Algorithm of encryption algorithm for Sina Weibo simulation landing

Project acceptance, was asked how the landing of the microblogging crawler is how to achieve, the results of encryption algorithm does not indicate white, embarrassing death ...

Originally is the reference of other people's program, still did not understand, shame lost big. It looks good this time:

1, you need get get two parameters before submitting a POST request.
Address is: Http://login.sina.com.cn/sso/login.php?client=ssologin.js (v1.3.18)
The resulting data have "servertime" and "nonce" values, are random, other values seemingly useless.

2, through Httpfox observation post data, parameters more complex, wherein "SU" is the username after encryption, "SP" is encrypted password. "Servertime" and "nonce" were obtained in the previous step. The other parameters are constant.
Username after BASE64 calculation: username = base64.encodestring (urllib.quote (username)) [:-1];
Password has been encrypted three times, and the value of Servertime and Nonce has been added to interfere with the SHA1.
That is: two times SHA1 encryption, the result is added servertime and nonce value, and then SHA1 to calculate once.

Organize the parameters well, post requests. There was no sign-in success after this.
After post, the content is included in a sentence location.replace ("http://weibo.com/ajaxlogin.php?framelogin=1&callback= parent.sinassocontroller.feedbackurlcallback&retcode=101&reason=%b5%c7%c2%bc%c3%fb%bb%f2%c3%dc%c2%eb% B4%ed%ce%f3 ");

This is the result of a login failure, and the result is similar when the login succeeds, but the value of Retcode is 0. Then request this URL so that you can log in to Weibo successfully.
Remember to build the cache in advance.

Above from: http://www.douban.com/note/201767245/

SHA1 Introduction:

The full name of the SHA1 is secure Hash algorithm (secure hashing algorithm), which is designed by the NIST NSA to be used with the DSA, which produces a hash value of 160bit in length with a length of less than 264, thus better anti-exhaustive (brute-force). The SHA-1 design is based on the same principles as MD4 and mimics the algorithm. SHA-1 is a national standard issued by the U.S. Standards and Technology Agency (NIST), is one of the most widely used hash function algorithms, and is currently the most advanced encryption technology, used by government departments and private owners to deal with sensitive information. and SHA-1 based on MD5,MD5 and based on MD4.
SHA-1 more than the MD5 32 bits more ciphertext, so more secure. For the same reason, MD5 is faster than SHA-1.

Above from: http://www.cnblogs.com/yank/archive/2008/09/04/1283936.html