PHP中使用CURL(一)
执行流程:
curl_init()初始化 -> curl_setopt()设置变量 -> curl_exec()获取结果 -> curl_close()释放句柄
Get:
1
2
3
4
5
6
7
|
$ch
= curl_init();
curl_setopt(
$ch
, curlOPT_URL,
"http://www.baidu.com"
);
curl_setopt(
$ch
, curlOPT_RETURNTRANSFER, 1);
curl_setopt(
$ch
, curlOPT_HEADER, 0);
$output
= curl_exec(
$ch
);
curl_close(
$ch
);
print_r(
$output
);
|
Post:
1
2
3
4
5
6
7
8
9
10
|
$url
=
"http://www.yudis.cn/callback.php"
;
$data
= [
"username"
=>
"uname"
];
$ch
= curl_init();
curl_setopt(
$ch
, curlOPT_URL,
$url
);
curl_setopt(
$ch
, curlOPT_RETURNTRANSFER, 1);
curl_setopt(
$ch
, curlOPT_POST, 1);
curl_setopt(
$ch
, curlOPT_POSTFIELDS,
$data
);
$output
= curl_exec(
$ch
);
curl_close(
$ch
);
print_r(
$output
);
|
PHP中使用CURL(二)
https不需要进行ca认证和证书中域名认证
1
2
|
curl_setopt(
$ch
,CURLOPT_SSL_VERIFYHOST,false);
curl_setopt(
$ch
,CURLOPT_SSL_VERIFYPEER,false);
|
例如:
1
2
3
4
5
6
7
|
$ch
=curl_init();
$url
=
'https://www.yudis.cn/callback.html'
;
curl_setopt(
$ch
,CURLOPT_URL,
$url
);
curl_setopt(
$ch
,CURLOPT_RETURNTRANSFER,1);
curl_setopt(
$ch
,CURLOPT_SSL_VERIFYHOST,false);
curl_setopt(
$ch
,CURLOPT_SSL_VERIFYPEER,false);
$ret
=curl_exec(
$ch
);
|
https需要进行ca认证和证书中域名认证
1
2
3
4
|
curl_setopt(
$ch
,CURLOPT_SSL_VERIFYPEER,true);
//只信任CA颁布的证书
$cacert
=
getcwd
().
'/zhenshu.crt'
;
//证书的位置
curl_setopt(
$ch
,CURLOPT_CAINFO,
$cacert
);
//CA根证书
curl_setopt(
$ch
,CURLOPT_SSL_VERIFYHOST,1);
//检查证书中是否设置域名
|
例如:
1
2
3
4
5
6
7
8
9
|
$ch
=curl_init();
$url
=
'https://www.yudis.cn/callback.html'
;
curl_setopt(
$ch
,CURLOPT_URL,
$url
);
curl_setopt(
$ch
,CURLOPT_RETURNTRANSFER,1);
curl_setopt(
$ch
,CURLOPT_SSL_VERIFYPEER,true);
//只信任CA颁布的证书
$cacert
=
getcwd
().
'/zhenshu.crt'
;
//证书的位置
curl_setopt(
$ch
,CURLOPT_CAINFO,
$cacert
);
//CA根证书
curl_setopt(
$ch
,CURLOPT_SSL_VERIFYHOST,1);
//检查证书中是否设置域名
$ret
=curl_exec(
$ch
);
|
PHP中使用CURL(三)
对 post 提交的数据进行 http_build_query处理,然后再send出去,能实现更好的兼容性,更小的请求数据包。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
<?php
/**
* PHP发送Post数据
* @param string $url 请求url
* @param array/string $params 发送的参数
* @return array
*/
function
http_post_data(
$url
,
$params
=
array
())
{
if
(
is_array
(
$params
))
{
$params
= http_build_query(
$params
, null,
'&'
);
}
$ch
= curl_init();
curl_setopt(
$ch
, CURLOPT_POST, 1);
curl_setopt(
$ch
, CURLOPT_URL,
$url
);
curl_setopt(
$ch
, CURLOPT_POSTFIELDS,
$params
);
curl_setopt(
$ch
, CURLOPT_RETURNTRANSFER, 1);
$response
= curl_exec(
$ch
);
$httpCode
= curl_getinfo(
$ch
, CURLINFO_HTTP_CODE);
curl_close(
$ch
);
return
array
(
$httpCode
,
$response
);
}
$url
=
"http://blog.snsgou.com"
;
$data
=
array
(
'a'
=> 1,
'b'
=> 2,
'c'
=> 2);
list(
$returnCode
,
$returnContent
) = http_post_data(
$url
,
$data
);
|
PHP中使用CURL(四)
为了安全,我们的web服务主机往往不能上网。维护的时候,也是通过跳板机,ssh登录后去操作。有时候我们的程序需要访问外网。比如需要调用外网其他程序的某个接口。这时可以通过PHP的CURL函数的CURLOPT_HTTPHEADER来配置设置host访问。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
<?php
$host
=
array
(
"Host: act.qzone.qq.com"
);
$data
=
'user=xxx&qq=xxx&id=xxx&post=xxx'
;
$url
=
'http://192.168.1.12/xxx/xxx/api/'
;
var_dump(
$this
->curl_post(
$host
,
$data
,
$url
) );
/
* 提交请求
* @param
$host
array
需要配置的域名
array
(
"Host: app.cloopen.com"
);
* @param
$data
string 需要提交的数据
'post=xxx'
* @param
$url
string 要提交的url
'https://app.cloopen.com:8883/2013-12-26/Accounts/'
;
*/
function
curl_post(
$host
,
$data
,
$url
)
{
$ch
= curl_init();
$res
= curl_setopt (
$ch
, CURLOPT_URL,
$url
);
var_dump(
$res
);
curl_setopt(
$ch
, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt(
$ch
, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt (
$ch
, CURLOPT_HEADER, 0);
curl_setopt(
$ch
, CURLOPT_POST, 1);
curl_setopt(
$ch
, CURLOPT_POSTFIELDS,
$data
);
curl_setopt (
$ch
, CURLOPT_RETURNTRANSFER, 1);
curl_setopt(
$ch
,CURLOPT_HTTPHEADER,
$host
);
$result
= curl_exec (
$ch
);
curl_close(
$ch
);
if
(
$result
== NULL) {
return
0;
}
return
$result
;
}
?>
|
PHP中使用CURL(五)
curl伪造IP和来源
client.php请求server.php
client.php
1
2
3
4
5
6
7
8
9
|
<?php
$ch
= curl_init();
curl_setopt(
$ch
, CURLOPT_URL,
"http://localhost/server.php"
);
curl_setopt(
$ch
, CURLOPT_HTTPHEADER,
array
(
'X-FORWARDED-FOR:8.8.8.8'
,
'CLIENT-IP:8.8.8.8'
));
//构造IP
curl_setopt(
$ch
, CURLOPT_REFERER,
"http://www.google.com/ "
); //构造来路
curl_setopt(
$ch
, CURLOPT_HEADER, 1);
$out
= curl_exec(
$ch
);
curl_close(
$ch
);
?>
|
server.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
<?php
function
getClientIp() {
if
(!
empty
(
$_SERVER
[
"HTTP_CLIENT_IP"
]))
$ip
=
$_SERVER
[
"HTTP_CLIENT_IP"
];
else
if
(!
empty
(
$_SERVER
[
"HTTP_X_FORWARDED_FOR"
]))
$ip
=
$_SERVER
[
"HTTP_X_FORWARDED_FOR"
];
else
if
(!
empty
(
$_SERVER
[
"REMOTE_ADDR"
]))
$ip
=
$_SERVER
[
"REMOTE_ADDR"
];
else
$ip
=
"err"
;
return
$ip
;
}
echo
"IP: "
. getClientIp() .
""
;
//IP
echo
"referer: "
.
$_SERVER
[
"HTTP_REFERER"
];
//来源
?>
|
注:这个伪造建立在对方不对proxy ip还有remote_addr同时封禁的效果上。
PHP中使用CURL(六)
curl常用的几个例子
1、抓取无访问控制文件
1 <?php 2 $ch = curl_init(); 3 curl_setopt($ch, CURLOPT_URL, "http://localhost/mytest/phpinfo.php"); 4 curl_setopt($ch, CURLOPT_HEADER, false); 5 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); //如果把这行注释掉的话,就会直接输出 6 $result=curl_exec($ch); 7 curl_close($ch); 8 ?>
2、使用代理进行抓取
<?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://blog.snsgou.com"); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, TRUE); curl_setopt($ch, CURLOPT_PROXY, 125.21.23.6:8080); //url_setopt($ch, CURLOPT_PROXYUSERPWD, 'user:password');如果要密码的话,加上这个 $result=curl_exec($ch); curl_close($ch); ?>
3、post数据后,抓取数据
<?php $ch = curl_init(); $data = array('name' => 'test', 'sex' => 1);//array(1) curl_setopt($ch, CURLOPT_URL, 'http://localhost/mytest/curl/userinfo.php'); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_exec($ch); ?>
4、抓取一些有页面访问控制的页面
<?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://club-china"); curl_setopt($ch, CURLOPT_USERPWD, '[username]:[password]');//破解页面访问控制 curl_setopt($ch, CURLOPT_HTTPGET, 1); curl_setopt($ch, CURLOPT_REFERER, "http://club-china"); curl_setopt($ch, CURLOPT_HEADER, 0); $result = curl_exec($ch); curl_close($ch); ?>
5、模拟登录
<?php function checkLogin($user, $password){ if (empty($user) || empty($password)){ return false; } $ch = curl_init(); curl_setopt($ch, CURLOPT_REFERER, "http://mail.sina.com.cn/index.html"); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_USERAGENT, USERAGENT); curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIEJAR); curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT); curl_setopt($ch, CURLOPT_URL, "http://mail.sina.com.cn/cgi-bin/login.cgi"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, "&logintype=uid&u=" . urlencode($user) . "&psw=" . $password); $contents = curl_exec($ch); curl_close($ch); if (!preg_match("/Location: (.*)\\/cgi\\/index\\.php\\?check_time=(.*)\n/", $contents, $matches)){ return false; }else{ return true; } } define("USERAGENT", $_SERVER['HTTP_USER_AGENT']); define("COOKIEJAR", tempnam("c:\windwos\temp", "cookie")); define("TIMEOUT", 500); echo checkLogin("username", "password"); ?>
6、文件上传
<?php /** * @param string $target_url 上传目标地址 * @param string $filename 上传文件路径 * @param string $form_name 表单名称 */ function curlUploadFile($target_url, $filename, $form_name) { $upload_file = new CURLFile($filename); $post_data = array( $form_name => $upload_file ); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $target_url); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($ch); curl_close($ch); } $target_url = 'http://www.codean.net/notFound/test.php'; $filename = realpath("C:/Users/HelloWorld/Desktop/Images/1.jpg"); $form_name = 'file'; // 接收端使用$_FILES接受 curlUploadFile($target_url, $filename, $form_name); ?>
7、文件流上传
/* * 第三种写法,使用PHP流发送 * @param string $target_url 上传目标地址 */ function curlUploadFile($target_url) { $fh = fopen('php://temp', 'rw+'); $string = 'Hello World'; fwrite($fh, $string); rewind($fh); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $target_url); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($ch, CURLOPT_PUT, true); curl_setopt($ch, CURLOPT_INFILE, $fh); curl_setopt($ch, CURLOPT_INFILESIZE, strlen($string)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); curl_close($ch); } $target_url = 'http://www.codean.net/notFound/test.php'; curlUploadFile($target_url); // 接收端取出流文件并保存 $putdata = fopen('php://input', 'r'); $fp = fopen('test.txt', 'w'); while ($data = fread($putdata, 1024)) { fwrite($fp, $data); } fclose($fp); fclose($putdata);