php - 无法获取用于使用 PHP cURL 登录的 .ASPXAUTH cookie 值

Question

我几乎 100% 确定我已准备好互联网上所有包含关键字 asp login curl php .ASPXAUTH 的帖子，但我一直无法找到解决方案。虽然我更像是一个代码黑客而不是优雅的开发人员，所以我希望有人能帮助我。

我有一个 curl 脚本，可以登录到另外两个网站，以便在成功登录后提交表单。但是，我最近尝试将此脚本的变体用于第三个网站。它的工作原理是在登录后返回第一页，但随后它会将任何进一步的 cURL 调用视为我尚未登录。我发现(我认为)这与未设置 .ASPXAUTH cookie 有关。我的 cURL 代码中确实有一个 cookiefile 和 cookiejar 设置，它成功捕获了 .ASP.NET_SessionID，但没有捕获 .ASPXAUTH cookie。

我注意到，当我观看“实时 HTTP header ”时，我可以在 header 中看到 .ASPXAUTH cookie 值，但我无法让我的 cURL 脚本很容易地返回带有此 set-cookie 的 header 。登录后似乎在 302 上设置了 cookie，cURL 没有正确处理这个问题。所以我关闭了 CURLOPT_FOLLOWLOCATION 并试图自己处理重定向，但我仍然无法正确处理(服务器返回一个非常奇怪的重定向 url，我认为我没有正确完成这部分操作)

但如果有人能帮助我，我将不胜感激......

这是我的代码:

    //setup Curl
  $cookiename = substr($from,4,5);
  $cookiefile = $cookiename . ".txt";
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
  curl_setopt($ch, CURLOPT_HEADER, 1); 
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (Windows; MSIE 6.0; U; Windows NT 5.1)");
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
  curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiefile);
  curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile);

  //read login page
  curl_setopt($ch, CURLOPT_URL, "Login.aspx"); 
  $result = curl_exec ($ch);

  echo $result;



  // extract values for hidden form fields __REQUESTDIGEST __VIEWSTATE __EVENTVALIDATION fields

  //extract __REQUESTDIGEST
  $start = strpos($result,"id=\"__REQUESTDIGEST\" value=\"") + 28;
  $end = $start + 157;
  $rdigest = substr($result  , $start  , $end - $start );

  //extract __VIEWSTATE
  $start = strpos($result,"id=\"__VIEWSTATE\" value=\"") + 24;
  $end = $start + 16300;
  $vstate = substr($result  , $start  , $end - $start );
  $vstate = urlencode($vstate);

  //extract __EVENTVALIDATION
  $start = strpos($result,"id=\"__EVENTVALIDATION\" value=\"") + 30;
  $end = $start + 120;
  $event = substr($result  , $start  , $end - $start );
  $event = urlencode($event);


  //set login form values and login

  //curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_REFERER, 'Login.aspx');
  curl_setopt($ch, CURLOPT_HEADER, 1);
  curl_setopt($ch, CURLOPT_POSTFIELDS, '__REQUESTDIGEST=' . $rdigest . '&__VIEWSTATE=' . $vstate . '&__EVENTVALIDATION=' . $event . '&UserName=' . $from . '&Password=' . $password);
  $result = curl_exec ($ch);

  echo $result;

  //extract __redirect
  $start = strpos($result,"Location:") + 10;
  $end = strpos($result,".aspx") +5;
  $redirect = substr($result  , $start  , $end - $start );
                $redirect = "https://www.domain.com/" . $redirect;

  echo $redirect ."<br /><br />";

  echo $result;

  curl_setopt($ch, CURLOPT_URL, $redirect);
  $result = curl_exec ($ch);

  echo $result;

这是输出:

    //Login page headers
HTTP/1.1 200 OK Date: Tue, 30 Nov 2010 12:57:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Cache-Control: no-cache Pragma: no-cache Expires: -1 Content-Type: text/html; charset=utf-8 Content-Length: 81835 
//Login page body

Submit login page headers
HTTP/1.1 100 Continue HTTP/1.1 302 Found Date: Tue, 30 Nov 2010 13:40:30 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Location: /(F(RZPDiDBb9OPbTuBnj2RAgH8KglRdj4B4u8trRMpa6QbBjff4evKMtHnOFNyX046Xdr33PZA3-6dHoZjxQpeZ7aNTevF75gArtpeScCjE9fI1))/default.aspx Set-Cookie: ASP.NET_SessionId=bhugr045cyybck45xvhpeb55; path=/; HttpOnly Cache-Control: no-cache Pragma: no-cache Expires: -1 Content-Type: text/html; charset=utf-8 Content-Length: 82196


//Redirect page body

//The login page body is displayed again

//More headers
HTTP/1.1 100 Continue HTTP/1.1 500 Internal Server Error Date: Tue, 30 Nov 2010 13:29:05 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 3026 

//Error message from server
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine. 

Answer 1

我将我的 useragent 行更新为不同的用户代理，然后 .ASPXAUTH cookie 突然在 cookie 文件中正确(并自动)设置了 :)

换句话说，我改变了这一行:

curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (Windows; MSIE 6.0; U; Windows NT 5.1)");

为此:

curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729)");

现在两个 cookie 都由 curl 自动设置 - 没问题。

万岁!