php - Curl simulates login problem to obtain data

Question

There is now an internal system login page: https://xxxx.xxxx.com/login.jsp,
The account and password are aaa,bbb,
The jump address after login http://xxxx.xxxx.com/system/toIndex.action, there is the following information:

The login form submission address is: http://xxxx.xxxx.com/system/login.action

After logging in with the browser, visit http://xxxx.xxxx.com/org/findAjaxOrgTreeStringByParamsId.action?orgTypeCodeId=30000000,30000003&url=/purOrder/queryOrder.actionYou can obtain json data, as follows information:

Now I use curl.php to simulate login. It seems that I can log in, but I can’t get the data. The result is returned:

{success:true,msg:false,loginone:true,SESSIONID:'E00EE77C97DD4E5BF860A9DB00DA5520',error:'This is your first time logging into the system, please change your password! '}string(16)
"{sessionState:0}"

Is there any way to capture the data?
curl.php code is as follows:

<?php
$post = array(
    'userName' => 'aaa',
    'userPwd' => 'bbb',
);


$url = "http://xxxx.xxxx.com/system/login.action"; //登录地址 

$cookie = dirname(__FILE__) . '/cookie.txt'; //设置cookie保存路径 

$url2 = "http://xxxx.xxxx.com/org/findAjaxOrgTreeStringByParamsId.action?orgTypeCodeId=30000000,30000003&url=/purOrder/queryOrder.action"; //登录后要获取信息的地址 

login_post($url, $cookie, $post); //模拟登录 
$content = get_content($url2, $cookie); //获取$url2的信息
var_dump($content);
@ unlink($cookie); //删除cookie文件 

function login_post($url, $cookie, $post) {
    $curl = curl_init(); //初始化curl模块 
    curl_setopt($curl, CURLOPT_URL, $url); //登录提交的地址 
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);//跳过https验证
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);//跳过https验证
    $UserAgent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 3.5.21022; .NET CLR 1.0.3705; .NET CLR 1.1.4322)';
    curl_setopt($curl, CURLOPT_USERAGENT, $UserAgent);// 使用用户代理
    curl_setopt($curl, CURLOPT_HEADER, 0); //是否显示头信息 
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 0); //是否自动显示返回的信息 
    curl_setopt($curl, CURLOPT_COOKIEJAR, $cookie); //设置Cookie信息保存在指定的文件中 
    curl_setopt($curl, CURLOPT_POST, 1); //post方式提交 
    curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($post)); //要提交的信息 
    curl_exec($curl); //执行cURL 
    curl_close($curl); //关闭cURL资源，并且释放系统资源 
}

function get_content($url, $cookie) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie); //读取cookie 
    $rs = curl_exec($ch); //执行cURL抓取页面内容 
    curl_close($ch);
    return $rs;
}
?>

Answer 1

What is the return after logging in? SetCookie? Why jump to toIndex.action?

toIndex.action page returned two cookies. Is it related to login? These must be analyzed clearly and not taken for granted.

Your code only simulates the login.action request and does not completely match the behavior of the browser. How can you expect the server to give you the same result?

Answer 2

Your login has been implemented, save the cookie, and then use this cookie to request data from other pages (just like the behavior of a browser)

Answer 3

Put UserAgent in the get_content function to simulate normal browser access