[英]pycurl login joomla website
I try create small script for login joomla web site whit python pycurl, im write this code :我尝试为登录 joomla 网站创建小脚本 whit python pycurl,我写了这个代码:
import sys, re
import pycurl
import cStringIO
import time
import urllib
def LoginJoomla(url):
buf = cStringIO.StringIO()
c = pycurl.Curl()
c.setopt(c.URL, url)
post_params = [('usrname','admin'),('passwd','1234567789'),('submit','Login')]
resp_data = urllib.urlencode(post_params)
c.setopt(c.POSTFIELDS, resp_data)
c.setopt(pycurl.POST, 1)
c.setopt(c.WRITEFUNCTION, buf.write)
c.perform()
html = buf.getvalue()
buf.close()
print html
LoginJoomla("http://www.domain.com/administrator/index.php?option=com_user&view=login")
Bat not working, give me the normal login webpage, please any body can say me where i wrong.蝙蝠不工作,给我正常的登录网页,请任何人告诉我我错在哪里。
Read the BUT first!请先阅读 BUT!
You need to get the URL parameters right (I think your URL is bad):您需要正确获取 URL 参数(我认为您的 URL 是错误的):
POST to http://www.example.com/administrator/
with the following parameters:具有以下参数:
BUT from my knowledge about Joomla!但是根据我对 Joomla 的了解! autentication, you can't do it this way, because Joomla!
认证,你不能这样做,因为 Joomla! from the web browser will send a token, to make sure the form was posted from a browser.
从 web 浏览器将发送一个令牌,以确保表单是从浏览器发布的。
If it's not posted from a browser, an error like 'The most recent request was denied because it contained an invalid security token.如果它不是从浏览器发布的,则会出现类似“最近的请求被拒绝,因为它包含无效的安全令牌”之类的错误。 Please refresh the page and try again.'
请刷新页面并重试。
I know it's possible to remotely login to Joomla!, just keep searching.我知道可以远程登录 Joomla!,请继续搜索。 You may need a custom authentication plugin.
您可能需要自定义身份验证插件。
I required the same thing and I have managed to do it.我需要同样的东西,我已经设法做到了。 We need to do the following:
我们需要做以下事情:
Send an HTTP POST to the login processing script with all fields and cookies.将包含所有字段和 cookie 的 HTTP POST 发送到登录处理脚本。
import bs4 import requests import urllib, urllib2, cookielib jar = cookielib.FileCookieJar("cookies") opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar)) r = opener.open("[INSERT LOGIN PAGE URL]").read() soup=bs4.BeautifulSoup(r, "html.parser") hidden_tags = soup.find_all("input", type="hidden") # Get the randomized token - which is the 5th hidden field in the form token_name = hidden_tags[4]['name'] token_val= hidden_tags[4]['value'] login_data = {'username':'[INSERT USERNAME]', 'password':'[INSERT PASSWORD]', 'remember':'yes', token_name: token_val} # Attempt login opener.open("[LOGIN PAGE FORM ACTION]", urllib.urlencode(login_data)) # Now open logged-in page you wish logged_response = opener.open("[LOGIN PROTECTED PAGE]") logged_result = logged_response.read() print logged_result
For anyone looking for solution in Python 3, I'm posting my solution:对于在 Python 3 中寻找解决方案的任何人,我将发布我的解决方案:
It uses requests
package and looks if correct set-cookie header was returned after login action.它使用
requests
包并查看登录操作后是否返回了正确的 set-cookie 标头。
import re
import requests
session = requests.Session()
response = session.get("[INSERT LOGIN PAGE URL]")
hidden_tags = re.findall(r'<input.+type="hidden".+>', response.text)
# Get the randomized token - which is the 6th hidden field in the form
token_name = re.findall(r'name="(\S+)"', hidden_tags[5])[0]
token_val = re.findall(r'value="(\S+)"', hidden_tags[5])[0]
login_data = {
"username": '[INSERT USERNAME]',
"password": '[INSERT PASSWORD]',
"remember": "yes",
"return": "",
token_name: token_val,
}
login_response = session.post("[LOGIN PAGE FORM ACTION]", data=login_data, allow_redirects=False)
login_cookie = login_response.headers.get('set-cookie', "")
print("joomla_user_state=logged_in" in login_cookie)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.