search
HomeBackend DevelopmentPHP TutorialPHP implements simulated login to Zhengfang Academic Affairs System

This article mainly introduces the login of Zhengfang Academic Affairs System through the curl library of PHP. Since Zhengfang Academic Affairs System may have some updates every year, this article is for 2018. It introduces some methods of simulating login to Zhengfang. I hope it can help. to everyone.


PHP implements simulated login to Zhengfang Academic Affairs System

The content is as follows
PHP implements simulated login to Zhengfang Academic Affairs System
We can see this A request, as can be seen from the name, is the verification code of the page, which is returned from the Zhengfang server when accessing the login interface. I referred to the blogs of other experts who said that the verification code can be intercepted without entering it, but I tested it several times and found that it does not work. Therefore, I feel that Zhengfang should have fixed this bug, so we should enter the verification code honestly.

It should also be noted that there is a parameter Cookie in the above picture. This cookie will be returned every time the page is visited, but this cookie will only take effect after the login is successful, so we need to save it. This cookie, because all operations we perform in the educational system will verify this cookie, which is equivalent to identity authentication, so this cookie is essential.

Below I use php to save cookies and verification codes locally.

    session_start();    $id=session_id();    $_SESSION['id']=$id;    $cookie = dirname(__FILE__) . '/cookie/'.$_SESSION['id'].'.txt'; //cookie路径,将cookie写入一个文件中

    $verify_code_url = "http://jwgl.hbpu.edu.cn/CheckCode.aspx"; //验证码地址
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_URL, $verify_code_url);
    curl_setopt($curl, CURLOPT_COOKIEJAR, $cookie);  //保存cookie
    curl_setopt($curl, CURLOPT_HEADER, 0);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);    $img = curl_exec($curl);  //执行curl
    curl_close($curl);    $fp = fopen("verifyCode.jpg","w");  //文件名
    fwrite($fp,$img);  //写入文件
    fclose($fp);
    echo "验证码取出完成,正在休眠,15秒内请把验证码填入code.txt并保存\n";    //停止运行15秒
    sleep(15);

Students who are familiar with PHP should be able to understand the meaning of this code. First create a session, we save the cookie obtained each time in a folder, and obtain the cookie and returned verification code by accessing the domain name. To manually fill in the verification code, we create a code.txt file. After we see the verification code picture in the folder, we manually write it out in the code.txt file. After fifteen seconds, we will send a request to the Zhengfang server.

2. Find the server that sent the request and the required parameters

PHP implements simulated login to Zhengfang Academic Affairs System
You can see a POST request, in which one of the message headers we should pay attention to in the picture above is Referer The purpose of this message header is to prevent CSRF. As for CSRF, I will elaborate on it at the end. Let’s take a look at the POST parameters:
PHP implements simulated login to Zhengfang Academic Affairs System
You should be able to guess most of the parameters. I won’t go into details about the parameters with empty content. What needs to be mentioned is _VIEWSTATE and RadioButtonList1.
The first parameter is the status of the current page. This string is to verify that we are coming from the login interface. This parameter is in the source code of the login page. We extract it through regular expressions.
The second parameter is the type of button, and the content is a GBK code. My type is student.

function login_post($url,$cookie,$post){
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);  //不自动输出数据,要echo才行
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);  //重要,抓取跳转后数据
        curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
        curl_setopt($ch, CURLOPT_REFERER, 'http://jwgl.hbpu.edu.cn/');  //重要,302跳转需要referer,可以在Request Headers找到
        curl_setopt($ch, CURLOPT_POSTFIELDS,$post);  //post提交数据
        $result=curl_exec($ch);
        curl_close($ch);        return $result;
    }    $xh='';//此处手动输入学号,上线后通过$_POST得到
    $pw='';//此处手动输入密码,上线后通过$_POST得到
    $code = file_get_contents("code.txt");//把验证码输入到code.txt中后通过此方法取出验证码
    $cookie = dirname(__FILE__) . '/cookie/'.$_SESSION['id'].'.txt';//取出cookie
    $url="http://jwgl.hbpu.edu.cn/default2.aspx";  //教务处地址
    $con1=login_post($url,$cookie,'');
    preg_match_all(&#39;/<input type="hidden" name="__VIEWSTATE" value="([^<>]+)" \/>/&#39;, $con1, $view); //获取__VIEWSTATE字段并存到$view数组中
    $post=array(        &#39;__VIEWSTATE&#39;=>$view[1][0],        &#39;txtUserName&#39;=>$xh,        &#39;TextBox2&#39;=>$pw,        &#39;txtSecretCode&#39;=>$code,        &#39;RadioButtonList1&#39;=>&#39;%D1%A7%C9%FA&#39;,  //“学生”的gbk编码
        &#39;Button1&#39;=>&#39;&#39;,        &#39;lbLanguage&#39;=>&#39;&#39;,        &#39;hidPdrs&#39;=>&#39;&#39;,        &#39;hidsc&#39;=>&#39;&#39;
    );    $con2=login_post($url,$cookie,http_build_query($post)); //将数组连接成字符串

At this point we can access our php file. If your content is as follows, congratulations, you have successfully logged in to Zhengfang.
PHP implements simulated login to Zhengfang Academic Affairs System

3. Implement the function of accessing the class schedule

As mentioned before, even if we successfully log in, we cannot perform the functional operations inside because each section requires different Parameters, or different request addresses, so I will introduce a function of accessing scores here.



Enter the score query section and let’s take a look at the request address and parameters.
PHP implements simulated login to Zhengfang Academic Affairs System
The parameters are as follows:
PHP implements simulated login to Zhengfang Academic Affairs System
Everyone should be able to understand these parameters. The only one is gnmkdm. The content of this parameter is a randomly generated string. Not a required parameter. The other ones have basically been mentioned before, _VEIWSTATE is the same as the method obtained before. The code is given below.

preg_match_all(&#39;/<span id="xhxm">([^<>]+)/&#39;, $con2, $xm);   //正则出的数据存到$xm数组中
    $xm[1][0]=substr($xm[1][0],0,-4);  //字符串截取,获得姓名

    //拼接所需要访问的url,我们需要获取哪个url就去拼接完整的url,此处是获取成绩的url
    //以后如果需要获取别的数据,就去官网找他的url,看需要哪些参数
    $url2="http://jwgl.hbpu.edu.cn/xscj_gc.aspx?xh=".$xh."&xm=".$xm[1][0];    $viewstate=login_post($url2,$cookie,&#39;&#39;);
    preg_match_all(&#39;/<input type="hidden" name="__VIEWSTATE" value="([^<>]+)" \/>/&#39;, $viewstate, $vs);    $state=$vs[1][0];  //$state存放一会post的__VIEWSTATE

    //每个页面都有不同的参数请求,根据不同情况来发送不同的参数
    $post=array(           &#39;__EVENTTARGET&#39;=>&#39;&#39;,           &#39;__EVENTARGUMENT&#39;=>&#39;&#39;,           &#39;__VIEWSTATE&#39;=>$state,           &#39;hidLanguage&#39;=>&#39;&#39;,           &#39;ddlXN&#39;=>&#39;2016-2017&#39;,  //当前学年
           &#39;ddlXQ&#39;=>&#39;1&#39;,  //当前学期
           &#39;ddl_kcxz&#39;=>&#39;&#39;,           &#39;Button1&#39;=>&#39;%B0%B4%D1%A7%C6%DA%B2%E9%D1%AF&#39;  //“学期成绩”的gbk编码,视情况而定
        );    $content=login_post($url2,$cookie,http_build_query($post));    echo $content;

Okay, the code is finished. If your page displays as follows, then you have succeeded.
PHP implements simulated login to Zhengfang Academic Affairs System

4. Summary

In fact, it is a little more troublesome when logging in. After entering, the two necessary parameters Cookie and _VIEWSTATE are required, and the other parameters are left alone. Look at each POST request, and then combine it according to the request format. The above code will not report an error when running. Please copy it and run it to see. But after a few years, we will see if Zhengfang will fix the loopholes. The time interval between reading other blogs before was too long, so I will write an 18-year article. If you still don’t understand anything, you can send me a private message or leave a message in the comment area. Discussions are welcome.

5. About CSRF

The so-called CSRF is cross-site forgery, which means that others steal your identity to send requests to the server. The Referer header mentioned before is to defend against this attack, which means Said, if we want to successfully log in to the Zhengfang Academic Affairs System, we must jump through the login interface page, which means that the address before the jump must be http://jwgl.hbpu.edu.cn/. When testing, everyone uses the academic administration system of their own university, because this address is the academic administration system of my university, and I can successfully log in through my student ID and password. Finally, I posted a blog about CSRF attacks, written by a big shot. Describe CSRF in detail. (Click the link below)
CSRF Attack and Defense

php simulated login to Zhengfang Academic Affairs System (2018)

This article mainly introduces the login of Zhengfang Academic Affairs System through the curl library of php. Since Zhengfang Academic Affairs The system may have some updates every year, so this article is for 2018 and introduces some methods of simulating login to Zhengfang.


PHP implements simulated login to Zhengfang Academic Affairs System
The content is as follows
PHP implements simulated login to Zhengfang Academic Affairs System
We can see such a request, As can be seen from the name, this is the verification code of the page, which is returned from the Zhengfang server when accessing the login interface. I referred to the blogs of other experts who said that the verification code can be intercepted without entering it, but I tested it several times and found that it does not work. Therefore, I feel that Zhengfang should have fixed this bug, so we should enter the verification code honestly.

It should also be noted that there is a parameter Cookie in the above picture. This cookie will be returned every time you visit the page, but this cookie will only take effect after the login is successful, so we need to save this cookie. Because all operations we perform in the educational system will verify this cookie, which is equivalent to identity authentication, this cookie is essential.



Below I use php to save cookies and verification codes locally.

    session_start();    $id=session_id();    $_SESSION[&#39;id&#39;]=$id;    $cookie = dirname(__FILE__) . &#39;/cookie/&#39;.$_SESSION[&#39;id&#39;].&#39;.txt&#39;; //cookie路径,将cookie写入一个文件中

    $verify_code_url = "http://jwgl.hbpu.edu.cn/CheckCode.aspx"; //验证码地址
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_URL, $verify_code_url);
    curl_setopt($curl, CURLOPT_COOKIEJAR, $cookie);  //保存cookie
    curl_setopt($curl, CURLOPT_HEADER, 0);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);    $img = curl_exec($curl);  //执行curl
    curl_close($curl);    $fp = fopen("verifyCode.jpg","w");  //文件名
    fwrite($fp,$img);  //写入文件
    fclose($fp);
    echo "验证码取出完成,正在休眠,15秒内请把验证码填入code.txt并保存\n";    //停止运行15秒
    sleep(15);

Students who are familiar with PHP should be able to understand the meaning of this code. First create a session, we save the cookie obtained each time in a folder, and obtain the cookie and returned verification code by accessing the domain name. To manually fill in the verification code, we create a code.txt file. After we see the verification code picture in the folder, we manually write it out in the code.txt file. After fifteen seconds, we will send a request to the Zhengfang server.

2. Find the server that sent the request and the required parameters

PHP implements simulated login to Zhengfang Academic Affairs System
You can see a POST request, in which one of the message headers we should pay attention to in the picture above is Referer The purpose of this message header is to prevent CSRF. As for CSRF, I will elaborate on it at the end. Let’s take a look at the POST parameters:
PHP implements simulated login to Zhengfang Academic Affairs System
You should be able to guess most of the parameters. I won’t go into details about the parameters with empty content. What needs to be mentioned is _VIEWSTATE and RadioButtonList1.
The first parameter is the status of the current page. This string is to verify that we are coming from the login interface. This parameter is in the source code of the login page. We extract it through regular expressions.
The second parameter is the type of button, and the content is a GBK code. My type is student.

function login_post($url,$cookie,$post){
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);  //不自动输出数据,要echo才行
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);  //重要,抓取跳转后数据
        curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
        curl_setopt($ch, CURLOPT_REFERER, &#39;http://jwgl.hbpu.edu.cn/&#39;);  //重要,302跳转需要referer,可以在Request Headers找到
        curl_setopt($ch, CURLOPT_POSTFIELDS,$post);  //post提交数据
        $result=curl_exec($ch);
        curl_close($ch);        return $result;
    }    $xh=&#39;&#39;;//此处手动输入学号,上线后通过$_POST得到
    $pw=&#39;&#39;;//此处手动输入密码,上线后通过$_POST得到
    $code = file_get_contents("code.txt");//把验证码输入到code.txt中后通过此方法取出验证码
    $cookie = dirname(__FILE__) . &#39;/cookie/&#39;.$_SESSION[&#39;id&#39;].&#39;.txt&#39;;//取出cookie
    $url="http://jwgl.hbpu.edu.cn/default2.aspx";  //教务处地址
    $con1=login_post($url,$cookie,&#39;&#39;);
    preg_match_all(&#39;/<input type="hidden" name="__VIEWSTATE" value="([^<>]+)" \/>/&#39;, $con1, $view); //获取__VIEWSTATE字段并存到$view数组中
    $post=array(        &#39;__VIEWSTATE&#39;=>$view[1][0],        &#39;txtUserName&#39;=>$xh,        &#39;TextBox2&#39;=>$pw,        &#39;txtSecretCode&#39;=>$code,        &#39;RadioButtonList1&#39;=>&#39;%D1%A7%C9%FA&#39;,  //“学生”的gbk编码
        &#39;Button1&#39;=>&#39;&#39;,        &#39;lbLanguage&#39;=>&#39;&#39;,        &#39;hidPdrs&#39;=>&#39;&#39;,        &#39;hidsc&#39;=>&#39;&#39;
    );    $con2=login_post($url,$cookie,http_build_query($post)); //将数组连接成字符串

At this point we can access our php file. If your content is as follows, congratulations, you have successfully logged in to Zhengfang.
PHP implements simulated login to Zhengfang Academic Affairs System

3. Implement the function of accessing the class schedule

As mentioned before, even if we successfully log in, we cannot perform the functional operations inside because each section requires different Parameters, or different request addresses, so I will introduce a function of accessing scores here.



Enter the score query section and let’s take a look at the request address and parameters.
PHP implements simulated login to Zhengfang Academic Affairs System
The parameters are as follows:
PHP implements simulated login to Zhengfang Academic Affairs System
Everyone should be able to understand these parameters. The only one is gnmkdm. The content of this parameter is a randomly generated string. Not a required parameter. The other ones have basically been mentioned before, _VEIWSTATE is the same as the method obtained before. The code is given below.

preg_match_all(&#39;/<span id="xhxm">([^<>]+)/&#39;, $con2, $xm);   //正则出的数据存到$xm数组中
    $xm[1][0]=substr($xm[1][0],0,-4);  //字符串截取,获得姓名

    //拼接所需要访问的url,我们需要获取哪个url就去拼接完整的url,此处是获取成绩的url
    //以后如果需要获取别的数据,就去官网找他的url,看需要哪些参数
    $url2="http://jwgl.hbpu.edu.cn/xscj_gc.aspx?xh=".$xh."&xm=".$xm[1][0];    $viewstate=login_post($url2,$cookie,&#39;&#39;);
    preg_match_all(&#39;/<input type="hidden" name="__VIEWSTATE" value="([^<>]+)" \/>/&#39;, $viewstate, $vs);    $state=$vs[1][0];  //$state存放一会post的__VIEWSTATE

    //每个页面都有不同的参数请求,根据不同情况来发送不同的参数
    $post=array(           &#39;__EVENTTARGET&#39;=>&#39;&#39;,           &#39;__EVENTARGUMENT&#39;=>&#39;&#39;,           &#39;__VIEWSTATE&#39;=>$state,           &#39;hidLanguage&#39;=>&#39;&#39;,           &#39;ddlXN&#39;=>&#39;2016-2017&#39;,  //当前学年
           &#39;ddlXQ&#39;=>&#39;1&#39;,  //当前学期
           &#39;ddl_kcxz&#39;=>&#39;&#39;,           &#39;Button1&#39;=>&#39;%B0%B4%D1%A7%C6%DA%B2%E9%D1%AF&#39;  //“学期成绩”的gbk编码,视情况而定
        );    $content=login_post($url2,$cookie,http_build_query($post));    echo $content;

Okay, the code is finished. If your page displays as follows, then you have succeeded.
PHP implements simulated login to Zhengfang Academic Affairs System

4. Summary

In fact, it is a little more troublesome when logging in. After entering, the two necessary parameters Cookie and _VIEWSTATE are required. For other parameters, just check each POST request by yourself, and then according to Just combine the request formats. The above code will not report an error when running. Please copy it and run it to see. But after a few years, we will see if Zhengfang will fix the loopholes. The time interval between reading other blogs before was too long, so I will write an 18-year article. If you still don’t understand anything, you can send me a private message or leave a message in the comment area. Discussions are welcome.

5. About CSRF

The so-called CSRF is cross-site forgery, which means that someone else steals your identity to send a request to the server. The request header Referer mentioned before is to defend against this attack. , which means that if we want to successfully log in to the Zhengfang Academic Affairs System, we must jump through the login interface page, which means that the address before the jump must be http://jwgl.hbpu.edu.cn/ . When testing, everyone uses the academic administration system of their own university, because this address is the academic administration system of my university, and I can successfully log in through my student ID and password. Finally, I posted a blog about CSRF attacks, written by a big shot. Describe CSRF in detail. (Click the link below)
CSRF attack and defense.

Related recommendations:

10 recommended articles about the educational administration system

A small program that simulates logging in to the educational administration system to calculate GPA

Use php to implement simulated login of Zhengfang Academic Affairs System

The above is the detailed content of PHP implements simulated login to Zhengfang Academic Affairs System. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
What are some common problems that can cause PHP sessions to fail?What are some common problems that can cause PHP sessions to fail?Apr 25, 2025 am 12:16 AM

Reasons for PHPSession failure include configuration errors, cookie issues, and session expiration. 1. Configuration error: Check and set the correct session.save_path. 2.Cookie problem: Make sure the cookie is set correctly. 3.Session expires: Adjust session.gc_maxlifetime value to extend session time.

How do you debug session-related issues in PHP?How do you debug session-related issues in PHP?Apr 25, 2025 am 12:12 AM

Methods to debug session problems in PHP include: 1. Check whether the session is started correctly; 2. Verify the delivery of the session ID; 3. Check the storage and reading of session data; 4. Check the server configuration. By outputting session ID and data, viewing session file content, etc., you can effectively diagnose and solve session-related problems.

What happens if session_start() is called multiple times?What happens if session_start() is called multiple times?Apr 25, 2025 am 12:06 AM

Multiple calls to session_start() will result in warning messages and possible data overwrites. 1) PHP will issue a warning, prompting that the session has been started. 2) It may cause unexpected overwriting of session data. 3) Use session_status() to check the session status to avoid repeated calls.

How do you configure the session lifetime in PHP?How do you configure the session lifetime in PHP?Apr 25, 2025 am 12:05 AM

Configuring the session lifecycle in PHP can be achieved by setting session.gc_maxlifetime and session.cookie_lifetime. 1) session.gc_maxlifetime controls the survival time of server-side session data, 2) session.cookie_lifetime controls the life cycle of client cookies. When set to 0, the cookie expires when the browser is closed.

What are the advantages of using a database to store sessions?What are the advantages of using a database to store sessions?Apr 24, 2025 am 12:16 AM

The main advantages of using database storage sessions include persistence, scalability, and security. 1. Persistence: Even if the server restarts, the session data can remain unchanged. 2. Scalability: Applicable to distributed systems, ensuring that session data is synchronized between multiple servers. 3. Security: The database provides encrypted storage to protect sensitive information.

How do you implement custom session handling in PHP?How do you implement custom session handling in PHP?Apr 24, 2025 am 12:16 AM

Implementing custom session processing in PHP can be done by implementing the SessionHandlerInterface interface. The specific steps include: 1) Creating a class that implements SessionHandlerInterface, such as CustomSessionHandler; 2) Rewriting methods in the interface (such as open, close, read, write, destroy, gc) to define the life cycle and storage method of session data; 3) Register a custom session processor in a PHP script and start the session. This allows data to be stored in media such as MySQL and Redis to improve performance, security and scalability.

What is a session ID?What is a session ID?Apr 24, 2025 am 12:13 AM

SessionID is a mechanism used in web applications to track user session status. 1. It is a randomly generated string used to maintain user's identity information during multiple interactions between the user and the server. 2. The server generates and sends it to the client through cookies or URL parameters to help identify and associate these requests in multiple requests of the user. 3. Generation usually uses random algorithms to ensure uniqueness and unpredictability. 4. In actual development, in-memory databases such as Redis can be used to store session data to improve performance and security.

How do you handle sessions in a stateless environment (e.g., API)?How do you handle sessions in a stateless environment (e.g., API)?Apr 24, 2025 am 12:12 AM

Managing sessions in stateless environments such as APIs can be achieved by using JWT or cookies. 1. JWT is suitable for statelessness and scalability, but it is large in size when it comes to big data. 2.Cookies are more traditional and easy to implement, but they need to be configured with caution to ensure security.

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

SecLists

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

SublimeText3 Linux new version

SublimeText3 Linux new version

SublimeText3 Linux latest version

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)