4

我正在尝试使用 PHP Curl 连接到我学校的门户,但没有运气,因为它似乎重定向到某些页面。我正在制作一个用于在 jQuery mobile 中显示学校日程的 web 应用程序,但为了显示您自己的日程安排,您需要登录并从那里转到您的日程安排。这就是我打算使用 CURL 和 PHP 来实现的目标。

我使用了来自http://codeaid.net/php/get-the-last-effective-url-from-a-series-of-redirects-for-the-given-url的教程,它适用于给定的链接,但我找不到应该使用哪个链接重定向到我的学校门户。

如果有人知道要遵循哪些步骤以了解您必须使用哪个 URL,那将非常有帮助。

我使用的代码:

<?php function getLastEffectiveUrl($url)
    {
         // initialize cURL
         $curl = curl_init($url);
         curl_setopt_array($curl, array(
         CURLOPT_RETURNTRANSFER => true,
         CURLOPT_FOLLOWLOCATION => true,
    ));

    // execute the request
    $result = curl_exec($curl);

    // fail if the request was not successful
    if ($result === false) {
        curl_close($curl);
        return null;
}

          // extract the target url
          $redirectUrl = curl_getinfo($curl, CURLINFO_EFFECTIVE_URL);
          curl_close($curl);

          return $redirectUrl;
    }

    $lastEffectiveUrl = getLastEffectiveUrl('https://login.hhs.nl');
    echo $lastEffectiveUrl . "-";
?>

同样,这是我从 Codeaid 学习的教程,我不认为自己制作了这个教程。

我的学校页面的链接是 https://portal.hhs.nl,你可以看到如果你去那里它会将我重定向到另一个页面。

4

1 回答 1

1

What you want to do is near impossible ... They applied several redirects with several methods and security tokens ... Let me explain:

At first look, i thought i was redirected by header(), but when i used Tamper Data the picture became more clear:

1) When you open https://portal.hhs.nl, you're redirected by some meta tags

<META name="verify-v1" content="Yh6PvgPdX64Vdo9akXqTvstTouu9uQcvrPpFaL9jqZs=" />
<META name="verify-v1" content="eiUD3J3OcF6SjBKGe5ZvkMTzVEJ9rnpr1NaCKV9OIKw=" />
<meta name="google-site-verification" content="Ka0UPoAllNqYvbuviJCk8iV64YfqfWbX6G1APHdY5tg" />
<META content="text/html; charset=windows-1252" http-equiv=Content-Type>
<META content="0; URL=http://portal.hhs.nl/portal/pls/portal/PORTAL.home" http-equiv=Refresh>

So you have to parse those meta tags, and redirect ... here's how you do it PHP: Can CURL follow meta redirects

2) For some reasons i can't "open" the data when i'm redirected with Tamper Data, so you have to do some research on this step ...

3) And here's another "redirect" technique, with JavaScript !!! 

<FORM NAME="SingleSignOn" METHOD="POST" ACTION="https://aselect.hhs.nl/aselectserver/server" >
<INPUT TYPE="HIDDEN" NAME="request" VALUE="direct_login1" >
<INPUT TYPE="HIDDEN" NAME="rid" VALUE="C741680139CA153E" >
<INPUT TYPE="HIDDEN" NAME="a-select-server" VALUE="aselectserver1" >
</FORM>
</BODY>

Just parse those and redirect to https://aselect.hhs.nl/aselectserver/server with those POST values ...

4) Finally we're on https://aselect.hhs.nl/aselectserver/server where we actually input our credentials, and where you also should parse data and send it with the credentials. After this step only you know what's behind the portal ...

Conclusion: Those security measures make it clear that they want to stop some automated kiddies like us, and what if someday those steps were changed ? What i suggest is to ask the school for some API, i know some schools in the Netherlands that uses Untis and they have a great API that returns some JSON data !

If you insist or if it's not possible to get your hand on an API, then get ready for some hard work !

Veel succes (good luck) !

于 2012-11-10T14:30:42.933 回答