PHP uses curl to imitate the method of users logging in to Sina Weibo to post Weibo, curl user login_PHP tutorial

PHP uses curl to imitate the method of users logging in to Sina Weibo to post Weibo, curl users log in

The example in this article describes how PHP uses curl to imitate users logging into Sina Weibo to post Weibo. Share it with everyone for your reference. The specific implementation method is as follows:

Now when using PHP to imitate user login, we will all use the PHP curl function, because only it can access other people’s websites like users. Let’s introduce curl to log in to Sina Weibo and post Weibo applications. example.

I received a request the day before yesterday that I needed to simulate logging in to Weibo and then post on Weibo. I have done many simulated logins to Alibaba, WeChat, and other internal systems. So far, I have never been unable to log in, haha, so that’s it. I didn’t take it seriously, but I felt the pressure when I analyzed Sina’s login process
When I encountered sha1(sha1(sha1(pwd)).once.servertime), I definitely couldn’t use it. It mainly made it difficult to figure out the encryption algorithm, so I couldn’t figure out the password, let alone login. Then I searched for various codes on the Internet for an hour. Nothing was gained.
Can I use my Weibo account and password to log in to Sina mailbox or other Sina products? I feel very hopeful. Sure enough, my Weibo account can directly log in to all Sina products. When I visit Weibo again, I am already logged in. Prove that this is useful?

In fact, it is very useful. The technology a large company invests in a project has a lot to do with the profitability and prospects of the project. Weibo can put a lot of effort into it, but not necessarily other things. If you find that Isn't it easy to say that the local password is not encrypted? (PS: I am more interested in network security. This method is called a side note for hackers. A side note is that when a hacker attacks a website, the security of the website is very good, there are no known vulnerabilities, and it is difficult to break. Large, so hackers will look for other websites under the server of this website, and then find one that is easier to break through. They can use this website to mount a horse, shell, and escalate privileges. Then the target website will be compromised, thinking that it is on the same server, so... The goal is to get the target station. No matter which method you use, just get it. Do you have any naughty thoughts?)

https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.15)&_=1403138799543 A simple packet capture shows that the password is not encrypted. We cannot simulate login. ? Well, actually it’s a bit early to be happy here
Log in to Sina first, and the code will be ready in minutes. What is returned is a json array

Copy code The code is as follows:

$password = $p;
$username = base64_encode($u);
$loginUrl = 'https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.15)&_=1403138799543';
$loginData['entry'] = 'sso';
$loginData['gateway'] = '1';
$loginData['from'] = 'null';
$loginData['savestate'] = '30';
$loginData['useticket'] = '0';
$loginData['pagerefer'] = '';
$loginData['vsnf'] = '1';
$loginData['su'] = base64_encode($u);
$loginData['service'] = 'sso';
$loginData['sp'] = $password;
$loginData['sr'] = '1920*1080';
$loginData['encoding'] = 'UTF-8';
$loginData['cdult'] = '3';
$loginData['domain'] = 'sina.com.cn';
$loginData['prelt'] = '0';
$loginData['returntype'] = 'TEXT';
//var_dump($loginData);exit;
$login = json_decode(loginPost($loginUrl,$loginData),true);
var_dump($login);exit;function loginPost($url,$data){
global $cookie_file ;
//echo $cookie_file ;exit;
$tmp = '';
if(is_array($data)){
foreach($data as $key =>$value){
$tmp .= $key."=".$value."&";
}
$post = trim($tmp,"&");
}else{
$post = $data;
}
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file);
curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file);
$return = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
return $return;
}

What is returned is a json data that can be converted into an array

Copy code The code is as follows:

array (size=4)
'retcode' => string '0' (length=1)
'uid' => string '1920109964' (length=10)
'nick' => string 'Grandpa Bi tells stories' (length=18)
'crossDomainUrlList' => Array (size=2)
​​ 0 => string 'https://passport.weibo.com/wbsso/login?ticket=ST-MTkyMDEwOTk2NA%3D%3D-1403228192-gz-AB37DC0C18BA3BFCD90AEFAC6115149D&ssosavestate=1434764192' (length=140)
1 => string 'https://crosdom.weicaifu.com/sso/crosdom?action=login&savestate=1434764192' (length=74)

At this time, it means that we have successfully logged in, but in fact, the address of our Weibo homepage is not weibo,com, but http://weibo.com/bipeng0405/home?wvr=5. How do we obtain this address? It's very simple, just grab weibo directly. com and it will automatically redirect you back. You only need to record the redirected address

Copy code The code is as follows:

$ch = curl_init();

curl_setopt($ch,CURLOPT_URL,"http://weibo.com");
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_COOKIEFILE, $cookie_file);
curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file);
$return = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);

There is another problem here. At this time, you may find that you do not jump to the homepage of your Weibo. What is the reason? You can see that there are two connection addresses when logging in. One of them is an address under the weibo domain. I guess it should be The cookie is set, so let’s get it first.

Copy code The code is as follows:

get($login['crossDomainUrlList'][0]);

This code must be obtained before weibo.com, otherwise problems will occur.
I hope this article will be helpful to everyone’s PHP programming design.

How to simulate logging into Sina Weibo through curl

Haha, I’m looking for information on how to use curl to simulate logging into the WeChat public platform

PHP CURL POST simulates user login. I hope you can give the specific code and briefly explain the code

You can check to see if there are other http headers that are not simulated, such as whether Referer and User-Agent can simulate browser values. A complete request is similar to this:

GET /home/pack/ Data/Content? ID = 31,2399,13,30 & asyn = 1 & T = 0.03439752989200834 &_Req_seqid = 0xa982225F06378A HTTP/1.1
*/ *
Accept -Language: zh-cn
Referer: www.baidu. com/
x-requested-with: XMLHttpRequest
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS123401; InfoPath. 2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; MS-RTC LM 8)
Host: www.baidu.com
Connection: Keep -Alive
Cookie: XCXXXXX

http://www.bkjia.com/PHPjc/907837.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/907837.htmlTechArticlePHP uses curl to imitate the method of users logging in to Sina Weibo to post Weibo. The curl user logs in. This article describes how PHP uses curl imitates the way users log in to Sina Weibo to post Weibo. Share it with everyone...