1

我正在尝试在使用以下 POST 表单的网页中登录:`

<div class="form"> </div>

    <fieldset class="inlined">
        <input type="hidden" name="label" value="">
        <input type="hidden" name="textName" value="j_username">
        <div class="field required ">
            <label for="_content_b2b_eu_login_jcr_content_par_start_j_username">Username</label>
            <input type="text" class=" large" id="_content_b2b_eu_login_jcr_content_par_start_j_username" name="j_username" value="" placeholder="" onkeydown="">

        </div>

        <input type="hidden" name="password" value="j_password">
        <div class="field required ">

            <label for="_content_b2b_eu_login_jcr_content_par_start_j_password">Password</label>
            <input class="large" id="_content_b2b_eu_login_jcr_content_par_start_j_password" type="password" autocomplete="off" name="j_password" value="" size="35">

        </div>

        <button type="button" class="pill cv-toggle">CV</button>
        <div class="button-bar">
            <button type="submit" class="button th-navigation ">LOG IN</button>
        </div>
        <div class="dynaLink parbase noLogin">

            <div class="field nolabel">
                <a href="/it/request-credentials">Hai dimenticato la password ?</a>
            </div>
        </div>
    </fieldset>
    <div class="end">

        <div class="form_row">
            <div class="form_leftcol"></div>
            <div class="form_rightcol"></div>
        </div>

    <div class="form_row_description"></div>
</div>

`

分析 POST 请求,我看到这个表单使用 BoundaryWebKit 发送请求,请求标头和请求有效负载分别如下:

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:it-IT,it;q=0.8,en;q=0.6,en-US;q=0.4,de;q=0.2,fr;q=0.2
Cache-Control:no-cache
Connection:keep-alive
Content-Length:1060
Content-Type:multipart/form-data; boundary=----WebKitFormBoundary2NKkaDoQHBWMqv8o

`-----WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name=":formid"

_content_b2b_eu_login_jcr_content_par_start
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name=":formstart"

/content/b2b/it/login/jcr:content/start
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name="_charset_"

UTF-8
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name=":redirect"

/content/b2b/it/login/dashboard.html
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name="label"


------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name="textName"

j_username
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name="j_username"

MYUSERNAME
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name="password"

j_password
------WebKitFormBoundary2NKkaDoQHBWMqv8o
Content-Disposition: form-data; name="j_password"

MYPASSWORD
------WebKitFormBoundary2NKkaDoQHBWMqv8o--
`

这样做,这是我写的代码是:

    $fields_array = array(

    'formid' => urlencode('_content_b2b_eu_login_jcr_content_par_start'),
    'formstart' => urlencode('/content/b2b/it/login/jcr:content/start'),
    '_charset_' => urlencode('UTF-8'),
    'redirect' => urlencode('/content/b2b/it/login/dashboard.html'),
    'label' => urlencode(''),
    'textName' => urlencode('j_username'),
    'j_username' => urlencode('MYUSERNAME'),
    'password' => urlencode('j_password'),
    'j_password' => urlencode('MYPASSWORD')

);

$fields_string = '';
foreach($fields_array as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string, '&');

$url = 'https://my.shimano-eu.com/it/login.html';
$boundary = '7aBMjcE3CIYntqQ3';

$header = array('Content-Type: multipart/form-data;----WebKitFormBoundary'.$boundary);

curl_setopt($ch,CURLOPT_HTTPHEADER,$header);
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile); //Uses cookies from the temp file 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string); 
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
$output = curl_exec($ch);

之后,我看到它自动发出 POST 请求“ https://my.shimano-eu.com/it/j_security_check ”发布以下字段字符串:

j_username:MYUSERNAME
j_password:MYPASSWORD
j_validate:true
_charset_:UTF-8

我已经用这段代码回复了它:

$url = 'https://my.shimano-eu.com/it/j_security_check';
$fields_string = 'j_username=MYUSERNAME&j_password=MYPASSWORD&j_validate=true&_charset_=UTF-8';

curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile); //Uses cookies from the temp file 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string); 
$output = curl_exec($ch);

显然,首先代码向登录页面发出 GET 请求,以将 cookie 存储在 $ckfile 中。

毕竟,两个请求中的响应始终是“FORBIDDEN”。

我从三天就来了,我哪里错了???

这是我尝试登录的页面:https ://my.shimano-eu.com/it/login.html 。

4

0 回答 0