Home >Backend Development >PHP Tutorial >About the final version of the voting website written in PHP_PHP tutorial
Following the last essay about cheating on votes, I decided to try it using each student’s password to log in to the Academic Affairs Office, although I had done this before when I was doing WeChat development at the beginning of the semester.
The first thing to do is to log in to the school’s Academic Affairs Office website, and then open
<span 1</span> <span //</span><span 第一步:提交数据,生成cookie,将cookie保存在临时目录下 </span><span 2</span> <span //在指定目录中建立一个具有唯一文件名的文件。如果该目录不存在,tempnam() 会在系统临时目录中生成一个文件,并返回其文件名</span> <span 3</span> <span $cookie_file</span>=<span tempnam</span>('./temp','cookie'<span ); </span><span 4</span> <span $ch</span>=<span curl_init(); </span><span 5</span> <span $login_url</span>="网址"<span ; </span><span 6</span> <span $curlPost</span>="uname=账号&upwd=密码&usertypex=%B9%DC%C0%ED%D4%B1"<span ; </span><span 7</span> curl_setopt(<span $ch</span>,CURLOPT_URL,<span $login_url</span><span ); </span><span 8</span> <span //</span><span 启用时会将头文件的信息作为数据流输出</span> <span 9</span> curl_setopt(<span $ch</span>,CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible;MS IE 9.0; Windows NT 6.1; WOW 64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.0.30729; BRI/2; MASM; .NET4.0C; .NET4.0E; InfoPath.3; Media Center PC 6.0; SE 2.X MeTaSr 1.0)'<span ); </span><span 10</span> curl_setopt(<span $ch</span>,CURLOPT_HEADER,<span true</span><span ); </span><span 11</span> curl_setopt(<span $ch</span>,CURLOPT_MAXREDIRS,1<span ); </span><span 12</span> curl_setopt(<span $ch</span>,CURLOPT_RETURNTRANSFER,1<span ); </span><span 13</span> curl_setopt(<span $ch</span>,CURLOPT_FOLLOWLOCATION,1<span ); </span><span 14</span> curl_setopt(<span $ch</span>,CURLOPT_POST,1<span ); </span><span 15</span> curl_setopt(<span $ch</span>,CURLOPT_POSTFIELDS,<span $curlPost</span><span ); </span><span 16</span> <span //</span><span 设置连接结束后保存cookie信息的文件</span> <span 17</span> curl_setopt(<span $ch</span>,CURLOPT_COOKIEJAR,<span $cookie_file</span><span ); </span><span 18</span> <span $content_login</span>=curl_exec(<span $ch</span><span ); </span><span 19</span> <span //</span><span print_r($content_login);</span> <span 20</span> <span var_dump</span>(<span $cookie_file</span><span ); </span><span 21</span> curl_close(<span $ch</span>);
The test shows nothing because:
<span $content_login</span>=curl_exec(<span $ch</span><span ); </span><span //</span><span print_r($content_login);</span>
Will be explained later, continue:
<span 1</span> <span $ch2</span>=<span curl_init(); </span><span 2</span> <span $login_url2</span>=网址2"<span ; </span><span 3</span> curl_setopt(<span $ch2</span>,CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible;MS IE 9.0; Windows NT 6.1; WOW 64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.0.30729; BRI/2; MASM; .NET4.0C; .NET4.0E; InfoPath.3; Media Center PC 6.0; SE 2.X MeTaSr 1.0)'<span ); </span><span 4</span> curl_setopt(<span $ch2</span>,CURLOPT_HEADER,0<span ); </span><span 5</span> curl_setopt(<span $ch2</span>,CURLOPT_URL,<span $login_url2</span><span ); </span><span 6</span> curl_setopt(<span $ch2</span>,CURLOPT_RETURNTRANSFER,1<span ); </span><span 7</span> curl_setopt(<span $ch2</span>,CURLOPT_CONNECTTIMEOUT,120<span ); </span><span 8</span> <span 9</span> curl_setopt(<span $ch2</span>,CURLOPT_AUTOREFERER,1<span ); </span><span 10</span> curl_setopt(<span $ch2</span>,CURLOPT_POST,1<span ); </span><span 11</span> <span 12</span> curl_setopt(<span $ch2</span>,CURLOPT_POSTFIELDS,<span $curlPost</span><span ); </span><span 13</span> curl_setopt(<span $ch2</span>,CURLOPT_REFERER,"来源"<span ); </span><span 14</span> <span //</span><span 设置连接结束后保存cookie信息的文件</span> <span 15</span> curl_setopt(<span $ch2</span>,CURLOPT_COOKIEFILE,<span $cookie_file</span><span ); </span><span 16</span> <span $content_login</span>=curl_exec(<span $ch2</span><span ); </span><span 17</span> <span //</span><span $content_login='1';</span> <span 18</span> <span print_r</span>(<span $content_login</span><span ); </span><span 19</span> <span //</span><span curl_exec($ch);</span> <span 20</span> curl_close(<span $ch2</span>);
Here, the same cookie is used so that the server can identify it directly.
<span $content_login</span>=curl_exec(<span $ch2</span>);
This is the content obtained from the web page.
<span print_r</span>(<span $content_login</span>);
This is to print out the obtained content. If you are careful, you can find:
in front of it.<span $content_login</span>='1';
I commented out this sentence. This is what I use to test whether the data can be modified. When I obtained the class schedule, I couldn't modify the obtained data. I don't know why, but it can be done here.
If the account password is wrong, a dialog box will pop up as shown on the website to show that the account password is wrong. In this way, just add another student_id to the data table. An account can only be used once.
I really hope that this time I can really stop ticket fraud. I am exhausted.
Thank you also to netizens. The verification code of Mogujie is really good. I also figured it out and will share it with you tomorrow. However, the ticket brush has a function that allows you to enter the verification code manually. This is useless, so I gave up the verification code.
I will be scolded to death by those people.
Please indicate the source when reprinting: http://www.cnblogs.com/yydcdut/p/3472248.html