Ich habe viele Tutorials und Fragen bearbeitet, kann aber immer noch nicht herausfinden, warum ich '403 Forbidden' bekomme, wenn ich versuche, mich mit cURL und PHP in eine Website einzuloggen . Die Website-Anmeldung ist in Frage: https://science.swansea.ac.uk/intranet/accounts/login/.PHP + cURL website login '403 Verboten'
Die erste Anfrage funktioniert (Code 200) und der Cookie wird in der Datei gespeichert. Ich streiche dann dieses Plätzchen und füge es dem Postformular wie erforderlich hinzu.
Auch muss ich hinzufügen, dass ich dieses PHP-Skript auf einem Localhost-WAMP-Server ausführen, wenn das ein Problem sein könnte?
Wenn mir jemand in die richtige Richtung zeigen kann, wäre das großartig, da ich schon seit einiger Zeit daran arbeite, ohne Ergebnis.
PHP + cURL Code:
<?php
$base_url = 'https://science.swansea.ac.uk/intranet/accounts/login/?next=/intranet/';
$login_url = 'https://science.swansea.ac.uk/intranet/accounts/login/';
$user_agent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36";
$username = '*******';
$password = '*******';
$cookie = 'cookie.txt';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $base_url);
curl_setopt($ch, CURLOPT_USERAGENT,$user_agent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,true);
curl_setopt($ch, CURLOPT_AUTOREFERER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip, deflate, br');
curl_setopt($ch, CURLOPT_COOKIEJAR, realpath($cookie));
curl_setopt($ch, CURLOPT_COOKIEFILE, realpath($cookie));
curl_setopt($ch, CURLOPT_TIMEOUT,30);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_STDERR, fopen(realpath("verbose.txt"), 'w'));
$resp = curl_exec($ch);
var_dump($resp);
$headers = array(
'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'Connection: keep-alive',
'Cache-Control: max-age=0',
'Origin: https://science.swansea.ac.uk',
'Upgrade-Insecure-Requests: 1',
'Referer: https://science.swansea.ac.uk/intranet/accounts/login/?next=/intranet/',
'Accept-Language: en-US,en;q=0.8'
);
// Strip cookie to get token
$csrfmiddlewaretoken = explode('csrftoken', file_get_contents(realpath($cookie)));
$csrfmiddlewaretoken = trim($csrfmiddlewaretoken[1]);
$csrfmiddlewaretoken = substr($csrfmiddlewaretoken, 0, strpos($csrfmiddlewaretoken, "#"));
$post = array(
'csrfmiddlewaretoken' => $csrfmiddlewaretoken,
'username' => $username,
'password' => $password,
'next' => "/intranet/"
);
curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
// Add headers
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
//Set headers out for debug
// curl_setopt($ch, CURLINFO_HEADER_OUT, true);
$exec = curl_exec($ch);
echo($exec);
$info = curl_getinfo($ch);
$hinfo = curl_getinfo($ch, CURLINFO_HEADER_OUT);
if ($info['http_code'] != 200) {
echo "Login failed! HTTP code {$info['http_code']}<br>\n";
var_dump($exec);
// Echo post params
$params= http_build_query($post);
$params = str_replace("%0D%0A", '', $params);
echo("$params <br>\n");
echo($hinfo);
exit;
}
echo "Login successful!<br>\n";
// you are now logged in, use $ch to request pages as the logged in user
$url = $base_url;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 0);
$account = curl_exec($ch);
?>
Verbose Output:
* Trying 137.44.2.221...
* Connected to science.swansea.ac.uk (137.44.2.221) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* NPN, negotiated HTTP1.1
* SSL connection using TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: C=GB; ST=West Glamorgan; L=SWANSEA; O=Swansea University; OU=College of Science; CN=science.swansea.ac.uk
* start date: Apr 29 11:54:39 2016 GMT
* expire date: Apr 29 11:54:36 2019 GMT
* issuer: C=BM; O=QuoVadis Limited; CN=QuoVadis Global SSL ICA G2
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> GET /intranet/accounts/login/?next=/intranet/ HTTP/1.1
Host: science.swansea.ac.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept: */*
Accept-Encoding: gzip, deflate, br
Cookie: csrftoken=BNmrRv29juCijlFX63mpMkzkL4pO2x67; sessionid=unanto4vhu3k4s3cz3ngyjfq5zloihjr
< HTTP/1.1 200 OK
< Date: Thu, 19 Jan 2017 21:24:10 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Server: gunicorn/0.17.2
< Last-Modified: Thu, 19 Jan 2017 21:24:10 GMT
< Expires: Thu, 19 Jan 2017 21:24:10 GMT
< Vary: Cookie
< Cache-Control: max-age=0
* Replaced cookie csrftoken="BNmrRv29juCijlFX63mpMkzkL4pO2x67" for domain science.swansea.ac.uk, path /intranet/, expire 1516310650
< Set-Cookie: csrftoken=BNmrRv29juCijlFX63mpMkzkL4pO2x67; expires=Thu, 18-Jan-2018 21:24:10 GMT; Max-Age=31449600; Path=/intranet/; secure
* Replaced cookie sessionid="unanto4vhu3k4s3cz3ngyjfq5zloihjr" for domain science.swansea.ac.uk, path /intranet/, expire 1485033850
< Set-Cookie: sessionid=unanto4vhu3k4s3cz3ngyjfq5zloihjr; expires=Sat, 21-Jan-2017 21:24:10 GMT; httponly; Max-Age=172800; Path=/intranet/; secure
< Content-Encoding: gzip
<
* Connection #0 to host science.swansea.ac.uk left intact
* Found bundle for host science.swansea.ac.uk: 0x264f6c800d0 [can pipeline]
* Re-using existing connection! (#0) with host science.swansea.ac.uk
* Connected to science.swansea.ac.uk (137.44.2.221) port 443 (#0)
> POST /intranet/accounts/login/ HTTP/1.1
Host: science.swansea.ac.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept-Encoding: gzip, deflate, br
Cookie: csrftoken=BNmrRv29juCijlFX63mpMkzkL4pO2x67; sessionid=unanto4vhu3k4s3cz3ngyjfq5zloihjr
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
Cache-Control: max-age=0
Origin: https://science.swansea.ac.uk
Upgrade-Insecure-Requests: 1
Referer: https://science.swansea.ac.uk/intranet/accounts/login/
Accept-Language: en-US,en;q=0.8
Content-Length: 140
Content-Type: application/x-www-form-urlencoded
* upload completely sent off: 140 out of 140 bytes
< HTTP/1.1 403 FORBIDDEN
< Date: Thu, 19 Jan 2017 21:24:10 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Server: gunicorn/0.17.2
< Vary: Cookie
* Replaced cookie sessionid="unanto4vhu3k4s3cz3ngyjfq5zloihjr" for domain science.swansea.ac.uk, path /intranet/, expire 1485033850
< Set-Cookie: sessionid=unanto4vhu3k4s3cz3ngyjfq5zloihjr; expires=Sat, 21-Jan-2017 21:24:10 GMT; httponly; Max-Age=172800; Path=/intranet/; secure
< Content-Encoding: gzip
<
* Connection #0 to host science.swansea.ac.uk left intact
Ich habe nie eine Locke gesehen, die mit br (Brotli) Kodierungsunterstützung baut. Bist du sicher, dass dein Curl mit br zusammengestellt ist? Wenn nicht, werden Sie in Schwierigkeiten geraten, wenn der Server sich zum ersten Mal entschließt, br encoding zu verwenden. – hanshenrik
Entschuldigung für die späte Antwort @hanshenrik. Diese Brotli-Codierung hatte ich einfach hinzugefügt, als ich meinen Kopf gegen die Wand schlug und versuchte, dies zur Arbeit zu bringen. Danke für den Tipp! –