7

我正在尝试登录 Google 帐户,以便能够在我自己的应用程序中使用 Google Ingress Intel 地图。我发现了这个问题(使用 PHP 和 Curl 登录 Google,Cookie 已关闭?),我可以登录 Google 帐户,但是当我想加载 Ingress Intel 地图时出现问题(http://www.ingress.com/intel) ,然后我得到这个错误:

禁止 (403)

CSRF 验证失败。请求中止。

我知道 CSRF,但我不知道我做错了什么。也许是因为我的 cookie.txt 文件是空的,但为什么呢?

这是我的代码:

$ch = curl_init();
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_HEADER, 0);  
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 120);
curl_setopt($ch, CURLOPT_TIMEOUT, 120);

curl_setopt($ch, CURLOPT_URL, 
  'https://accounts.google.com/ServiceLogin?hl=en&service=alerts&continue=http://www.google.com/alerts/manage');
$data = curl_exec($ch);

$formFields = getFormFields($data);

$formFields['Email']  = $USERNAME;
$formFields['Passwd'] = $PASSWORD;
unset($formFields['PersistentCookie']);

$post_string = '';
foreach($formFields as $key => $value) {
    $post_string .= $key . '=' . urlencode($value) . '&';
}

$post_string = substr($post_string, 0, -1);

curl_setopt($ch, CURLOPT_URL, 'https://accounts.google.com/ServiceLoginAuth');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);

$result = curl_exec($ch);


    curl_setopt($ch, CURLOPT_URL, 'http://www.ingress.com/intel');
    curl_setopt($ch, CURLOPT_POST, 0);
    curl_setopt($ch, CURLOPT_POSTFIELDS, null);

    $result = curl_exec($ch);

    var_dump($result);


function getFormFields($data)
{
    if (preg_match('/(<form.*?id=.?gaia_loginform.*?<\/form>)/is', $data, $matches)) {
        $inputs = getInputs($matches[1]);

        return $inputs;
    } else {
        die('didnt find login form');
    }
}

function getInputs($form)
{
    $inputs = array();

    $elements = preg_match_all('/(<input[^>]+>)/is', $form, $matches);

    if ($elements > 0) {
        for($i = 0; $i < $elements; $i++) {
            $el = preg_replace('/\s{2,}/', ' ', $matches[1][$i]);

            if (preg_match('/name=(?:["\'])?([^"\'\s]*)/i', $el, $name)) {
                $name  = $name[1];
                $value = '';

                if (preg_match('/value=(?:["\'])?([^"\'\s]*)/i', $el, $value)) {
                    $value = $value[1];
                }

                $inputs[$name] = $value;
            }
        }
    }

    return $inputs;
}

感谢您的建议我做错了什么:)

4

2 回答 2

2 
<?php
$username = 'email@gmail.com';
$password = 'password';
$cookies = 'cookies.txt';

function getFormFields($data) {
        if(preg_match('/(<form.*?id=.?gaia_loginform.*?<\/form>)/is', $data, $matches)) {
                $inputs = getInputs($matches[1]);
                return $inputs;
        } else {
                die('didnt find login form');
        }
}

function getInputs($form) {
        $inputs = array();
        $elements = preg_match_all('/(<input[^>]+>)/is', $form, $matches);

        if($elements > 0) {
                for($i = 0; $i < $elements; $i++) {
                        $el = preg_replace('/\s{2,}/', ' ', $matches[1][$i]);
                        if (preg_match('/name=(?:["\'])?([^"\'\s]*)/i', $el, $name)) {
                                $name  = $name[1];
                                $value = '';
                                if (preg_match('/value=(?:["\'])?([^"\'\s]*)/i', $el, $value)) {
                                        $value = $value[1];
                                }
                                $inputs[$name] = $value;
                        }
                }
        }
        return $inputs;
}

$ch = curl_init();
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.56 Safari/537.17");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 120);
curl_setopt($ch, CURLOPT_TIMEOUT, 120);

curl_setopt($ch, CURLOPT_URL, 'https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttp://www.ingress.com/intel');
$data = curl_exec($ch);

$formFields = getFormFields($data);
$formFields['Email']  = $username;
$formFields['Passwd'] = $password;
unset($formFields['PersistentCookie']);

$post_string = '';
foreach($formFields as $key => $value) {
        $post_string .= $key . '=' . urlencode($value) . '&';
}
$post_string = substr($post_string, 0, -1);

curl_setopt($ch, CURLOPT_URL, 'https://accounts.google.com/ServiceLoginAuth');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);
$result = curl_exec($ch);

curl_setopt($ch, CURLOPT_URL, 'https://www.ingress.com/intel');
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, null);
$result = curl_exec($ch);

echo $result;

curl_close($ch);
@unlink($cookies);
?>
于 2013-01-24T07:05:00.037 回答
1 
<input type='hidden' name='csrfmiddlewaretoken' value='biVbClptWbMjkpXiJiVUVkt3T1wx9OwF' />

您必须使用它,它在搜索表单中;)

您的请求中似乎需要此标头:

X-CSRFToken:biVbClptWbMjkpXiJiVUVkt3T1wx9OwF

我自己正在尝试使用 Goutte 以及 Symfony DOMCrawler 和控制台组件,它们都与 Composer 捆绑在一起:

<?php
namespace Ingress;

use Goutte\Client;
use Doctrine\Common\Cache\ArrayCache;
use Guzzle\Cache\DoctrineCacheAdapter;
use Guzzle\Plugin\Cache\CachePlugin;
use Guzzle\Plugin\Cookie\CookiePlugin;
use Guzzle\Plugin\Cookie\CookieJar\ArrayCookieJar;
use Guzzle\Plugin\Backoff\BackoffPlugin;

class Crawl
{
    const USER = 'googleuser';
    const PASSWORD = 'passwd';
    const URL_START = 'http://www.ingress.com/intel';
    const URL_LOGIN = 'https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttp://www.ingress.com/intel';
    const USER_AGENT = 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11';

    public $client;

    public function __construct()
    {
        $history = new \Symfony\Component\BrowserKit\History();
        $cookieJar = new \Symfony\Component\BrowserKit\CookieJar();
        $config = array('HTTP_USER_AGENT' => self::USER_AGENT);
        $this->client = new Client($config, $history, $cookieJar);

        $guzzleClient = $this->client->getClient();

        $backoffPlugin = BackoffPlugin::getExponentialBackoff();
        $guzzleClient->addSubscriber($backoffPlugin);
        $cachePlugin = new CachePlugin(array('adapter' => new DoctrineCacheAdapter(new ArrayCache())));
        $guzzleClient->addSubscriber($cachePlugin);
        $cookiePlugin = new CookiePlugin(new ArrayCookieJar());
        $guzzleClient->addSubscriber($cookiePlugin);

        $guzzleClient->setConfig(array(
            'ssl.certificate_authority' => false,
            'curl.options' => array(
                CURLOPT_CONNECTTIMEOUT => 120,
                CURLOPT_TIMEOUT => 120
            )
        ));
    }

    public function login()
    {
        $crawler = $this->client->request('GET', self::URL_LOGIN);
        $form = $crawler->selectButton('Sign in')->form(array(
            'Email' => self::USER,
            'Passwd' => self::PASSWORD
        ));
        $form['PersistentCookie']->tick();
        $crawler = $this->client->submit($form);
    }
}

https://github.com/florinutz/ingress-php

于 2013-01-27T12:48:48.230 回答