Programmatically log in to SSL site with cURL and

2019-08-30 02:32发布

问题:

My alarm company has a personal status page for me, and I want to programmatically log in to the status page to fetch some statuses, using PHP and cURL.

However, the login form uses CSRF, so my initial idea was to scrape the site, getting field values, and submitting them with PHP and cURL, and saving the cookies in a cookie file.

The problem as I understand it, is that the login site is using Backbone, and much content is loaded with JavaScript. So whenever I try to fetch data, I get redirected to the "Select your langauge" page, even if I manage to log in.

The page I try to log in at is https://mypages.verisure.com, and this is the code I currently have:

<?php

$username = 'xx@xx.xx';
$password = 'xx';
$loginUrl = 'https://mypages.verisure.com/j_spring_security_check?locale=no_NO';

// init curl
$ch = curl_init();

// set the url to work with
curl_setopt( $ch, CURLOPT_URL, $loginUrl );

// enable http post
curl_setopt( $ch, CURLOPT_POST, 1 );

// set the post parameters
curl_setopt( $ch, CURLOPT_POSTFIELDS, 'j_username=' . $username . '&j_password=' . $password . '&spring-security-redirect=%2Fno%2Fstart.html' );

// handle cookies for the login
curl_setopt( $ch, CURLOPT_COOKIEJAR, 'cookie.txt');

//Setting CURLOPT_RETURNTRANSFER variable to 1 will force cURL
//not to print out the results of its query.
//Instead, it will return the results as a string return value
//from curl_exec() instead of the usual true/false.
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );

// execute the request
$store = json_decode( curl_exec( $ch ) );

if ( $store->status == 'ok' )
{
    curl_setopt( $ch, CURLOPT_URL, 'https://mypages.verisure.com' . $store->redirectUrl );

    $content = curl_exec( $ch );

    var_dump( $content );
}

?>

The $store variable contains the following:

{
    "status": "ok",
    "redirectUrl": "/no/start.html",
    "message": null
}

Do you have any tips on how to log in on a site that uses SSL and JavaScript.

回答1:

cURL and PHP are probably not the right tools if JavaScript is needed. You might try PhantomJS instead, which is a headless Webkit based browser and can be used to automate interaction with web sites even if JavaScript is involved.