所有测试均可以在postman中完成,登录后Location页面正确显示。
但是,当邮递员输出为 php-curl 时:
<?php
include('php/simple_html_dom.php');
$username = 'username';
$password = 'password';
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://somesite.com/',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 10,
CURLOPT_ENCODING => '',
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_MAXREDIRS => 10,
CURLOPT_CUSTOMREQUEST => 'GET',
CURLOPT_HEADER => false,
CURLOPT_NOBODY => false,
// CURLOPT_COOKIE => '',
CURLOPT_COOKIEJAR => dirname(__FILE__) .'/cookie.txt',
CURLOPT_COOKIEFILE => dirname(__FILE__) .'/cookie.txt',
CURLOPT_USERAGENT=> 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36',
// CURLOPT_HTTPHEADER => array('Transfer-Encoding: chunked')
));
$response = curl_exec($curl);
// echo $response;
// exit();
$html = str_get_html($response);
$htmlFormData= [];
foreach($html->find('input') as $input) {
$htmlFormData[$input->name]=$input->value;
}
foreach($html->find('#header h3') as $h3) {
if($h3->plaintext === 'Login'){//when page title is Login
$htmlFormData['DES_Group'] = 'LOGIN';
$htmlFormData['DES_JSE'] = '1';
$htmlFormData['ctl00$ctl00$plcMain$contentMain$ucLogin$ctlAccountNumber$txtText'] = $username;
$htmlFormData['ctl00$ctl00$plcMain$contentMain$ucLogin$ctlAuthorisationCode$txtText'] = $password;
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://somesite.com/',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_HEADER => true,
CURLOPT_NOBODY => false,
// CURLOPT_POSTREDIR => 0,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_COOKIEJAR => dirname(__FILE__) .'/cookie.txt',
CURLOPT_COOKIEFILE => dirname(__FILE__) .'/cookie.txt',
CURLOPT_POSTFIELDS => http_build_query($htmlFormData),
CURLOPT_HTTPHEADER => array('Content-Type: application/x-www-form-urlencoded')
));
$response = curl_exec($curl);
$httpCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
$effectiveUrl = curl_getinfo($curl, CURLINFO_EFFECTIVE_URL);
echo "HTTP Code: ".$httpCode."<br>";
echo "Effective URL: ".$effectiveUrl."<br>";
echo $response;
}else{
echo "Logged!. cookie.txt already contains .ASPXFORMSAUTH";
}
}
返回以下响应头:
HTTP Code: 411
Effective URL: https://somesite.com/booking/
HTTP/1.1 302 Found
Date: Sun, 20 Oct 2024 00:00:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 126
Connection: keep-alive
Set-Cookie: AWSALB=xMfAME0xDTNJ17NWiuA4syXcTE0CUWzRqUO63dFLazoxuBPtYZfVAYsolxrmOUMgzRADJXDq; Expires=Sun, 27 Oct 2024 00:00:40 GMT; Path=/
Set-Cookie: AWSALBCORS=xMMUBtfAMA4syXcTE0CUWDiPktKmavB8VuIhLM2eLGPw+tEzoxuBPsolxrmOUMgzRX1P2QKADJXDq; Expires=Sun, 27 Oct 2024 00:00:40 GMT; Path=/; SameSite=None; Secure
Cache-Control: private, no-store, must-revalidate
Location: /booking/
X-FRAME-OPTIONS: SAMEORIGIN
Set-Cookie: CMSPreferredUICulture=en-nz; expires=Mon, 20-Oct-2025 00:00:43 GMT; path=/
Set-Cookie: .ASPXFORMSAUTH=AD600CA697E4A07EB134CF9F12813F736914DC94F2164A4A9A19BC42ABF845597F0231A83917EA97B399; path=/; HttpOnly
Set-Cookie: TS01c9af0a=0117e34adee26391d0af81086688506aff9d5cec88ee47f19d31f9cdd4e2d070d876c3689d8d9; Path=/; Secure; HTTPOnly
HTTP/1.1 411 Length Required
Date: Sun, 20 Oct 2024 00:00:44 GMT
Content-Type: text/html; charset=us-ascii
Content-Length: 344
Connection: keep-alive
Set-Cookie: AWSALB=oTIj1ThOZyA7Bz8OBtcjVdgcb6+oGq3Annmnng9+XCFsipA1vSVA24NPMiWOT4D3v25UvuE+XtHHd; Expires=Sun, 27 Oct 2024 00:00:43 GMT; Path=/
Set-Cookie: AWSALBCORS=oTIj1ThOZyA7Bz8DAIQB/8OHS8U60WjnmloGq3Annmnng9+XCFsipA1vST/i9yr9NPMiWOT4D3v25UI4JFFdvuE+XtHHd; Expires=Sun, 27 Oct 2024 00:00:43 GMT; Path=/; SameSite=None; Secure
Set-Cookie: TS01c9af0a=0117e34adee263913af8108668cec892bd9209d31f9cdd4e2dec5070d876c3689d8d9; Path=/; Secure; HTTPOnly
如果设置“CURLOPT_FOLLOWLOCATION = false”,然后再次手动请求URL('https://somesite.com/'),登录后我可以正确跳转到页面。
curl的第一个POST登录请求是提交表单。这里Curl会自动添加Content-length并返回302重定向。 无法在第一个curl中设置重定向参数。 我尝试再次手动请求重定向地址,并且在没有设置 Content-length 的情况下返回了正确的页面。
根据 Fetch 标准,这是预期行为。来自 302 响应的任何重定向请求都应转换为
GET服务器应响应 307 以保持
POST如果您无法控制服务器的响应,则必须使用手动路由。