我正在尝试创建一个脚本,该脚本通过Curl使用PHP登录到我的pay.circle(Circle Pay网站)帐户。我遇到问题,因为提交POST请求的响应是502错误的网关消息。
我不确定是否为登录提交找到了正确的URL,我使用chromes inspector查找了该URL,请参见下文: image
URL可能不正确还是我没有传递正确的数据?请参阅下面的代码:
$data = array(
"email" => "skyrocket@yahoo.com",
"password" => "test"
);
$fields = json_encode($data);
$ch = curl_init();
$url = "https://api.circle.com/api/v2/customers/0/sessions";
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies/logins/cookies.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies/logins/cookies.txt");
curl_setopt($ch, CURLOPT_TIMEOUT, 40000);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_REFERER, "https://pay.circle.com/signin");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Accept: application/json, text/plain, */*',
'Origin: https://pay.circle.com',
'X-App-Version: ff40150fdea82e0f0cca84b649cabc06cc2955d3',
'X-Device-Id: {"fingerprint":"6c771befbe38d8a345506707ec6003a9","fingerprintVersion":"1.1.0","fingerprintCookie":"3d60faa3-1a9c-417f-8f3f-cf3545deb7f8"}',
'X-ECP-Session-Id: 0000188520190305114719162707',
'Content-Type: application/json;charset=UTF-8',
'Content-Length: ' . strlen($fields)) );
$output = curl_exec($ch);
我已经尝试了多种方法,例如将发布数据作为json发送。或使用http构建函数对文本进行编码。
任何方向将不胜感激
答案 0 :(得分:0)
(这不是有关如何登录的完整解决方案,但是您犯了太多错误,无法简单地将其添加为评论文本,因此我将投诉添加为 answer。 )
1:此网站在登录会话中使用cookie,您需要先登录cookie(使用简单的GET请求),然后您才需要获取cookie。
2:您正在尝试发送以multipart/form-data格式编码的用户名和密码(如果您将数组提供给CURLOPT_POSTFIELDS,则会得到此信息),但是此网站使用JSON记录输入,因此您需要发送用户名和密码以json编码。
3:尝试登录之前,您需要使用有效的cookie向api.circle.com/api/v2/customers/0/sessions发送一个OPTIONS请求,但是您没有这样做。
4:此网站使用CSRF令牌的一种变体,称为X-ECP-Session-Id,您将它与GET请求一起接收,在该请求中您需要将cookie添加到登录请求中,但您从未获取过cookie。首先是令牌。
4:此网站要求您未添加登录请求的几个自定义http标头,特别是Accept: application/json, text/plain, */*和Content-Type: application/json;charset=UTF-8和X-App-Id和X-App-Version和{{ 1}},最后是CSRF令牌X-Device-Id-您没有添加任何一个。
难怪您的登录请求没有成功。
这是使用hhb_curl的登录示例:
X-ECP-Session-Id输出:
<?php
declare (strict_types = 1);
require_once('hhb_.inc.php');
const USERNAME = '???';
const PASSWORD = '???';
$hc = new hhb_curl('', true);
//now to fetch the csrf token and cookies
$html = $hc->exec('https://pay.circle.com/signin')->getStdOut();
{
// we need stuff from the headers
$cookies_raw = $hc->getResponseHeaders();
$cookies_parsed = array();
foreach ($cookies_raw as $tmp) {
if (false === strpos($tmp, ':')) {
// don't need this header
continue;
}
$tmp = explode(':', $tmp, 2);
$cookies_parsed[trim($tmp[0])] = trim($tmp[1]);
}
// 'X-App-Version: ff40150fdea82e0f0cca84b649cabc06cc2955d3'
// 'X-Device-Id: {"fingerprint":"aa1683cf1ce7dcca7a347b887747896b","fingerprintVersion":"1.1.0","fingerprintCookie":"6ad46a77-0c7e-4bd7-8570-1568f2ec8b9c"}',
// 'X-ECP-Session-Id: 0000188520190306085938487417',
//hhb_var_dump($cookies_parsed) & die();
assert(isset($cookies_parsed['X-App-Version']));
// TODO: X-Device-Id apparently comes from https://assets.circle.com/assets/javascripts/application-63066bd45540e4f6a74081aaaf96154f.js
// assert(isset($cookies_parsed['X-Device-Id']));
assert(isset($cookies_parsed['X-ECP-Session-Id']));
$login_headers = array(
'Content-Type: application/json;charset=utf-8',
'X-App-Id: angularjs',
'X-App-Version: ' . $cookies_parsed['X-App-Version'],
// TODO: 'X-Device-Id: ' . $cookies_parsed['X-Device-Id'],
'X-ECP-Session-Id: ' . $cookies_parsed['X-ECP-Session-Id'],
);
//hhb_var_dump($login_headers) & die();
}
$domd = @DOMDocument::loadHTML($html);
// now do the OPTIONS request. we need to do it to log in, but it doesn't return any useful data.
$hc->setopt_array(array(
CURLOPT_CUSTOMREQUEST => 'OPTIONS',
CURLOPT_URL => 'https://api.circle.com/api/v2/customers/0/sessions',
CURLOPT_HTTPHEADER => array(
'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Access-Control-Request-Method: POST',
'Access-Control-Request-Headers: content-type,x-app-id,x-app-version,x-device-id,x-ecp-session-id',
'Origin: https://pay.circle.com',
)
))->exec()->setopt(CURLOPT_CUSTOMREQUEST, null);
// now to do the actual login
$json = $hc->setopt_array(array(
CURLOPT_URL => 'https://api.circle.com/api/v2/customers/0/sessions',
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => json_encode(array('email' => USERNAME, 'password' => PASSWORD)),
CURLOPT_HTTPHEADER => $login_headers
))->exec()->getStdOut();
$parsed = json_decode($json, true);
// now to look for login errors
$login_errors = [];
/*
{
"response": {
"status": {
"code": 4,
"customerState": {
"isEmailVerified": false,
"isMfaVerified": false
}
},
"errors": {
"emailOrPassword": ["invalid"]
},
"displayErrors": ["Email or password is incorrect"],
"displayErrorsMap": {
"emailOrPassword": "Email or password is incorrect"
}
}
}
*/
$response=$parsed['response'];
if(!empty($response['errors'])){
$login_errors[]=$response['errors'];
}
if(!empty($response['displayErrors'])){
$login_errors[]=$response['displayErrors'];
}
if(!empty($response['displayErrors'])){
$login_errors[]=$response['displayErrorsMap'];
}
if(!empty($login_errors)){
echo "LOGIN ERRORS!\n";
var_dump($login_errors);
throw new \RuntimeException("LOGIN ERRORS!");
}
var_dump($json);
因为$ php wtf2.php
LOGIN ERRORS!
array(3) {
[0]=>
array(1) {
["emailOrPassword"]=>
array(1) {
[0]=>
string(7) "invalid"
}
}
[1]=>
array(1) {
[0]=>
string(30) "Email or password is incorrect"
}
[2]=>
array(1) {
["emailOrPassword"]=>
string(30) "Email or password is incorrect"
}
}
PHP Fatal error: Uncaught RuntimeException: LOGIN ERRORS! in /cygdrive/c/projects/misc/wtf2.php:94
Stack trace:
#0 {main}
thrown in /cygdrive/c/projects/misc/wtf2.php on line 94
不是有效的用户名,请参见第4和5行。