Of Stack

PHP uses curl to imitate the method of users logging in to Sina Weibo and sending Weibo

  • 2021-07-26 07:15:34
  • OfStack

This article describes the example of PHP using curl to imitate the user login Sina Weibo to send micro-blog method. Share it for your reference. The specific implementation method is as follows:

Now we will use PHP curl function to imitate user login with php, because only it can visit other people's websites like user 1. The following is an example of curl login to Sina Weibo.

The day before yesterday received a demand to simulate landing micro-blog and then send micro-blog, before doing a lot of simulated logging Ali mother, WeChat, and some other internal systems, so far there is no login, haha, so there is no when a thing, but when the analysis of Sina landing process just feel the pressure
Encounter sha1 (sha1 (sha1 (pwd)). once.servertime), definitely can't use, mainly make this encryption algorithm can't be done, so the password can't be done, don't talk about logging in, and then look for various codes on the Internet, and get nothing for one hour.
Is it true that I can log in to Sina mailbox or other Sina products with Weibo's account password? I feel very hopeful. Indeed, Weibo's account can directly log in to all Sina products. I am already in the login state when I visit Weibo again. What is the use of this?

In fact, it is very useful. The technology invested by a large company in a project has a lot to do with the profit and prospect of this project. He can spend a lot of thoughts on Weibo, but others are not fixed. It is not easy to say if the password of that place is not encrypted. (PS: Interested in network security, This method is called side note for hackers. The side note is, When hackers attack a website, This website is very safe. There are no known vulnerabilities, Difficult to break, so hackers will look for other websites under the server of this website, and then find one that is easier to break, hang horses through this website, shell, raise power, and then the target website will fall, thinking that it is in the same server, so... The goal is to get the target station, no matter which method is as long as it is taken down, and there is no slutty idea)

https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.15) & _ = 1403138799543 Simply grab the package and find that the password is not encrypted. Can't we simulate login? Well, actually, it's a little early to be happy here
Log in to Sina first, and the code will be done in minutes. Returns an json array 

$password = $p;

$username = base64_encode($u);

$loginUrl = 'https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.15)&_=1403138799543';

$loginData['entry'] = 'sso';

$loginData['gateway'] = '1';

$loginData['from'] = 'null';

$loginData['savestate'] = '30';

$loginData['useticket'] = '0';

$loginData['pagerefer'] = '';

$loginData['vsnf'] = '1';

$loginData['su'] = base64_encode($u);

$loginData['service'] = 'sso';

$loginData['sp'] = $password;

$loginData['sr'] = '1920*1080';

$loginData['encoding'] = 'UTF-8';

$loginData['cdult'] = '3';

$loginData['domain'] = 'sina.com.cn';

$loginData['prelt'] = '0';

$loginData['returntype'] = 'TEXT';

//var_dump($loginData);exit;

$login = json_decode(loginPost($loginUrl,$loginData),true);

var_dump($login);exit;function loginPost($url,$data){

global $cookie_file ;

//echo $cookie_file ;exit;

$tmp = '';

if(is_array($data)){

foreach($data as $key =>$value){

$tmp .= $key."=".$value."&";

}

$post = trim($tmp,"&");

}else{

$post = $data;

}

$ch = curl_init();

curl_setopt($ch,CURLOPT_URL,$url); 

curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); 

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

curl_setopt($ch,CURLOPT_POST,1);

curl_setopt($ch,CURLOPT_POSTFIELDS,$post);

curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file);

curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file);

$return = curl_exec($ch);

$info = curl_getinfo($ch);

curl_close($ch);

return $return;

}

What is returned is that 1 json data can be converted into an array 

array (size=4)

  'retcode' => string '0' (length=1)

  'uid' => string '1920109964' (length=10)

  'nick' => string ' Grandpa Bi tells stories ' (length=18)

  'crossDomainUrlList' => 

    array (size=2)

      0 => string 'https://passport.weibo.com/wbsso/login?ticket=ST-MTkyMDEwOTk2NA%3D%3D-1403228192-gz-AB37DC0C18BA3BFCD90AEFAC6115149D&ssosavestate=1434764192' (length=140)

      1 => string 'https://crosdom.weicaifu.com/sso/crosdom?action=login&savestate=1434764192' (length=74)

This time shows that we have successfully logged in, but in fact, the address of our Weibo homepage is not weibo or com, but http://weibo.com/bipeng0405/home? wvr = 5 This address, how do we get this address, very simple, directly grab weibo. com then he will automatically jump back to you, you just need to record the jump address can be 

$ch = curl_init();

curl_setopt($ch,CURLOPT_URL,"http://weibo.com"); 

curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); 

curl_setopt($ch,CURLOPT_COOKIEFILE, $cookie_file); 

curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file); 

$return = curl_exec($ch);

$info = curl_getinfo($ch);

curl_close($ch);

There is another problem here. At this time, you may find that you didn't jump to the homepage of your own Weibo. What is the reason? You can see that there are two connection addresses when you log in, including one address under weibo domain. Guess that cookie should be set, so get one side first. 

get($login['crossDomainUrlList'][0]);

This code should be obtained before weibo. com just now, otherwise there will be problems.

I hope this article is helpful to everyone's PHP programming.

Related articles: