOPT_URL => 'http://moodle.tsrs.org/login/index.php',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLINFO_HEADER_OUT => true,
CURLOPT_HTTPHEADER => $headers,
CURLOPT_FOLLOWLOCATION => false,
CURLOPT_COOKIEJAR => $cookies // save cookie
));
$output = curl_exec($creq);
curl_close($creq);
现在使用第二个curl请求发出POST请求。这个时间点与COOKIEFILE选项相同的cookie文件。
$creq = curl_init();
curl_setopt_array($creq, array(
CURLOPT_URL => 'http://moodle.tsrs.org/login/index.php',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_ENCODING => '',
CURLINFO_HEADER_OUT => true,
CURLOPT_POSTFIELDS => http_build_query ($data),
CURLOPT_HTTPHEADER => $headers,
CURLOPT_FOLLOWLOCATION => false,
CURLOPT_COOKIEJAR => $cookies, // save cookie
CURLOPT_COOKIEFILE => $cookies // load cookie
);
$output = curl_exec($creq);
curl_close($creq);
有时服务器会在发出登录请求时查找cookie(以确保在访问登录页面后发出请求)。
答案 2 :(得分:1)
很可能您的问题与cURL默认为每个POST请求发送的HTTP标头Expect: 100-continue
有关。
当客户端不确定服务器是否接受此类请求时,Expect: 100-continue
标头用于包含大数据的POST请求中。在这种情况下,客户端首先发送仅包含Expect: 100-continue
的标头的请求,如果服务器的响应成功,则发送与主体相同的请求(POST数据)。
问题是并非所有Web服务器都正确处理此标头。在这种情况下,发送此标头是不受欢迎的。
通过将Expect
传递给array('Expect:')
选项,解决方案是手动删除发送标头的CURLOPT_HTTPHEADER
标头。
在您的情况下,您只需添加&#39; Expect:&#39;字符串到$headers
数组:
$headers[] = 'Expect:';
答案 3 :(得分:0)
我怀疑你第一次尝试使用curl命令是在index.php文件中使用GET方法。我建议你在命令行中的第一个curl请求上启用--trace-ascii
,看看页面是否正在发出GET请求。如果是,您应该更改使用POST方法的PHP脚本。如果将CURLOPT_POST更改为false,则PHP脚本应该可以正常工作。