PHP采用curl模仿用户登陆新浪微博发微博的方法

Home

Backend Development

PHP Tutorial

PHP采用curl模仿用户登陆新浪微博发微博的方法_php技巧

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

May 16, 2016 pm 08:32 PM

curlphpPost on WeiboSina Weiboimitateuser login

本文实例讲述了PHP采用curl模仿用户登陆新浪微博发微博的方法。分享给大家供大家参考。具体实现方法如下：

现在用php做模仿用户登录我们都会使用到PHP curl函数了，因为只有它才可以实现像用户一样的去访问别人网站了，下面就给大家介绍一下curl登陆新浪微博发微博应用例子。

前天接到一个需求需要模拟登陆微博然后进行发微博，以前干过很多的模拟登录阿里妈妈，微信，还有些其他的内部系统，至今没有出现不能登录的，哈哈，所以也就没有当一回事情，可是当分析新浪的登陆过程的时候才感觉到压力
遇到sha1(sha1(sha1(pwd)).once.servertime) ,肯定都用不了，主要使这个加密算法搞不定所以密码都搞不定别谈登录的，接着就在网上各种找代码，一个小时毫无所获。
是不是我用微博的帐号密码也能登录到新浪邮箱或者其他新浪产品去，感觉希望很大，果然微博的帐号可以直接登录所有的新浪产品，再次访问微博我已经在登录状态了，证明这个有神马用呢？

其实很有用的，一个大公司在一个项目投入的技术和这个项目盈利和前景有很大关系，微博他可以花很大的心思去做，但是其他就不一定，万一找到那个地方的密码没有加密那岂不是很好说了。（PS：对网络安全比较感兴趣，这个方式对黑客来说叫做旁注，旁注就是，当黑客在攻击一个网站的时候，这个网站安全做的非常好，没有什么已知漏洞，攻破难度较大，所以黑客会找找该网站下服务器下其他网站，然后找一个比较容易攻破的，通过这个网站挂马，shell，提权，然后目标网站也就沦陷，以为在同一个服务器，所以….目标就是拿到目标站，无论哪种方法只要拿下就行，很淫荡的想法有没有）

https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.15)&_=1403138799543简单抓抓包发现密码并没有加密，我们不是能模拟登录了吗? 嗯，其实这里高兴的有点早了
先登录新浪的吧，代码分分钟就搞定了。返回的是一个json数组

复制代码代码如下:

$password = $p;

$username = base64_encode($u);

$loginUrl = 'https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.15)&_=1403138799543';

$loginData['entry'] = 'sso';

$loginData['gateway'] = '1';

$loginData['from'] = 'null';

$loginData['savestate'] = '30';

$loginData['useticket'] = '0';

$loginData['pagerefer'] = '';

$loginData['vsnf'] = '1';

$loginData['su'] = base64_encode($u);

$loginData['service'] = 'sso';

$loginData['sp'] = $password;

$loginData['sr'] = '1920*1080';

$loginData['encoding'] = 'UTF-8';

$loginData['cdult'] = '3';

$loginData['domain'] = 'sina.com.cn';

$loginData['prelt'] = '0';

$loginData['returntype'] = 'TEXT';

//var_dump($loginData);exit;

$login = json_decode(loginPost($loginUrl,$loginData),true);

var_dump($login);exit;function loginPost($url,$data){

global $cookie_file ;

//echo $cookie_file ;exit;

$tmp = '';

if(is_array($data)){

foreach($data as $key =>$value){

$tmp .= $key."=".$value."&";

}

$post = trim($tmp,"&");

}else{

$post = $data;

}

$ch = curl_init();

curl_setopt($ch,CURLOPT_URL,$url); 

curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); 

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

curl_setopt($ch,CURLOPT_POST,1);

curl_setopt($ch,CURLOPT_POSTFIELDS,$post);

curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file);

curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file);

$return = curl_exec($ch);

$info = curl_getinfo($ch);

curl_close($ch);

return $return;

}

返回的是一个json数据转成数组即可

复制代码代码如下:

array (size=4)

  'retcode' => string '0' (length=1)

  'uid' => string '1920109964' (length=10)

  'nick' => string '毕姥爷讲故事' (length=18)

  'crossDomainUrlList' => 

    array (size=2)

      0 => string 'https://passport.weibo.com/wbsso/login?ticket=ST-MTkyMDEwOTk2NA%3D%3D-1403228192-gz-AB37DC0C18BA3BFCD90AEFAC6115149D&ssosavestate=1434764192' (length=140)

      1 => string 'https://crosdom.weicaifu.com/sso/crosdom?action=login&savestate=1434764192' (length=74)

这个时候说明我们登录成功了，但是其实我们的微博首页的地址并不是weibo,com，而是 http://weibo.com/bipeng0405/home?wvr=5 这样地址，我们怎么获取这个地址了，很简单，直接抓取weibo。com然后他会自动给你跳转回去的，你只需要把跳转的地址记录下来即可

复制代码代码如下:

$ch = curl_init();

curl_setopt($ch,CURLOPT_URL,"http://weibo.com"); 

curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); 

curl_setopt($ch,CURLOPT_COOKIEFILE, $cookie_file); 

curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file); 

$return = curl_exec($ch);

$info = curl_getinfo($ch);

curl_close($ch);

这里还有一个问题，这个时候你可能发现没有跳转到自己微博的首页，这是什么原因呢，可以看看登陆时候有两个连接地址，其中有一个weibo域下的一个地址，猜测应该是进行了cookie的设置所以先获取一边他吧。

复制代码代码如下:

get($login['crossDomainUrlList'][0]);

这个代码要在刚才weibo.com获取之前，否则会出现问题的。

希望本文所述对大家的PHP程序设计有所帮助。

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

How can you protect against Cross-Site Scripting (XSS) attacks related to sessions?Apr 23, 2025 am 12:16 AM

To protect the application from session-related XSS attacks, the following measures are required: 1. Set the HttpOnly and Secure flags to protect the session cookies. 2. Export codes for all user inputs. 3. Implement content security policy (CSP) to limit script sources. Through these policies, session-related XSS attacks can be effectively protected and user data can be ensured.

How can you optimize PHP session performance?Apr 23, 2025 am 12:13 AM

Methods to optimize PHP session performance include: 1. Delay session start, 2. Use database to store sessions, 3. Compress session data, 4. Manage session life cycle, and 5. Implement session sharing. These strategies can significantly improve the efficiency of applications in high concurrency environments.

What is the session.gc_maxlifetime configuration setting?Apr 23, 2025 am 12:10 AM

Thesession.gc_maxlifetimesettinginPHPdeterminesthelifespanofsessiondata,setinseconds.1)It'sconfiguredinphp.iniorviaini_set().2)Abalanceisneededtoavoidperformanceissuesandunexpectedlogouts.3)PHP'sgarbagecollectionisprobabilistic,influencedbygc_probabi

How do you configure the session name in PHP?Apr 23, 2025 am 12:08 AM

In PHP, you can use the session_name() function to configure the session name. The specific steps are as follows: 1. Use the session_name() function to set the session name, such as session_name("my_session"). 2. After setting the session name, call session_start() to start the session. Configuring session names can avoid session data conflicts between multiple applications and enhance security, but pay attention to the uniqueness, security, length and setting timing of session names.

How often should you regenerate session IDs?Apr 23, 2025 am 12:03 AM

The session ID should be regenerated regularly at login, before sensitive operations, and every 30 minutes. 1. Regenerate the session ID when logging in to prevent session fixed attacks. 2. Regenerate before sensitive operations to improve safety. 3. Regular regeneration reduces long-term utilization risks, but the user experience needs to be weighed.

How do you set the session cookie parameters in PHP?Apr 22, 2025 pm 05:33 PM

Setting session cookie parameters in PHP can be achieved through the session_set_cookie_params() function. 1) Use this function to set parameters, such as expiration time, path, domain name, security flag, etc.; 2) Call session_start() to make the parameters take effect; 3) Dynamically adjust parameters according to needs, such as user login status; 4) Pay attention to setting secure and httponly flags to improve security.

What is the main purpose of using sessions in PHP?Apr 22, 2025 pm 05:25 PM

The main purpose of using sessions in PHP is to maintain the status of the user between different pages. 1) The session is started through the session_start() function, creating a unique session ID and storing it in the user cookie. 2) Session data is saved on the server, allowing data to be passed between different requests, such as login status and shopping cart content.

How can you share sessions across subdomains?Apr 22, 2025 pm 05:21 PM

How to share a session between subdomains? Implemented by setting session cookies for common domain names. 1. Set the domain of the session cookie to .example.com on the server side. 2. Choose the appropriate session storage method, such as memory, database or distributed cache. 3. Pass the session ID through cookies, and the server retrieves and updates the session data based on the ID.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks agoByDDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks agoByDDD

Where to find the Crane Control Keycard in Atomfall

3 weeks agoByDDD

Roblox: Dead Rails - How To Complete Every Challenge

4 weeks agoByDDD

Atomfall guide: item locations, quest guides, and tips

4 weeks agoByDDD

Hot Tools

SublimeText3 Linux new version

SublimeText3 Linux latest version

VSCode Windows 64-bit Download

A free and powerful IDE editor launched by Microsoft

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

Dreamweaver Mac version

Visual web development tools

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

Hot Topics

Where is the login entrance for gmail email?

7660

CakePHP Tutorial

1393

C# Tutorial

1205

What is the format of the account name of steam

win11 activation key permanent