PHP uses curl to imitate how users log in to Sina Weibo and post Weibo_PHP Tutorial

PHP uses curl to imitate users logging in to Sina Weibo to post Weibo

Now when using php to imitate user login, we will all use the PHP curl function, because it is the only one that can To enable you to visit other people's websites like a user, let me introduce to you an application example of using curl to log in to Sina Weibo and post on Weibo.

I received a request the day before yesterday that I needed to simulate logging in to Weibo and then post on Weibo. I have done many simulated logins to Alibaba, WeChat, and other internal systems. So far, I have never been unable to log in, haha, so that’s it. I didn’t take it seriously, but I felt the pressure when I analyzed Sina’s login process
When I encountered sha1(sha1(sha1(pwd)).once.servertime), I definitely couldn’t use it. It mainly made it difficult to figure out the encryption algorithm, so I couldn’t figure out the password, let alone login. Then I searched for various codes on the Internet for an hour. Nothing was gained.
Can I use my Weibo account and password to log in to Sina mailbox or other Sina products? I feel very hopeful. Sure enough, my Weibo account can directly log in to all Sina products. When I visit Weibo again, I am already logged in. Prove that this is useful?

In fact, it is very useful. The technology a large company invests in a project has a lot to do with the profitability and prospects of the project. Weibo can put a lot of effort into it, but not necessarily other things. If you find that Isn't it easy to say that the local password is not encrypted? (PS: I am more interested in network security. This method is called a side note for hackers. A side note is that when a hacker attacks a website, the security of the website is very good, there are no known vulnerabilities, and it is difficult to break. Large, so hackers will look for other websites under the server of this website, and then find one that is easier to break through. They can use this website to mount a horse, shell, and escalate privileges. Then the target website will be compromised, thinking that it is on the same server, so... The goal is to get the target station. No matter which method you use, just get it. Do you have any naughty thoughts?)

https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.15)&_=1403138799543 A simple packet capture shows that the password is not encrypted. We cannot simulate login. ? Well, actually it’s a bit early to be happy here
Log in to Sina first, and the code will be ready in minutes. What is returned is a json array

The code is as follows:

$password = $p;
$username = base64_encode($u);
$loginUrl = 'https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.15)&_=1403138799543';
$loginData['entry'] = 'sso';
$loginData['gateway'] = '1';
$loginData['from'] = 'null';
$loginData['savestate'] = '30';
$loginData['useticket'] = '0';
$loginData['pagerefer'] = '';
$loginData['vsnf'] = '1';
$loginData['su'] = base64_encode($u);
$loginData['service'] = 'sso';
$loginData['sp'] = $password;
$loginData['sr'] = '1920*1080';
$loginData['encoding'] = 'UTF-8';
$loginData['cdult'] = '3';
$loginData['domain'] = 'sina.com.cn';
$loginData['prelt'] = '0';
$loginData['returntype'] = 'TEXT';
//var_dump($loginData);exit;
$login = json_decode(loginPost($loginUrl,$loginData),true);
var_dump($login);exit;function loginPost($url,$data){
global $cookie_file ;
//echo $cookie_file ;exit;
$tmp = '';
if(is_array($data)){
foreach($data as $key =>$value){
$tmp .= $key."=".$value."&";
}
$post = trim($tmp,"&");
}else{
$post = $data;
}
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file);
curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file);
$return = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
return $return;
}

What is returned is a json data that can be converted into an array

The code is as follows:

array (size=4)
'retcode' => string '0' (length=1)
'uid' => string '1920109964' (length=10)
'nick' => string 'Grandpa Bi tells stories' (length=18)
'crossDomainUrlList' => Array (size=2)
​​ 0 => string 'https://passport.weibo.com/wbsso/login?ticket=ST-MTkyMDEwOTk2NA%3D%3D-1403228192-gz-AB37DC0C18BA3BFCD90AEFAC6115149D&ssosavestate=1434764192' (length=140)
1 => string 'https://crosdom.weicaifu.com/sso/crosdom?action=login&savestate=1434764192' (length=74)

At this time, it means that we have successfully logged in, but in fact, the address of our Weibo homepage is not weibo,com, but http://weibo.com/bipeng0405/home?wvr=5. How do we obtain this address? It's very simple, just grab weibo directly. com and it will automatically redirect you back. You only need to record the redirected address

The code is as follows:

$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,"http://weibo.com");
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_COOKIEFILE, $cookie_file);
curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file);
$return = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);

There is another problem here. At this time, you may find that you do not jump to the homepage of your Weibo. What is the reason? You can see that there are two connection addresses when logging in. One of them is an address under the weibo domain. I guess it should be The cookie is set, so let’s get it first.

The code is as follows:

get($login['crossDomainUrlList'][0]);

This code must be obtained before weibo.com, otherwise problems will occur.

http://www.bkjia.com/PHPjc/907711.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/907711.htmlTechArticlePHP uses curl to imitate user login to Sina Weibo and post Weibo. Now we use PHP to imitate user login. Let’s go to the PHP curl function, because only it can achieve the same thing as the user...