Я пытаюсь сделать запрос PHP Curl для сайта, который, по-видимому, защищен от межсайтовой фальсификации и сделал все возможное, чтобы отредактировать заголовки, параметры и файлы cookie, чтобы они походили на браузер, но я все еще продолжаю получать ОШИБКУ 400 (Неверный запрос) Пожалуйста, я хотел бы знать, как заставить это работать с php curl. Приведенный ниже код работает на месте с защитой crsf и без нее, но не работает в том, к которому я сейчас пытаюсь получить доступ.

        $url="https://candidate.scholastica.ng/candidate/login";        
        $cookie_file_path = "cookie.txt";

        // I first load the page to save the cookie and the request token
        // Below are the required curl settings that works in other sites
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_HEADER, 1);
        curl_setopt($ch, CURLOPT_NOBODY, false);
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

        curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
        //set the cookie the site has for certain features, this is optional
        // curl_setopt($ch, CURLOPT_COOKIE, "cookiename=0");
        curl_setopt($ch, CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0");
        curl_setopt($ch, CURLOPT_ENCODING,'gzip, deflate');
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        // curl_setopt($ch, CURLOPT_REFERER, "http://www.google.com/bot.html");
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
        $headers = array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) 
    Gecko/20061025 Firefox/1.5.0.8","origin:http://www.google.com/bot.html","accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9", "accept-language:en-US,en;q=0.5","accept-encoding:gzip, deflate","connection:keep-alive","upgrade-insecure-requests:1","keep-alive:300","accept-charset:ISO-8859-1,utf-8;q=0.7,*;q=0.7");

        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
        curl_setopt($ch, CURLOPT_POST, 1);
        // curl_setopt($ch, CURLOPT_POSTFIELDS, "");
        $details = curl_exec($ch);// I load the Page containing the form

       // I remove all newline and return statements from the form to make my regex simple for me
        $pattern = '/\r\n*/m';
        $replace = '';
        $details = preg_replace( $pattern, $replace, $details);

        // Regular Expression to grab request token from form page
        $pattern = '/<input.+?name="__RequestVerificationToken".+?value="(.*?)".+?>/m';
        preg_match($pattern, $details, $matches);
        $token = $matches[1];

         // I set up urlencoded post form values and get content length
        $field1 = urlencode("__RequestVerificationToken") ."=". urlencode($token);
        $field2 = urlencode("Username") ."=". urlencode("example@gmail.com");
        $field3 = urlencode("Pwd") ."=". urlencode("examplepassword");
        $fields = "{$field1}&{$field2}&{$field3}";
        $content_length = strlen($fields);


        curl_setopt($ch, CURLOPT_HEADER, 1);
        curl_setopt($ch, CURLOPT_NOBODY, false);
        curl_setopt($ch, CURLINFO_HEADER_OUT, true);
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
        curl_setopt($ch, CURLOPT_POST, 1);
        // $headers = array("Host:candidate.scholastica.ng",
            // "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0",

         //I Modify header to add content length 
        $headers = array("Host:candidate.scholastica.ng","User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0","Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8","Accept-Language:en-US,en;q=0.5","Accept-Encoding:gzip, deflate, br","Connection:keep-alive","Upgrade-Insecure-Requests:1","Origin:https://candidate.scholastica.ng","Referer:https://candidate.scholastica.ng/candidate/login","content-type:application/x-www-form-urlencoded","TE:Trailers","content-length:{$content_length}");

         // I assign the headers and set the post fields
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        curl_setopt($ch, CURLOPT_HEADER, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
        I make request with existing curl thereby sending back the set cookie
        $details = curl_exec($ch);
        echo $details;

        curl_close($ch);

Это по-прежнему возвращает неверный запрос Ваш ответ будет высоко оценен

0
Ravened writer