用fopen方式打开夺取对方网页的时候,由于fopen无法发送sessionId, 所以无法获得网站的某些需要进行session认证信息. 可以用socket来来进行这种操作, 模拟发送http的头信息
参考代码
/*
* 得到网页内容
* 参数:$host [in] string
* 主机名称(例如: www.imsorry.com.cn)
* 参数:$method [in] string
* 提交方法:POST, GET, HEAD ... 并加上相应的参数( 具体语法参见 RFC1945,RFC2068 )
* 参数:$str [in] string
* 提交的内容
* 参数:$sessid [in] string
* PHP的SESSIONID
*
* @返回 网页内容 string
*/
function GetWebContent($host, $method, $str, $sessid = '')
{
$ip = gethostbyname($host);
$fp = fsockopen($ip, 80);
if (!$fp) return;
fputs($fp, "$method/r/n");
fputs($fp, "Host: $host/r/n");
if (!empty($sessid))
{
echo "PHPSESSID=$sessid
";
fputs($fp, "Cookie: PHPSESSID=$sessid; path=/;/r/n");
}
if ( substr(trim($method),0, 4) == "POST")
{
fputs($fp, "Content-Length: ". strlen($str) . "/r/n"); // 别忘了指定长度
}
fputs($fp, "Content-Type: application/x-www-form-urlencoded/r/n/r/n");
if ( substr(trim($method),0, 4) == "POST")
{
fputs($fp, $str."/r/n");
}
while(!feof($fp))
{
$response .= fgets($fp, 1024);
}
$hlen = strpos($response,"/r/n/r/n"); // LINUX下是 "/n/n"
$header = substr($response, 0, $hlen);
$entity = substr($response, $hlen + 4);
if ( preg_match('/PHPSESSID=([0-9a-z]+);/i', $header, $matches))
{
$a['sessid'] = $matches[1];
}
if ( preg_match('/Location: ([0-9a-z/_/?/=/&/#/.]+)/i', $header, $matches))
{
$a['location'] = $matches[1];
}
$a['content'] = $entity;
fclose($fp);
return $a;
}
if ( preg_match('/error/.php/i',$response['location']))
{
echo "登陆失败
";
} else {
echo "登陆成功
";
/*
// 不可以访问user.php,因为不带sessid参数
$response = GetWebContent("localhost","GET /user.php HTTP/1.0", '', '');
echo $response['location']."
"; // 结果:error.php?errcode=2
*/
// 可以访问user.php
$response = GetWebContent($localhost,"GET $page HTTP/1.0", '', $response['sessid']);
echo $response['location']."
"; // 结果:user.php
print_r($response);
$response = GetWebContent($localhost,"GET $page HTTP/1.0", '', $response['sessid']);
echo $response['location']."
"; // 结果:user.php
print_r($response);
}
?>
扫一扫
1958
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
