我正在尝试登录此网站
https://my.infer.com/auth/login
通过分析Request Headers
中的firebug
,我发现他们接受JSON格式的POST
参数
[{"name":"username","value":"EMAIL_HERE"},":"password","value":"PASSWROD_HERE"}]
而且他们也需要CSRF-TOKEN
,请参见截图
我已经做了所有事情,但我无法登录该网站,并继续
Bad Request
CSRF token missing or incorrect.
这是我的代码
$path = __FILE__ . "/ctemp";
$cookie_file_path = $path . "/cookie.txt";
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_NOBODY, false);
// START: grab a fresh csrf-token
curl_setopt($ch, CURLOPT_URL, "https://my.infer.com/auth/login");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$output = curl_exec($ch);
$csrf = phpQuery::newDocumentHTML($output);
$csrf = pq("body > div.page-content-wrapper > div > div:nth-child(2) > script", $csrf)->text();
$csrf = substr($csrf, strpos($csrf, 'CSRF_TOKEN'), strpos($csrf, "$(function()") - strpos($csrf, 'CSRF_TOKEN'));
$csrf = str_replace("';", "", $csrf);
$csrf = ltrim($csrf, "CSRF_TOKEN= '");
// END: grab a fresh csrf-token
curl_setopt($ch, CURLOPT_URL, 'https://my.infer.com/auth/login/password');
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
//set the cookie the site has for certain features, this is optional
curl_setopt($ch, CURLOPT_COOKIE, "cookiename=0");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, 'https://my.infer.com/auth/login');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
"host:my.infer.com",
"Content-Type:application/json; charset=UTF-8",
"Accept-Encoding:gzip, deflate",
"host:my.infer.com",
"X-Requested-With:XMLHttpRequest",
"X-CSRFToken: $csrf",
));
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
// curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, '[{"name":"username","value":"xxx@xxx.com"},{"name":"password","value":"password_here"}]');
echo curl_exec($ch);
But I get
Bad Request
CSRF token missing or incorrect.
注意: X-CSRFToken
每次访问该网页时都是正确的,我从该网站获得了一个新的X-CSRFToken
令牌。
那么我做错了什么?