无法使用PHP cURL登录网站

时间:2016-03-30 18:34:11

标签: php json curl

我正在尝试登录此网站

https://my.infer.com/auth/login

通过分析Request Headers中的firebug,我发现他们接受JSON格式的POST参数

[{"name":"username","value":"EMAIL_HERE"},":"password","value":"PASSWROD_HERE"}]

而且他们也需要CSRF-TOKEN,请参见截图

enter image description here

我已经做了所有事情,但我无法登录该网站,并继续

Bad Request

CSRF token missing or incorrect.

这是我的代码

    $path = __FILE__ . "/ctemp";
    $cookie_file_path = $path . "/cookie.txt";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_NOBODY, false);

    // START: grab a fresh csrf-token
    curl_setopt($ch, CURLOPT_URL, "https://my.infer.com/auth/login");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17');
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    $output = curl_exec($ch);
    $csrf = phpQuery::newDocumentHTML($output);
    $csrf = pq("body > div.page-content-wrapper > div > div:nth-child(2) > script", $csrf)->text();
    $csrf = substr($csrf, strpos($csrf, 'CSRF_TOKEN'), strpos($csrf, "$(function()") - strpos($csrf, 'CSRF_TOKEN'));
    $csrf = str_replace("';", "", $csrf);
    $csrf = ltrim($csrf, "CSRF_TOKEN= '");
    // END: grab a fresh csrf-token

    curl_setopt($ch, CURLOPT_URL, 'https://my.infer.com/auth/login/password');
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
    //set the cookie the site has for certain features, this is optional
    curl_setopt($ch, CURLOPT_COOKIE, "cookiename=0");
    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_REFERER, 'https://my.infer.com/auth/login');
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        "host:my.infer.com",
        "Content-Type:application/json; charset=UTF-8",
        "Accept-Encoding:gzip, deflate",
        "host:my.infer.com",
        "X-Requested-With:XMLHttpRequest",
        "X-CSRFToken: $csrf",
    ));
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
//    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, '[{"name":"username","value":"xxx@xxx.com"},{"name":"password","value":"password_here"}]');
    echo curl_exec($ch);

But I get

Bad Request

CSRF token missing or incorrect.

注意: X-CSRFToken每次访问该网页时都是正确的,我从该网站获得了一个新的X-CSRFToken令牌。

那么我做错了什么?

0 个答案:

没有答案
相关问题
最新问题