PHP Simulate login site and get user information sample

Objective

This time to do is through the way of code, analog login seconds to shoot the official website, get the information of the logged-in user.

Separation of front and back

This article's title is curl, the traditional website is the PHP code directly renders the project view, through the form submits to the controller directly carries on the data operation.

Traditional analog login to find form elements on the page, directly to simulate form submission.

In the last two years, the front-end technology has been perfected, which realizes the separation of the front and back ends.

Analyze page elements

Second beat official website address http://www.miaopai.com/

By reviewing elements and source code lookup, there is no form tag on this page, which infers that the page is submitted through JS.

Find Submit Address

Because the submission of JS code may be written in the external JS file, direct lookup is inconvenient, so through the Chrome debug mode to find the HTTP request sent.

Note that the preserve log of the following figure is checked to avoid loss of request records for page jumps.

Fill in the phone number password and look for the login interface request in the Chrome network.

Obviously, get the login request interface Http://www.miaopai.com/cu/login

Postman Analog Login
Interface specific information is as follows

First use postman to simulate the logon test.

Analog logins are no pressure.

The PWD field is tested for simple MD5 encryption, no problem.

PHP Analog Login
Note that the Postman method can directly output code from various languages.

The compiled PHP code is as follows

Mobile phone number
$phone = 13000000000;
Password
$PWD = MD5 ("password");

$curl = Curl_init ();

Curl_setopt_array ($curl, Array (
Curlopt_url => "http://www.miaopai.com/cu/login?phone={$phone}&pwd={$pwd}&checked=false&ph=0",
Curlopt_returntransfer => True,
Curlopt_encoding => "",
Curlopt_maxredirs => 10,
Curlopt_timeout => 30,
Curlopt_http_version => Curl_http_version_1_1,
Curlopt_customrequest => "Get",
Curlopt_header=>true,
Curlopt_httpheader => Array (
"Cache-control:no-cache",
"postman-token:c13c9f1a-fce6-7ec8-4c91-3f13bd233284"
),
));

$response = curl_exec ($curl);
$err = Curl_error ($curl);

if ($err) {
echo "CURL Error #:". $err;
Die ();
}

Print Header
if (Curl_getinfo ($curl, curlinfo_http_code) = = ' 200 ') {
$headerSize = Curl_getinfo ($curl, curlinfo_header_size);
$header = substr ($response, 0, $headerSize);
$body = substr ($response, $headerSize);

}

Curl_close ($curl);

$body _arr = (Json_decode ($body, true));

Var_dump ($body _arr);

Get more data from users
We found that the return value of the login interface, there is also a URL field, stitching the United States after the site is the current logged-in user's personal page, through the regular matching method, the current login to the other information.

The complete code is as follows

Mobile phone number
$phone = 13000000000;
Password
$PWD = MD5 ("password");

$curl = Curl_init ();

Curl_setopt_array ($curl, Array (
Curlopt_url => "http://www.miaopai.com/cu/login?phone={$phone}&pwd={$pwd}&checked=false&ph=0",
Curlopt_returntransfer => True,
Curlopt_encoding => "",
Curlopt_maxredirs => 10,
Curlopt_timeout => 30,
Curlopt_http_version => Curl_http_version_1_1,
Curlopt_customrequest => "Get",
Curlopt_header=>true,
Curlopt_httpheader => Array (
"Cache-control:no-cache",
"postman-token:c13c9f1a-fce6-7ec8-4c91-3f13bd233284"
),
));

$response = curl_exec ($curl);
$err = Curl_error ($curl);

if ($err) {
echo "CURL Error #:". $err;
Die ();
}

Print Header
if (Curl_getinfo ($curl, curlinfo_http_code) = = ' 200 ') {
$headerSize = Curl_getinfo ($curl, curlinfo_header_size);
$header = substr ($response, 0, $headerSize);
$body = substr ($response, $headerSize);

}

Curl_close ($curl);

$body _arr = (Json_decode ($body, true));

Var_dump ($body _arr);

User's personal page
$url = "http://www.miaopai.com". $body _arr[' url ';

echo $url;

Get the corresponding data

$http _body = Curl (2, $url);

$http _body = preg_replace ("/[\t\n\r]+/", "", $http _body);
$STR = $http _body[0];
Var_dump ($STR);
Analytical

/*

<a title= "Attention" href= "http://www.miaopai.com/u/mob_76195866/relation/follow.htm" >5 concern </a>

*/
$reg _follow= '/<a title= ' attention ' .*?> (. *?) <\/a>/i ';

if (Preg_match_all ($reg _follow, $str, $matches)) {
$body _arr[' follow_num ']= trim (str_replace ("Attention", "", $matches [1][0]));
}

Fans
$reg _fans= '/<a title= "fan" .*?> (. *?) <\/a>/i ';

if (Preg_match_all ($reg _fans, $str, $matches)) {
$body _arr[' fans_num '] = Trim (Str_replace ("Fan", "", $matches [1][0]);
}

Video
$reg _video= '/<a title= "video" .*?> (. *?) <\/a>/i ';

if (Preg_match_all ($reg _video, $str, $matches)) {
$body _arr[' video_num '] = strip_tags (Trim (Str_replace ("video", "", $matches [1][0]));
}

Forward
$reg _feded= '/<a title= ' forwarding ' .*?> (. *?) <\/a>/i ';

if (Preg_match_all ($reg _feded, $str, $matches)) {
$body _arr[' Fwded_num '] =strip_tags (Trim (Str_replace ("Forwarding", "", $matches [1][0]));
}
Praise
$reg _like= '/<a title= "Praise" .*?> (. *?) <\/a>/i ';

if (Preg_match_all ($reg _like, $str, $matches)) {
$body _arr[' like_num '] = strip_tags (Trim (Str_replace ("Praise", "", $matches [1][0]));
}

Var_dump ($body _arr);

/**
 * Curl processing function
 * @param $url
 * @param string $method
 * @param array $fields
 * @param array $headers
 * @param bool $auth
 * @return array
 */
Function curl ($me = 1, $url, $method = ' get ', $fields = [], $headers =[], $auth = False) {
    $url =trim ($url);
     if ($method = = "Get") {
        $fields _string = Http_build_query ($ fields);
        $url = $url. "?". $fields _string;
   }
    $curl = Curl_init ($url);
    curl_setopt ($curl, Curlopt_customrequest, $method);

Cell phone
if ($me = = 1) {
$ua = "mozilla/5.0" (IPhone; U CPU iPhone os 4_3_2 like Mac os X; En-US) applewebkit/533.17.9 (khtml, like Gecko) version/5.0.2 mobile/8h7 safari/6533.18.5 ";
}

Pc
if ($me = = 2) {
$ua =-"mozilla/4.0" (compatible; MSIE 6.0; Windows NT 5.1. NET CLR 1.1.4322) ";
}

curl_setopt ($curl, curlopt_useragent, $ua);
curl_setopt ($curl, Curlopt_returntransfer, 1);
curl_setopt ($curl, Curlopt_verbose, 1);
curl_setopt ($curl, Curlopt_header, 1);
curl_setopt ($curl, Curlopt_encoding, "");
$header [0] = "accept:text/html,application/xhtml+xml,application/xml;";
$header [0]. = "q=0.9,image/webp,*/*;q=0.8";
$header [] = "cache-control:max-age=0";
$header [] = "connection:keep-alive";
$header [] = "keep-alive:10";
$header [] = "accept-encoding:gzip, deflate, sdch";
$header [] = "accept-language:zh-cn,zh;q=0.8,en;q=0.6";
$header [] = "Pragma:"; Browsers keep this blank.
curl_setopt ($curl, Curlopt_httpheader, Array_merge ($header, $headers));
if ($auth) {
curl_setopt ($curl, Curlopt_userpwd, "$auth");
curl_setopt ($curl, Curlopt_httpauth, Curlauth_basic);
}
if ($fields) {
POST
if ($method = = "POST") {
$fields _string = Http_build_query ($fields);
if (count ($fields)!= 0) {
curl_setopt ($curl, Curlopt_post, true);
curl_setopt ($curl, Curlopt_binarytransfer, true);
curl_setopt ($curl, Curlopt_postfields, $fields _string);
}

}else{
curl_setopt ($curl, Curlopt_returntransfer, true);
}
}
$response = curl_exec ($curl);
$header _size = Curl_getinfo ($curl, curlinfo_header_size);
$header _string = substr ($response, 0, $header _size);
$body = substr ($response, $header _size);
$header _rows = Explode (Php_eol, $header _string);
foreach ($header _rows as $key => $value) {
$header _rows[$key]=trim ($header _rows[$key]);
}
$i = 0;
foreach ((array) $header _rows as $hr) {
$colonpos = Strpos ($hr, ': ');
$key = $colonpos!== false? substr ($hr, 0, $colonpos): (int) $i + +;
$headers [$key] = $colonpos!== false? Trim (substr ($hr, $colonpos + 1)): $HR;
}
$j = 0;
foreach ((array) $headers as $key => $val) {
$vals = explode ('; ', $val);
if (count ($vals) >= 2) {
Unset ($headers [$key]);
foreach ($vals as $vk => $vv) {
$equalpos = Strpos ($vv, ' = ');
$vkey = $equalpos!== false? Trim (substr ($vv, 0, $equalpos)): (int) $j + +;
$headers [$key] [$vkey] = $equalpos!== false? Trim (substr ($VV, $equalpos + 1)): $VV;
}
}
}
Curl_close ($curl);
Return Array ($body, $headers);
}

The results obtained are as follows

Postscript
The front and back end separation is a trend, and the web end becomes stateless and authenticated through token.

The results are not important, the methods and ideas