0

所以我试图通过 3rd 方脚本登录到一个站点。

首先,为了确认我可以从另一个站点登录,我将以下代码放在我自己的服务器上,这会创建一个简单的登录表单。我输入了登录用户/密码,实际上我可以正常登录。

这是代码:

<form name="mainform" method="post" action="https://www.asahq.org/For-Members/Member-Login.aspx?item=%2ffor-members%2fmy-asa%2fmy-info&user=extranet%5cAnonymous&site=website">
  <input name="phlanding_0$tbxUserName" type="text" id="phlanding_0_tbxUserName" />
  <input name="phlanding_0$tbxPassWord" type="password" id="phlanding_0_tbxPassWord" />
  <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWHwKE7bibAwKI9b/BCwKB+MluAp27v8UNAtuZg7wBAo/N2LkGAqqKl64HAvihv9sFAoPuntYOAq/awvEIArnhvYENAqyrxqgJApqIqpECAsaT1xIC7OPuywEC9Ku87g4Ch4/A8QQCoc384wIC0cai5QoC+L6/3QgC3Y3v5goCqdqB3wQC2qLpzwQCrvPizwECrKH2zAUCl4Ojjg8Cmaju3gMCuPjw6gcCkuS3OwLvi57bCQKd6N2gDW2RyNscxQR0WrZKbeinSBA9seBT" />

  <input type="hidden" name="smMain_HiddenField" id="smMain_HiddenField" value="" />
  <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
  <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
  <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTQ3NDU4Mjg3OA9kFgICAxBkZBYKAgMPZBYIAgEPDxYCHgtOYXZpZ2F0ZVVybAUBL2RkAgUPZBYCAgMPZBYCAgEPZBYCZg9kFgICAw8PFgIeBFRleHQFBjUwLDAwMGRkAgcPFgIeB1Zpc2libGVoZAIND2QWAgIDD2QWAgIBD2QWAmYPZBYGAgEPEGRkFgFmZAIDDxBkZBYBZmQCBQ8PFgIfAGVkZAIHD2QWAmYPFgIfAmgWAmYPDxYCHwJoZBYCAgEPFgIfAmhkAhMPZBYCZg9kFgJmD2QWBmYPZBYEAgEPZBYCZg9kFgJmD2QWAgIDDxYCHwJoZAIFD2QWAmYPZBYCZg9kFgYCAQ8QZGQWAWZkAgMPEGRkFgFmZAIFDxBkZBYBZmQCBA9kFgJmD2QWAmYPZBYCAgMPZBYCAgMPDxYCHwAFOS9Gb3ItTWVtYmVycy9FZHVjYXRpb24tYW5kLUV2ZW50cy9DYWxlbmRhci1vZi1FdmVudHMuYXNweGRkAgwPZBYCZg9kFgJmD2QWAgIDD2QWEgIBDw8WAh8ABRpodHRwczovL3NlZS5hc2FocS5vcmcvd2ViL2QWAmYPDxYEHg1BbHRlcm5hdGVUZXh0ZR4ISW1hZ2VVcmwFNC9+L21lZGlhL1Nob3AgQVNBL1NFRSBnZW5lcmljL1NFRS1HZW5lcmljLTcyeDExMC5qcGdkZAIDDxYCHwFlZAIFDw8WAh8ABRpodHRwczovL3NlZS5hc2FocS5vcmcvd2ViL2RkAgcPFgIfAQVwPGEgaHJlZj0iaHR0cHM6Ly9zZWUuYXNhaHEub3JnL3dlYi8iIHRhcmdldD0iX2JsYW5rIj5TZWxmLUVkdWNhdGlvbiBhbmQgRXZhbHVhdGlvbiAoU0VFKSBQcm9ncmFtLSBOZXcgaXNzdWUhPC9hPmQCCQ8WAh8BBRIzMDcwMS0xM0NFLTFDRS0xQ0VkAgsPFgIfAWVkAg0PDxYCHwAFGmh0dHBzOi8vc2VlLmFzYWhxLm9yZy93ZWIvZGQCDw8WAh8BBSFTaW5nbGUgQ29waWVzLCBNZW1iZXIgUHJpY2U6ICQzNjBkAhEPFgIfAWVkAhUPZBYCZg9kFgJmD2QWAgIDD2QWBAIZDxYCHwEFCEpvaW4gQVNBZAIbD2QWAgIBDw8WAh8BBQY1MCwwMDBkZAIZD2QWCAIHDw8WAh8ABTAvRm9yLXRoZS1QdWJsaWMtYW5kLU1lZGlhL1ByaXZhY3ktU3RhdGVtZW50LmFzcHhkZAIIDw8WAh8ABTMvRm9yLXRoZS1QdWJsaWMtYW5kLU1lZGlhL1Rlcm1zLWFuZC1Db25kaXRpb25zLmFzcHhkZAIJDw8WAh8ABScvRm9yLU1lbWJlcnMvQWJvdXQtQVNBL0NvbnRhY3QtQVNBLmFzcHhkZAIKDw8WAh8CZ2RkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYGBSRhc2FTaXRlSGVhZGVyJGlibkhlYWRlck1lbWJlckxvZ2luR28FKmFzYVNpdGVIZWFkZXIkY2J4SGVhZGVyTWVtYmVyTG9naW5SZW1lbWJlcgUdYXNhU2l0ZUhlYWRlciRpYm5IZWFkZXJTZWFyY2gFKXBobGVmdG5hdl8wJGxud01haW5TaWduSW4kaWJuTXlBU0FTaWduSW4xBRlwaGxhbmRpbmdfMCRjYnhSZW1lbWJlck1lBRRwaGxhbmRpbmdfMCRpYm5Mb2dJbuFEn7mNDRuZC1i+tcxz2YXOzm9w" />
 <input type="image" name="phlanding_0$ibnLogIn" id="phlanding_0_ibnLogIn" class="button-log-in" src="../App_Themes/DefaultGray/Media/placeholder.gif" alt="Log In" style="border-width:0px;margin-top: 5px;" />


</form>

当我登录时,我被重定向到会员页面就好了。因此,为了确定发布的内容,我创建了自己的 catch 脚本,然后修改了 url 以发布到 catch 脚本。这是正在发布的内容:

phlanding_0$tbxUserName - OBVIOUS
phlanding_0$tbxPassWord - REMOVAL
__EVENTVALIDATION - /wEWHwKE7bibAwKI9b/BCwKB+MluAp27v8UNAtuZg7wBAo/N2LkGAqqKl64HAvihv9sFAoPuntYOAq/awvEIArnhvYENAqyrxqgJApqIqpECAsaT1xIC7OPuywEC9Ku87g4Ch4/A8QQCoc384wIC0cai5QoC+L6/3QgC3Y3v5goCqdqB3wQC2qLpzwQCrvPizwECrKH2zAUCl4Ojjg8Cmaju3gMCuPjw6gcCkuS3OwLvi57bCQKd6N2gDW2RyNscxQR0WrZKbeinSBA9seBT
smMain_HiddenField - 
__EVENTTARGET - 
__EVENTARGUMENT - 
__VIEWSTATE - /wEPDwUKLTQ3NDU4Mjg3OA9kFgICAxBkZBYKAgMPZBYIAgEPDxYCHgtOYXZpZ2F0ZVVybAUBL2RkAgUPZBYCAgMPZBYCAgEPZBYCZg9kFgICAw8PFgIeBFRleHQFBjUwLDAwMGRkAgcPFgIeB1Zpc2libGVoZAIND2QWAgIDD2QWAgIBD2QWAmYPZBYGAgEPEGRkFgFmZAIDDxBkZBYBZmQCBQ8PFgIfAGVkZAIHD2QWAmYPFgIfAmgWAmYPDxYCHwJoZBYCAgEPFgIfAmhkAhMPZBYCZg9kFgJmD2QWBmYPZBYEAgEPZBYCZg9kFgJmD2QWAgIDDxYCHwJoZAIFD2QWAmYPZBYCZg9kFgYCAQ8QZGQWAWZkAgMPEGRkFgFmZAIFDxBkZBYBZmQCBA9kFgJmD2QWAmYPZBYCAgMPZBYCAgMPDxYCHwAFOS9Gb3ItTWVtYmVycy9FZHVjYXRpb24tYW5kLUV2ZW50cy9DYWxlbmRhci1vZi1FdmVudHMuYXNweGRkAgwPZBYCZg9kFgJmD2QWAgIDD2QWEgIBDw8WAh8ABRpodHRwczovL3NlZS5hc2FocS5vcmcvd2ViL2QWAmYPDxYEHg1BbHRlcm5hdGVUZXh0ZR4ISW1hZ2VVcmwFNC9+L21lZGlhL1Nob3AgQVNBL1NFRSBnZW5lcmljL1NFRS1HZW5lcmljLTcyeDExMC5qcGdkZAIDDxYCHwFlZAIFDw8WAh8ABRpodHRwczovL3NlZS5hc2FocS5vcmcvd2ViL2RkAgcPFgIfAQVwPGEgaHJlZj0iaHR0cHM6Ly9zZWUuYXNhaHEub3JnL3dlYi8iIHRhcmdldD0iX2JsYW5rIj5TZWxmLUVkdWNhdGlvbiBhbmQgRXZhbHVhdGlvbiAoU0VFKSBQcm9ncmFtLSBOZXcgaXNzdWUhPC9hPmQCCQ8WAh8BBRIzMDcwMS0xM0NFLTFDRS0xQ0VkAgsPFgIfAWVkAg0PDxYCHwAFGmh0dHBzOi8vc2VlLmFzYWhxLm9yZy93ZWIvZGQCDw8WAh8BBSFTaW5nbGUgQ29waWVzLCBNZW1iZXIgUHJpY2U6ICQzNjBkAhEPFgIfAWVkAhUPZBYCZg9kFgJmD2QWAgIDD2QWBAIZDxYCHwEFCEpvaW4gQVNBZAIbD2QWAgIBDw8WAh8BBQY1MCwwMDBkZAIZD2QWCAIHDw8WAh8ABTAvRm9yLXRoZS1QdWJsaWMtYW5kLU1lZGlhL1ByaXZhY3ktU3RhdGVtZW50LmFzcHhkZAIIDw8WAh8ABTMvRm9yLXRoZS1QdWJsaWMtYW5kLU1lZGlhL1Rlcm1zLWFuZC1Db25kaXRpb25zLmFzcHhkZAIJDw8WAh8ABScvRm9yLU1lbWJlcnMvQWJvdXQtQVNBL0NvbnRhY3QtQVNBLmFzcHhkZAIKDw8WAh8CZ2RkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYGBSRhc2FTaXRlSGVhZGVyJGlibkhlYWRlck1lbWJlckxvZ2luR28FKmFzYVNpdGVIZWFkZXIkY2J4SGVhZGVyTWVtYmVyTG9naW5SZW1lbWJlcgUdYXNhU2l0ZUhlYWRlciRpYm5IZWFkZXJTZWFyY2gFKXBobGVmdG5hdl8wJGxud01haW5TaWduSW4kaWJuTXlBU0FTaWduSW4xBRlwaGxhbmRpbmdfMCRjYnhSZW1lbWJlck1lBRRwaGxhbmRpbmdfMCRpYm5Mb2dJbuFEn7mNDRuZC1i+tcxz2YXOzm9w
phlanding_0$ibnLogIn_x - -330
phlanding_0$ibnLogIn_y - -13

现在,这是我尝试发布相同变量的 curl 脚本

//set POST variables
$url = 'https://www.asahq.org/For-Members/Member-Login.aspx?item=%2ffor-members%2fmy-asa%2fmy-info&user=extranet%5cAnonymous&site=website';
$fields = array(

                    'smMain_HiddenField' => '',
                    '__VIEWSTATE' => '/wEPDwUKLTQ3NDU4Mjg3OA9kFgICAxBkZBYKAgMPZBYIAgEPDxYCHgtOYXZpZ2F0ZVVybAUBL2RkAgUPZBYCAgMPZBYCAgEPZBYCZg9kFgICAw8PFgIeBFRleHQFBjUwLDAwMGRkAgcPFgIeB1Zpc2libGVoZAIND2QWAgIDD2QWAgIBD2QWAmYPZBYGAgEPEGRkFgFmZAIDDxBkZBYBZmQCBQ8PFgIfAGVkZAIHD2QWAmYPFgIfAmgWAmYPDxYCHwJoZBYCAgEPFgIfAmhkAhMPZBYCZg9kFgJmD2QWBmYPZBYEAgEPZBYCZg9kFgJmD2QWAgIDDxYCHwJoZAIFD2QWAmYPZBYCZg9kFgYCAQ8QZGQWAWZkAgMPEGRkFgFmZAIFDxBkZBYBZmQCBA9kFgJmD2QWAmYPZBYCAgMPZBYCAgMPDxYCHwAFOS9Gb3ItTWVtYmVycy9FZHVjYXRpb24tYW5kLUV2ZW50cy9DYWxlbmRhci1vZi1FdmVudHMuYXNweGRkAgwPZBYCZg9kFgJmD2QWAgIDD2QWEgIBDw8WAh8ABRpodHRwczovL3NlZS5hc2FocS5vcmcvd2ViL2QWAmYPDxYEHg1BbHRlcm5hdGVUZXh0ZR4ISW1hZ2VVcmwFNC9+L21lZGlhL1Nob3AgQVNBL1NFRSBnZW5lcmljL1NFRS1HZW5lcmljLTcyeDExMC5qcGdkZAIDDxYCHwFlZAIFDw8WAh8ABRpodHRwczovL3NlZS5hc2FocS5vcmcvd2ViL2RkAgcPFgIfAQVwPGEgaHJlZj0iaHR0cHM6Ly9zZWUuYXNhaHEub3JnL3dlYi8iIHRhcmdldD0iX2JsYW5rIj5TZWxmLUVkdWNhdGlvbiBhbmQgRXZhbHVhdGlvbiAoU0VFKSBQcm9ncmFtLSBOZXcgaXNzdWUhPC9hPmQCCQ8WAh8BBRIzMDcwMS0xM0NFLTFDRS0xQ0VkAgsPFgIfAWVkAg0PDxYCHwAFGmh0dHBzOi8vc2VlLmFzYWhxLm9yZy93ZWIvZGQCDw8WAh8BBSFTaW5nbGUgQ29waWVzLCBNZW1iZXIgUHJpY2U6ICQzNjBkAhEPFgIfAWVkAhUPZBYCZg9kFgJmD2QWAgIDD2QWBAIZDxYCHwEFCEpvaW4gQVNBZAIbD2QWAgIBDw8WAh8BBQY1MCwwMDBkZAIZD2QWCAIHDw8WAh8ABTAvRm9yLXRoZS1QdWJsaWMtYW5kLU1lZGlhL1ByaXZhY3ktU3RhdGVtZW50LmFzcHhkZAIIDw8WAh8ABTMvRm9yLXRoZS1QdWJsaWMtYW5kLU1lZGlhL1Rlcm1zLWFuZC1Db25kaXRpb25zLmFzcHhkZAIJDw8WAh8ABScvRm9yLU1lbWJlcnMvQWJvdXQtQVNBL0NvbnRhY3QtQVNBLmFzcHhkZAIKDw8WAh8CZ2RkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYGBSRhc2FTaXRlSGVhZGVyJGlibkhlYWRlck1lbWJlckxvZ2luR28FKmFzYVNpdGVIZWFkZXIkY2J4SGVhZGVyTWVtYmVyTG9naW5SZW1lbWJlcgUdYXNhU2l0ZUhlYWRlciRpYm5IZWFkZXJTZWFyY2gFKXBobGVmdG5hdl8wJGxud01haW5TaWduSW4kaWJuTXlBU0FTaWduSW4xBRlwaGxhbmRpbmdfMCRjYnhSZW1lbWJlck1lBRRwaGxhbmRpbmdfMCRpYm5Mb2dJbuFEn7mNDRuZC1i+tcxz2YXOzm9w',
                    '__EVENTVALIDATION' => '/wEWHwKE7bibAwKI9b/BCwKB+MluAp27v8UNAtuZg7wBAo/N2LkGAqqKl64HAvihv9sFAoPuntYOAq/awvEIArnhvYENAqyrxqgJApqIqpECAsaT1xIC7OPuywEC9Ku87g4Ch4/A8QQCoc384wIC0cai5QoC+L6/3QgC3Y3v5goCqdqB3wQC2qLpzwQCrvPizwECrKH2zAUCl4Ojjg8Cmaju3gMCuPjw6gcCkuS3OwLvi57bCQKd6N2gDW2RyNscxQR0WrZKbeinSBA9seBT',
                    'asaSiteHeader$tbxHeaderUsername' => '',
                    'asaSiteHeader$tbweHeaderUsername_ClientState' => '',
                    'asaSiteHeader$tbxHeaderPassword' => '',
                    'asaSiteHeader$tbweHeaderPassword_ClientState' => '',
                    'asaSiteHeader$tbxHeaderSearch' => '',
                    'asaSiteHeader$tbweHeaderSearch_ClientState' => '',
                    'asaSiteHeader$ibnHeaderSearch_x' => '-1162',
                    'asaSiteHeader$ibnHeaderSearch_y' => '-21',
                          'phleftnav_0$lnwWebinars$cpeNavWidgetWebinars_ClientState' => '',
                    'phleftnav_0$lnwEvents$cpeNavWidgetEvents_ClientState' => '',
                    'phleftnav_0$lnwFDAMedwatchAlerts$cpeNavWidgetMedwatchAlerts_ClientState' => '',
                    'phleftnav_0$lnwShopFeaturedProduct$cpeNavWidgetShopFeaturedProductHeader_ClientState' => '',
                    'phlanding_0$tbxUserName' => 'OBVIOUS',
                    'phlanding_0$tbxPassWord' => 'REMOVAL'

            );

//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string, '&');

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch,CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

//execute post
$result = curl_exec($ch);

//close connection
curl_close($ch);


echo $result;

我的问题似乎是它根本不会登录。它在他们的网站上给了我一个服务器应用程序错误。所以我知道我的脚本尝试 cURL 有问题,因为当我使用表单时 - 它登录得很好。

有几点需要注意。首先它显示为 cookie 被设置,是的,我试图在 curl 中使用 cookiejar - 没有运气。其次,我尝试登录的站点正在发布到 SSL - 因此正在使用 httpS。

我究竟做错了什么??!

4

0 回答 0