PHP uses curl to simulate the method by which users log on to Sina Weibo. curl user login _ PHP Tutorial

PHP uses curl to simulate the method by which users log on to Sina Weibo, and curl users log on. PHP uses curl to simulate the method by which users log on to Sina Weibo. the curl user logs on to the instance in this article describes how PHP uses curl to simulate the method by which users log on to Sina Weibo. I will share it with you for PHP to use curl to simulate the method for users to log on to Sina Weibo. curl users log on

This example describes how PHP uses curl to simulate a user's login to Sina Weibo. Share it with you for your reference. The specific implementation method is as follows:

Now we use php to simulate user login. we all use the PHP curl function, because it can only access other websites like a user, the following is an example of logging on to Sina Weibo using curl.

The day before yesterday, I received a requirement that I had to simulate login to Weibo and then send Weibo posts. I used to simulate login to Alimama many times. some other internal systems have not been logged on yet. haha, so there is no such thing, but I feel the pressure only when I analyze the login process of Sina.
Sha1 (sha1 (sha1 (pwd) is encountered )). once. servertime), certainly cannot be used, mainly because the encryption algorithm is not fixed, so the password is not fixed, don't talk about login, and then find various code on the Internet, there is no access in an hour.
Is it true that I can log on to my Sina mail or other Sina products using my Weibo account and password? I feel very hopeful that my Weibo account can directly log on to all Sina products, I have logged on to Weibo again. does this prove to be useful?

In fact, it is very useful. the technology invested by a large company in a project has a lot to do with the profitability and prospects of the project. he can spend a lot of time on Weibo, however, it is not necessarily the case that the password found in that place is not encrypted. (PS: I am more interested in network security. this method is called a side note for hackers. the side note is that when hackers attack a website, the website security is very good, there are no known vulnerabilities, which are difficult to crack. Therefore, hackers will find other websites under the website's server, and find a website that is easy to crack. they will use this website to Mount Trojans, shells, and escalate permissions, then the target website will fall to the same server, so .... The goal is to get the target station. no matter which method, you just need to win it. is there a very lustful idea)

Https://login.sina.com.cn/sso/login.php? Client = ssologin. js (v1.4.15) & _ = 1403138799543 simple packet capture found that the password is not encrypted. can we simulate logon? Well, it's a little happy here.
Log on to Sina first, and the code will be completed in minutes. Returns a json Array.

The code is as follows:

$ Password = $ p;
$ Username = base64_encode ($ u );
$ LoginUrl = 'https: // login.sina.com.cn/sso/login.php? Client = ssologin. js (v1.4.15) & _ = 1403138799543 ';
$ LoginData ['entry '] = 'sso ';
$ LoginData ['gateway'] = '1 ';
$ LoginData ['from'] = 'null ';
$ LoginData ['savestate'] = '30 ';
$ LoginData ['useticket '] = '0 ';
$ LoginData ['pagerefer'] = '';
$ LoginData ['vsnf '] = '1 ';
$ LoginData ['Su '] = base64_encode ($ u );
$ LoginData ['service'] = 'sso ';
$ LoginData ['sp '] = $ password;
$ LoginData ['sr'] = '1970*1920 ';
$ LoginData ['encoding'] = 'utf-8 ';
$ LoginData ['cdresult'] = '3 ';
$ LoginData ['domain '] = 'sina .com.cn ';
$ LoginData ['prelt '] = '0 ';
$ LoginData ['returntype'] = 'text ';
// Var_dump ($ loginData); exit;
$ Login = json_decode (loginPost ($ loginUrl, $ loginData), true );
Var_dump ($ login); exit; function loginPost ($ url, $ data ){
Global $ cookie_file;
// Echo $ cookie_file; exit;
$ Tmp = '';
If (is_array ($ data )){
Foreach ($ data as $ key => $ value ){
$ Tmp. = $ key. "=". $ value ."&";
}
$ Post = trim ($ tmp ,"&");
} Else {
$ Post = $ data;
}
$ Ch = curl_init ();
Curl_setopt ($ ch, CURLOPT_URL, $ url );
Curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, 1 );
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYPEER, false );
Curl_setopt ($ ch, CURLOPT_SSL_VERIFYHOST, false );
Curl_setopt ($ ch, CURLOPT_POST, 1 );
Curl_setopt ($ ch, CURLOPT_POSTFIELDS, $ post );
Curl_setopt ($ ch, CURLOPT_COOKIEJAR, $ cookie_file );
Curl_setopt ($ ch, CURLOPT_COOKIEJAR, $ cookie_file );
$ Return = curl_exec ($ ch );
$ Info = curl_getinfo ($ ch );
Curl_close ($ ch );
Return $ return;
}

The returned json data is converted into an array.

The code is as follows:

Array (size = 4)
'Retcode' => string '0' (length = 1)
'Uid' => string '123' (length = 10)
'Nick '=> string 'Grandpa bi storyteller' (length = 18)
'Crossdomainurlllist' =>
Array (size = 2)
0 => string 'https: // passport.weibo.com/wbsso/login? Ticket = ST-MTkyMDEwOTk2NA % 3D % 3D-1403228192-gz-AB37DC0C18BA3BFCD90AEFAC6115149D & ssosavestate = 1434764192 '(length = 140)
1 => string 'https: // crosdom.weicaifu.com/sso/crosdom? Action = login & savestate = 1434764192 '(length = 74)

At this time it means that we log on successfully, but in fact our microblog home page address is not weibo, com, but http://weibo.com/bipeng0405/home? How can we get the address like wvr = 5? it's very easy to directly capture weibo. Com and then he will automatically jump back to you, you just need to record the jump address

The code is as follows:

$ Ch = curl_init ();
Curl_setopt ($ ch, CURLOPT_URL, "http://weibo.com ");
Curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, 1 );
Curl_setopt ($ ch, CURLOPT_COOKIEFILE, $ cookie_file );
Curl_setopt ($ ch, CURLOPT_COOKIEJAR, $ cookie_file );
$ Return = curl_exec ($ ch );
$ Info = curl_getinfo ($ ch );
Curl_close ($ ch );

There is another problem here. at this time, you may find that you have not jumped to the homepage of your weibo account. what is the reason? you can check that there are two connection addresses at login, one of which is an address in the weibo domain, I guess the cookie is set, so first obtain one side.

The code is as follows:

Get ($ login ['crossdomainurllist '] [0]);

This code should be obtained before weibo.com. Otherwise, the problem may occur.

I hope this article will help you with PHP programming.

How does php simulate login to Sina Weibo through curl?

Haha, I am looking for information on curl simulated login to the public platform
 

Php curl post simulates the user login and hopes to provide specific code and briefly explain the code

You can check whether other http headers are not simulated, such as whether Referer and User-Agent can simulate the browser value. a complete request is similar to this:
GET/home/pack/data/content? Id = 0.03439752989200834, 1.1, & asyn = 1 & t = & _ req_seqid = 0xa982225f0637c78a HTTP/
Accept :*/*
Accept-Language: zh-cn
Referer: www.baidu.com/
X-requested-with: XMLHttpRequest
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS123401; InfoPath.2 ;. net clr 2.0.50727 ;. net clr 3.0.20.6.2152 ;. net clr 3.5.30729 ;. NET4.0C; MS-RTC LM 8)
Host: www.baidu.com
Connection: Keep-Alive
Cookie: XCXXXXX
 

Examples in this article describe how PHP uses curl to simulate a user's login to Sina Weibo. Share it with you...