Python solves the problem of GPs clocking out

At present, many so-called internet companies have to engage in GPS positioning attendance clock, the current customer units also require all manufacturers to clock the GPS software. In addition to the company's fingerprint clocking out, but also to hit the customer's card. Since it is geo-positioning, the Android platform has been tested before the use of fake GPS software to open the developer mode, allowing the simulation of geographical location can be achieved arbitrarily. However, the current use of the iphone, do not want to escape, want to grab the bag, using Python to send a fake packet to the server to address the way. The principle and the previous written phone app automatic check-in-python to achieve the same.

This differs from what was written earlier, where the Post method is used and the relative get method is more secure, but the difference is not particularly large, as follows (the important information is hidden or modified because it is inconvenient to divulge some information):

#!/usr/bin/env python
#coding =utf-8
Import Sys
Reload (SYS)
Sys.setdefaultencoding (' Utf-8 ')
Import string
Import Pycurl
Import Stringio
Import JSON
Def initcurl ():
c = Pycurl. Curl ()
C.setopt (Pycurl. Cookiefile, "Cookie_file_name") #把cookie保存在该文件中
C.setopt (Pycurl. Cookiejar, "Cookie_file_name")
C.setopt (Pycurl. Followlocation, 1) #允许跟踪来源
C.setopt (Pycurl. Maxredirs, 5)
C.setopt (Pycurl. ConnectTimeout, 20)
Return C
def postdata (curl, URL, data):
head = [' accept:*/* ',
' Content-type:application/json;charset=utf-8 ',
' Render:json ',
' Clienttype:json ',
' Connection:close ',
' Proxy-connection:close ',
' User-agent:xx attendance 4.2.30 rv:102030 (iphone; iphone OS 8.4; zh_cn) ',
' Donttrackmehere:gzip, deflate ',
' Authorization:9fa1e7e454b486b9842b1aaf9b5559e3 ']
BUF = Stringio.stringio ()
Curl.setopt (Pycurl. Writefunction, Buf.write)
Curl.setopt (Pycurl. Postfields, data)
Curl.setopt (Pycurl. URL, url)
Curl.setopt (Pycurl. Httpheader, head)
Curl.perform ()
The_page = Buf.getvalue ()
#print The_page
Buf.close ()
Return The_page
def postgps (curl, URL, data):
head = [' accept:*/* ',
' Content-type:application/x-www-form-urlencoded ',
' Connection:keep-alive ',
' Proxy-connection:keep-alive ',
' User-agent:%e6%97%ba%e8%b4%a2%e8%80%83%e5%8b%a4/102030 cfnetwork/711.4.6 darwin/14.0.0 ',
' Donttrackmehere:gzip, deflate ',
' ACCEPT-LANGUAGE:ZH-CN ',]
BUF = Stringio.stringio ()
Curl.setopt (Pycurl. Writefunction, Buf.write)
Curl.setopt (Pycurl. Postfields, data)
Curl.setopt (Pycurl. URL, url)
Curl.setopt (Pycurl. Httpheader, head)
Curl.perform ()
The_page = Buf.getvalue ()
#print The_page
Buf.close ()
Return The_page
Curl = Initcurl ()

#地理位置数据, in the analysis of the Android version of the direct call to find the gold map, the iphone version of the discovery is through the Third-party mob.com API calls

Gpsdata = ' m=ab0muoxxsxgo20qskp99jkblias%2f8bzxj0yoowccglqrvwq% 2fjmj1qwqkqehrvjmtojqfcztdafigqdila75aubgwy1e9ljfn9knysa5wnykriqbkexduu9mjatybetsdqewpsrlyno%2fsu% 2fsacpjprad6xoqiv%2bohxif8lzcvsbxyxgtgtxjxv5ftsonhlnpcrlgsf3vnmnoaxr4%2bteroc6o5o%2bczxq%2firaoedrnv% 2f1zp0uqz6wyf8xvtksos91zlef7esg8evqww5kircoaywg%3d%3d '
Gpsurl = ' Http://api.share.mob.com:80/data2 '
Gpsresult = Postgps (Curl, Gpsurl, Gpsdata)
Print Gpsresult

#该json数据里会检验token值是否发生变化, when the change is also not normal clocking, will prompt the mobile phone and binding time changes, need administrator review. This is relative to the relatively cool, disguised restrictions on the use of a mobile phone to hit a multiplayer card problem.

Jsondata = ' {' id ': "xxxxx", "list": [{"name": "XXX road (XXX)", "AId": "1293"}], "type": "1", "token": " 880b2373-2272-46a7-3588-2b6e580268d2 "}"
Kqurl = ' Http://api.iquanqin.com/kaoqin1/104001/phone/gps/clock '
result = PostData (curl, Kqurl, Jsondata)
Print result

There are two remaining issues that need to be addressed in the interim:

1, whether there will be a security code expiration problems, such as before the app to do automatic check-in also encountered. Because do not know other people use the algorithm, cannot calculate the security code, this causes possibly the security code in the server side to set 10 days to be valid, after 10 days need to grab the bag to obtain the question;

2, crontab configured the task call, found that the/var/log/cron log can be found in the record of execution, but found that the crontab call can not be clocked success, and directly executed can be successful.