发表于 2021-01-09 16:51:27 by 月小升
php模拟了session以后,其实对验证码也一样有效。其中的核心原理就是利用登陆,来读取cookie或者Session
session_login.php 源码,一个简单的需要登陆,记录session的页面
<?php
$act = $_GET['act'];
if($act=='login'){
session_start();
//这里用写死的账户和密码来替代数据库判断
if($_POST['name']=="java-er.com" && $_POST['pwd']=="123456"){
$_SESSION['mytest']="java-er.com";
echo "Session Login Success!";//Session登录成功了
}else{
echo "Session Login Failed!";
}
}
?>
<form action="?act=login" method="POST">
<input type=text value="" name="name">
<input type=password value="" name="pwd">
<input type=submit value="login in ">
</form> |
<?php
$act = $_GET['act'];
if($act=='login'){
session_start();
//这里用写死的账户和密码来替代数据库判断
if($_POST['name']=="java-er.com" && $_POST['pwd']=="123456"){
$_SESSION['mytest']="java-er.com";
echo "Session Login Success!";//Session登录成功了
}else{
echo "Session Login Failed!";
}
}
?>
<form action="?act=login" method="POST">
<input type=text value="" name="name">
<input type=password value="" name="pwd">
<input type=submit value="login in ">
</form>
登陆以后和不登陆session_index.php
<?php
session_start();
$login = $_SESSION['mytest'];
if($login!='java-er.com'){
echo "Session! Sorry, Please Login";
}else{
echo "Session! Welcome, ".$login;
}
?> |
<?php
session_start();
$login = $_SESSION['mytest'];
if($login!='java-er.com'){
echo "Session! Sorry, Please Login";
}else{
echo "Session! Welcome, ".$login;
}
?>
test_session.php这个文件来请求一个登陆页面,POST账户和密码给session_login.php来获取cookie_jar 然后session传递给下一个页面 session_index.php
test_session.php源代码
<?php
ini_set('display_errors','1');
ignore_user_abort();
set_time_limit(0);
$cookie_path='./';
$vars['name']='java-er.com';
$vars['pwd']='123456';
$method_post=true;
$url='http://localhost/DEMO/SessionTest/session_login.php?act=login';
$ch=curl_init();
$params[CURLOPT_URL]=$url;
$params[CURLOPT_HEADER]=0;//是否显示http头信息
$params[CURLOPT_RETURNTRANSFER]=true;
$params[CURLOPT_FOLLOWLOCATION]=0;
$params[CURLOPT_USERAGENT]='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0';
//$params[CURLOPT_SSL_VERIFYPEER]=false;
//$params[CURLOPT_SSL_VERIFYHOST]=false;
$postfields='';
foreach($vars as $k=>$v){
$postfields.=urlencode($k).'='.urlencode($v).'&';
}
$params[CURLOPT_POST]=true;
$params[CURLOPT_POSTFIELDS]=$postfields;
if(isset($_COOKIE['cookie_jar']) && ($_COOKIE['cookie_jar'] || is_file($_COOKIE['cookie_jar']))){
$params[CURLOPT_COOKIEFILE]=$_COOKIE['cookie_jar'];
}else{
$cookie_jar=tempnam($cookie_path,'cookie');//产生一个cookie文件
$params[CURLOPT_COOKIEJAR]=$cookie_jar;//写入cookie信息
setcookie('cookie_jar',$cookie_jar);//保存cookie路径
}
curl_setopt_array($ch,$params);
$content=curl_exec($ch);
var_dump(strip_tags($content));
//第二步, 利用读取的cookie来请求需要Session登陆的页面
$params[CURLOPT_FOLLOWLOCATION]=true;
$nexturl='http://localhost/DEMO/SessionTest/session_index.php';
$params[CURLOPT_URL]=$nexturl;
$params[CURLOPT_POSTFIELDS]='';
curl_setopt_array($ch,$params);
$content=curl_exec($ch);
echo strip_tags($content);
curl_close($ch);
?> |
<?php
ini_set('display_errors','1');
ignore_user_abort();
set_time_limit(0);
$cookie_path='./';
$vars['name']='java-er.com';
$vars['pwd']='123456';
$method_post=true;
$url='http://localhost/DEMO/SessionTest/session_login.php?act=login';
$ch=curl_init();
$params[CURLOPT_URL]=$url;
$params[CURLOPT_HEADER]=0;//是否显示http头信息
$params[CURLOPT_RETURNTRANSFER]=true;
$params[CURLOPT_FOLLOWLOCATION]=0;
$params[CURLOPT_USERAGENT]='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0';
//$params[CURLOPT_SSL_VERIFYPEER]=false;
//$params[CURLOPT_SSL_VERIFYHOST]=false;
$postfields='';
foreach($vars as $k=>$v){
$postfields.=urlencode($k).'='.urlencode($v).'&';
}
$params[CURLOPT_POST]=true;
$params[CURLOPT_POSTFIELDS]=$postfields;
if(isset($_COOKIE['cookie_jar']) && ($_COOKIE['cookie_jar'] || is_file($_COOKIE['cookie_jar']))){
$params[CURLOPT_COOKIEFILE]=$_COOKIE['cookie_jar'];
}else{
$cookie_jar=tempnam($cookie_path,'cookie');//产生一个cookie文件
$params[CURLOPT_COOKIEJAR]=$cookie_jar;//写入cookie信息
setcookie('cookie_jar',$cookie_jar);//保存cookie路径
}
curl_setopt_array($ch,$params);
$content=curl_exec($ch);
var_dump(strip_tags($content));
//第二步, 利用读取的cookie来请求需要Session登陆的页面
$params[CURLOPT_FOLLOWLOCATION]=true;
$nexturl='http://localhost/DEMO/SessionTest/session_index.php';
$params[CURLOPT_URL]=$nexturl;
$params[CURLOPT_POSTFIELDS]='';
curl_setopt_array($ch,$params);
$content=curl_exec($ch);
echo strip_tags($content);
curl_close($ch);
?>
本地进行php执行
/bin/php test_session.php
string(33) "Session Login Success!
"
Session! Welcome, java-er.com |
/bin/php test_session.php
string(33) "Session Login Success!
"
Session! Welcome, java-er.com
我们看到成功的读取了登陆后的结果
本地文件夹出现一个文件 cookiehY0cBE
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
localhost FALSE / FALSE 0 PHPSESSID r19bjc4ek0s1qt1o76p32b3il2 |
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
localhost FALSE / FALSE 0 PHPSESSID r19bjc4ek0s1qt1o76p32b3il2
这个文件记录了session的PHPSESSID.
备注1:这个方法改用php header 读取到的PHPSESSID传送给session_index.php 一样有效。
备注2:这个方法对于不用session记录客户登陆,用Cookie的办法也一样有效
This entry was posted in
PHP and tagged
cookie,
cookie_jar,
session,
登陆,
验证码. Bookmark the
permalink.
月小升QQ 2651044202, 技术交流QQ群 178491360
首发地址:
月小升博客 –
https://java-er.com/blog/php-cookie-jar-session-login/
无特殊说明,文章均为月小升原创,欢迎转载,转载请注明本文地址,谢谢
您的评论是我写作的动力.