Detailed explanation of php curl with csrf-token verification simulation submission example

This time I will bring you a detailed explanation of php curl with csrf-token verification simulation submission example, php curl with csrf-token verification simulation submission What are the precautions , the following is a practical case, one Get up and take a look.

1. Obtain the token through regular expressions
2. Bring the obtained token to simulate submission

The following is a successful example

Table of Contents Structure

│ form.php –需要模拟的表单 
│ getForm.php – 模拟提交程序 
│ post.php –表单验证程序 
│ 
└─cookie – cookie存放目录

getForm.php

<?php
$cookie_file = &#39;./cookie/&#39;.time().&#39;.cookie&#39;;
$str = getResponse(&#39;http://a.curl.com:81/form.php&#39;,[],$cookie_file);
setcookie("PHPSESSID", "vc0heoa6lfsi3gger54pkns152");
preg_match(&#39;/<input name="token" type="hidden" value="(.*)"/U&#39;, $str, $match);
$post[&#39;token&#39;] = $match[1];
$post[&#39;name&#39;] = &#39;3333333&#39;;
$post[&#39;password&#39;] = &#39;12121213&#39;;
print_r(getResponse(&#39;http://a.curl.com:81/post.php&#39;, $post, $cookie_file));
function getResponse($url, $data=[], $cookie_file=&#39;&#39;, $timeout = 3)
  {
    if(empty($cookie_file))
    {
      $cookie_file = &#39;.cookie&#39;;
    }
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_REFERER, "https://www.baidu.com");  //构造来路
    curl_setopt($ch, CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36");
    if(!empty($data))
    {
      curl_setopt($ch, CURLOPT_POST, true);
      curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
    }
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file);// 取cookie的参数是
    curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie_file); //发送cookie
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
    try
    {
       $handles = curl_exec($ch);
       curl_close($ch);
       return $handles;
    }
    catch (Exception $e)
    {
      echo &#39;Caught exception: &#39;, $e->getMessage(), "\n";
    }
    unlink($cookie_file);
  }

form.php

<?php
session_start();
$_SESSION[&#39;token&#39;] = md5($_SERVER[&#39;REQUEST_TIME&#39;]);
$_SESSION[&#39;time&#39;] = date("Y-m-d H:i:s");
session_write_close();
//echo $_SESSION[&#39;auth&#39;];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title> new document </title>
 <meta name="generator" content="editplus" />
 <meta name="author" content="" />
 <meta name="keywords" content="" />
 <meta name="description" content="" />
 </head>
 <body>
<form action="post.php" method="post">
  <p><input name="name" type="text"></p>
  <p><input name="password" type="password"></p>
  <p><input name="token" type="hidden" value="<?php echo $_SESSION[&#39;token&#39;]?>"></p>
  <p><input type="submit"></p>
</form>
 </body>
</html>

post.php

<?php
session_start();
if(empty($_POST[&#39;token&#39;]))
{
  exit ("token is empty!");
}
if(empty($_SESSION[&#39;token&#39;]))
{
 exit ("session is empty");
}
if($_POST[&#39;token&#39;] != $_SESSION[&#39;token&#39;])
{
  exit ("token ");
} else
{
  unset($_SESSION[&#39;token&#39;]);
}
echo PHP_EOL;
echo "pass";
print_r($_REQUEST);
echo PHP_EOL;
print_r($_SERVER);

I believe you will read the case in this article You have mastered the method. For more exciting information, please pay attention to other related articles on the php Chinese website!

Recommended reading:

Detailed explanation of the use of PHP bubble sort

Detailed explanation of the steps of the depth and breadth first traversal algorithm for binary trees in PHP

The above is the detailed content of Detailed explanation of php curl with csrf-token verification simulation submission example. For more information, please follow other related articles on the PHP Chinese website!