我正在尝试在使用以下 POST 表单的网页中登录:`
<div class="form"> </div>
<fieldset class="inlined">
<input type="hidden" name="label" value="">
<input type="hidden" name="textName" value="j_username">
<div class="field required ">
<label for="_content_b2b_eu_login_jcr_content_par_start_j_username">Username</label>
<input type="text" class=" large" id="_content_b2b_eu_login_jcr_content_par_start_j_username" name="j_username" value="" placeholder="" onkeydown="">
</div>
<input type="hidden" name="password" value="j_password">
<div class="field required ">
<label for="_content_b2b_eu_login_jcr_content_par_start_j_password">Password</label>
<input class="large" id="_content_b2b_eu_login_jcr_content_par_start_j_password" type="password" autocomplete="off" name="j_password" value="" size="35">
</div>
<button type="button" class="pill cv-toggle">CV</button>
<div class="button-bar">
<button type="submit" class="button th-navigation ">LOG IN</button>
</div>
<div class="dynaLink parbase noLogin">
<div class="field nolabel">
<a href="/it/request-credentials">Hai dimenticato la password ?</a>
</div>
</div>
</fieldset>
<div class="end">
<div class="form_row">
<div class="form_leftcol"></div>
<div class="form_rightcol"></div>
</div>
<div class="form_row_description"></div>
</div>
`
分析 POST 请求,我看到这个表单使用 BoundaryWebKit 发送请求,请求标头和请求有效负载分别如下:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:it-IT,it;q=0.8,en;q=0.6,en-US;q=0.4,de;q=0.2,fr;q=0.2
Cache-Control:no-cache
Connection:keep-alive
Content-Length:1060
Content-Type:multipart/form-data; boundary=----WebKitFormBoundary2NKkaDoQHBWMqv8o
`-----WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name=":formid"
_content_b2b_eu_login_jcr_content_par_start
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name=":formstart"
/content/b2b/it/login/jcr:content/start
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name="_charset_"
UTF-8
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name=":redirect"
/content/b2b/it/login/dashboard.html
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name="label"
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name="textName"
j_username
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name="j_username"
MYUSERNAME
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name="password"
j_password
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name="j_password"
MYPASSWORD
------WebKitFormBoundary2NKkaDoQHBWMqv8o--
`
这样做,这是我写的代码是:
$fields_array = array(
'formid' => urlencode('_content_b2b_eu_login_jcr_content_par_start'),
'formstart' => urlencode('/content/b2b/it/login/jcr:content/start'),
'_charset_' => urlencode('UTF-8'),
'redirect' => urlencode('/content/b2b/it/login/dashboard.html'),
'label' => urlencode(''),
'textName' => urlencode('j_username'),
'j_username' => urlencode('MYUSERNAME'),
'password' => urlencode('j_password'),
'j_password' => urlencode('MYPASSWORD')
);
$fields_string = '';
foreach($fields_array as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string, '&');
$url = 'https://my.shimano-eu.com/it/login.html';
$boundary = '7aBMjcE3CIYntqQ3';
$header = array('Content-Type: multipart/form-data;----WebKitFormBoundary'.$boundary);
curl_setopt($ch,CURLOPT_HTTPHEADER,$header);
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile); //Uses cookies from the temp file
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
$output = curl_exec($ch);
之后,我看到它自动发出 POST 请求“ https://my.shimano-eu.com/it/j_security_check ”发布以下字段字符串:
j_username:MYUSERNAME
j_password:MYPASSWORD
j_validate:true
_charset_:UTF-8
我已经用这段代码回复了它:
$url = 'https://my.shimano-eu.com/it/j_security_check';
$fields_string = 'j_username=MYUSERNAME&j_password=MYPASSWORD&j_validate=true&_charset_=UTF-8';
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile); //Uses cookies from the temp file
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
$output = curl_exec($ch);
显然,首先代码向登录页面发出 GET 请求,以将 cookie 存储在 $ckfile 中。
毕竟,两个请求中的响应始终是“FORBIDDEN”。
我从三天就来了,我哪里错了???
这是我尝试登录的页面:https ://my.shimano-eu.com/it/login.html 。