0

我正在尝试使用 PHP 中的 cURL 登录我的 Elance 帐户。我通过第一个登录表单成功登录。但是,您必须在下一页回答安全问题。我正在尝试发布答案并提交表单,但是,我无法将其发布并提交表单。我正在尝试在 1 个 .php 文件中执行此操作。第二次 POST 需要在单独的文件中完成还是可以在同一个文件中完成?这是我的代码:

<?php

$username = 'Blah';
$password = 'BlahBlah';
$useragent = $_SERVER["HTTP_USER_AGENT"];
$postdata="lnm=$username&pwd=$password";
$postdata_2 = "challengeAnswer=Secret";

$ch = curl_init();

//Main Login
curl_setopt ($ch, CURLOPT_URL,"https://www.elance.com/php/landing/main/login.php");
curl_setopt ($ch, CURLOPT_HEADER, true);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt ($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt ($ch, CURLOPT_REFERER, "https://www.elance.com/php/landing/main/login.php");
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec($ch);



//Security Question
curl_setopt($ch, CURLOPT_URL, "https://www.elance.com/php/trust/main/securityAudit.php?timestamp=1369701194&userid=4312662&saamode=NCR&hash=b5523cd532c401e374c8a06e6d2fbfa39ac82387&ncr_persisid=643029635&kmsi=&redirect=https%3A%2F%2Fwww.elance.com%2Fphp%2Fmyelance%2Fmain%2Findex.php%3Fredirect%3Dhttps%253A%252F%252Fwww.elance.com%252Fmyelance");
curl_setopt ($ch, CURLOPT_HEADER, true);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt ($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt ($ch, CURLOPT_REFERER, "https://www.elance.com/php/trust/main/securityAudit.php?timestamp=1369701194&userid=4312662&saamode=NCR&hash=b5523cd532c401e374c8a06e6d2fbfa39ac82387&ncr_persisid=643029635&kmsi=&redirect=https%3A%2F%2Fwww.elance.com%2Fphp%2Fmyelance%2Fmain%2Findex.php%3Fredirect%3Dhttps%253A%252F%252Fwww.elance.com%252Fmyelance");
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata_2);
curl_setopt ($ch, CURLOPT_POST, 1);

$result_2 = curl_exec($ch);

echo $result_2;

curl_close($ch);

?>

我尝试了几种不同的方法,但它们似乎都不起作用。我需要帮助制作第二个 POST 命令。

4

2 回答 2

0 
if( $curl = curl_init() ) {
    curl_setopt($curl, CURLOPT_URL, 'http://your-domain.com/file.php');
    curl_setopt($curl, CURLOPT_RETURNTRANSFER,true);
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, "text=test");
    $out = curl_exec($curl);
    echo $out;
    curl_close($curl);
  }

之后,您可以通过 $_POST['text'];在http://your-domain.com/file.php中获取文本变量;

于 2013-05-27T14:35:48.467 回答
0

我可以在第二个 cURL 的参数上看到时间戳和哈希

curl_setopt($ch, CURLOPT_URL, "https://www.elance.com/php/trust/main/securityAudit.php?timestamp=1369701194&userid=4312662&saamode=NCR&hash=b5523cd532c401e374c8a06e6d2fbfa39ac82387&ncr_persisid=643029635&kmsi=&redirect=https%3A%2F%2Fwww.elance.com%2Fphp%2Fmyelance%2Fmain%2Findex.php%3Fredirect%3Dhttps%253A%252F%252Fwww.elance.com%252Fmyelance");

这意味着对于您从第一个 cURL 尝试的每个请求,都会创建一个新的唯一 URL,并且该 URL 将是唯一一个可以尝试使用您的第二个 cURL 发布的有效 URL。您不能只是将第二个“安全问题”屏幕的 URL 复制并粘贴到您的第二个 cURL,因为每次都会有其他时间戳和/或哈希值。

您不能只使用时间戳/哈希对 url 进行硬编码。它将从该站点的服务器中丢弃。您需要以某种方式即时获取该 url 并在您的第二个 POST 中使用它

也可能有一个“http referer”检查。

于 2013-05-27T14:32:38.987 回答