PHP uses curl to imitate the user landing Sina Weibo microblogging method, Curl user Login _php Tutorial

PHP uses curl to imitate the user to log on Sina Weibo microblogging method, curl user Login

The example in this paper describes how PHP uses curl to mimic the way users log on to Sina Weibo Weibo. Share to everyone for your reference. The implementation method is as follows:

Now use PHP to imitate the user login we will use the PHP curl function, because only it can be implemented like users to visit other people's website, the following will give you a look at the Curl landing Sina Weibo microblogging application examples.

The day before yesterday received a need to simulate landing micro-blog and then to send micro-bo, before a lot of simulation login Ali Mom, and some other internal system, so far no sign-in, haha, so there is no time to do, but when the analysis of Sina's landing process when it felt the pressure
Encounter SHA1 (SHA1 (SHA1 (PWD)). Once.servertime), will not be able to use, mainly to make this encryption algorithm is uncertain, so the password is not allowed to talk about the login, and then on the Internet for a variety of code, one hours without a win.
is not I use the account password of Weibo can also log on to Sina Mail or other Sina products go, feel hope is big, sure enough Weibo account can directly login all Sina products, again visit Weibo I already in the state of login, prove this god horse use?

In fact, it is very useful, a big company in a project to invest in technology and the project profit and prospects have a great relationship, Weibo he can spend a great effort to do, but the other is not necessarily, in case the password to find that place is not encrypted it is not very good to say. (PS: The network security is interested in, this way for the hacker is called the side note, the side note is, when the hacker attacks a website, this site security done very good, no known loopholes, the breach is more difficult, so hackers will find the site under the server other sites, and then find a more easily breached, Through this site hanging horse, Shell, right, and then the target site also fell, thought in the same server, so .... The goal is to get to the target station, either way just take down the line, very lewd idea there is no

Https://login.sina.com.cn/sso/login.php?client=ssologin.js (v1.4.15) &_=1403138799543 simple grab bag found password is not encrypted, Aren't we able to impersonate the login? Well, actually, it's a little early to be happy.
First sign in Sina's Bar, the code minutes will be done. Returned is a JSON array

Copy CodeThe code is as follows: $password = $p;
$username = Base64_encode ($u);
$LOGINURL = ' Https://login.sina.com.cn/sso/login.php?client=ssologin.js (v1.4.15) &_=1403138799543 ';
$loginData [' entry '] = ' SSO ';
$loginData [' gateway '] = ' 1 ';
$loginData [' from '] = ' null ';
$loginData [' savestate '] = ' 30 ';
$loginData [' useticket '] = ' 0 ';
$loginData [' pagerefer '] = ';
$loginData [' vsnf '] = ' 1 ';
$loginData [' su '] = Base64_encode ($u);
$loginData [' service '] = ' SSO ';
$loginData [' sp '] = $password;
$loginData [' sr '] = ' 1920*1080 ';
$loginData [' encoding '] = ' UTF-8 ';
$loginData [' cdult '] = ' 3 ';
$loginData [' domain '] = ' sina.com.cn ';
$loginData [' prelt '] = ' 0 ';
$loginData [' returntype '] = ' TEXT ';
Var_dump ($loginData); exit;
$login = Json_decode (Loginpost ($LOGINURL, $loginData), true);
Var_dump ($login); exit;function loginpost ($url, $data) {
Global $cookie _file;
echo $cookie _file; exit;
$tmp = ";
if (Is_array ($data)) {
foreach ($data as $key = = $value) {
$tmp. = $key. " = ". $value." & ";
}
$post = Trim ($tmp, "&");
}else{
$post = $data;
}
$ch = Curl_init ();
curl_setopt ($ch, Curlopt_url, $url);
curl_setopt ($ch, curlopt_returntransfer,1);
curl_setopt ($ch, Curlopt_ssl_verifypeer, false);
curl_setopt ($ch, Curlopt_ssl_verifyhost, false);
curl_setopt ($ch, curlopt_post,1);
curl_setopt ($ch, Curlopt_postfields, $post);
curl_setopt ($ch, Curlopt_cookiejar, $cookie _file);
curl_setopt ($ch, Curlopt_cookiejar, $cookie _file);
$return = curl_exec ($ch);
$info = Curl_getinfo ($ch);
Curl_close ($ch);
return $return;
}
Returns a JSON data to an array

Copy the Code code as follows: Array (size=4)
' Retcode ' = String ' 0 ' (length=1)
' uid ' = = String ' 1920109964 ' (length=10)
' Nick ' and string ' grandpa tells Stories ' (length=18)
' Crossdomainurllist ' =
Array (size=2)
0 = String ' https://passport.weibo.com/wbsso/login?ticket=ST-MTkyMDEwOTk2NA%3D% 3d-1403228192-gz-ab37dc0c18ba3bfcd90aefac6115149d&ssosavestate=1434764192 ' (length=140)
1 = String ' https://crosdom.weicaifu.com/sso/crosdom?action=login&savestate=1434764192 ' (length=74)
This time indicates that we login successfully, but in fact, our Weibo address is not weibo,com, but http://weibo.com/bipeng0405/home?wvr=5 such address, how we get this address, very simple, Grab Weibo directly. COM then he will automatically jump back to you, you just need to record the address of the jump to

Copy the Code code as follows: $ch = Curl_init ();
curl_setopt ($ch, Curlopt_url, "http://weibo.com");
curl_setopt ($ch, curlopt_returntransfer,1);
curl_setopt ($ch, Curlopt_cookiefile, $cookie _file);
curl_setopt ($ch, Curlopt_cookiejar, $cookie _file);
$return = curl_exec ($ch);
$info = Curl_getinfo ($ch);
Curl_close ($ch);
Here is another problem, this time you may find that you did not jump to the homepage of their microblog, what is the reason for this, you can see the landing time there are two connection address, which has a Weibo domain under an address, guess should be a cookie set so first get one side of him.

Copy the Code code as follows: Get ($login [' crossdomainurllist '][0]);
This code needs to be weibo.com before it is acquired, otherwise there will be a problem.

I hope this article is helpful to everyone's PHP programming.

How PHP simulates landing on Sina Weibo via Curl

Oh, I'm looking for the data on the Curl simulation landing public platform

PHP CURL Post Simulation User login hopefully can give specific code and explain the code briefly

You can see if there are other HTTP headers without impersonation, such as whether Referer and user-agent can emulate the value of the browser, a complete request is similar to this:
get/home/pack/ data/content?id=31,2399,13,30&asyn=1&t=0.03439752989200834&_req_seqid=0xa982225f0637c78a HTTP/1.1
Accept: */*
ACCEPT-LANGUAGE:ZH-CN
referer:www.baidu.com/
X-requested-with:xmlhttprequest
Accept-encoding:gzip, deflate
user-agent:mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; trident/4.0; BTRS123401; infopath.2;. NET CLR 2.0.50727;. NET CLR 3.0.4506.2152;. NET CLR 3.5.30729;. net4.0c; MS-RTC LM 8)
Host:www.baidu.com
connection:keep-alive
cookie:xcxxxxx
 

http://www.bkjia.com/PHPjc/907837.html www.bkjia.com true http://www.bkjia.com/PHPjc/907837.html techarticle PHP uses Curl to imitate the user to log on Sina Weibo micro Bo method, curl User Login This example tells the PHP use Curl imitate the user to log on Sina Weibo microblogging method. To share with you ...

