Curl Catch Redirect Url参数-API请求的Oauth 2.0授权PHP脚本(例如VK)
[英]Curl Catch Redirect Url parameters - Oauth 2.0 Authorisation PHP script for API request (VK for example)
问题描述
I have a problem with a two step authorization with Oauth in PHP. 
我在PHP中使用Oauth进行两步授权存在问题。
The first request like: 第一个请求像:
$AUTHORIZE_URL =' https://oauth.vk.com/authorize?client_id=myID&scope=MyWall&redirect_uri=https://oauth.vk.com/blank.html&response_type=code '; $ AUTHORIZE_URL =' https: //oauth.vk.com/authorize?client_id=myID & scope=MyWall & redirect_uri= https: //oauth.vk.com/blank.html&response_type=code';
This request is making a redirection to https://oauth.vk.com/blank.html with "#code=Anumber" parameter. 该请求正在使用“#code = Anumber”参数重定向到https://oauth.vk.com/blank.html 。
After that I have a second request which need this code. 之后,我有第二个请求,需要此代码。
I use Curl to make those requests and parse the Json result of the second one but how can I get the paramters of the redirect url in curl. 我使用Curl发出这些请求并解析第二个请求的Json结果,但是如何在curl中获取重定向URL的参数。
I tried to parse the header of the answer but I found no location. 我试图解析答案的标题,但找不到位置。
EDIT: 编辑:
Example code of my request: 我的请求的示例代码:
curl_setopt_array($ch = curl_init(), array(
CURLOPT_USERAGENT => '',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => false,
CURLINFO_REDIRECT_URL => true,
CURLOPT_BINARYTRANSFER => 1,
CURLOPT_URL => $url
));
curl_exec($ch);
$info=curl_getinfo($ch);
prin_r($info);
curl_close($ch);
1 个解决方案
解决方案1
1 2015-09-17 17:08:34
Ok, the problem is that you are not logged in, if you are logged in the OAuth authentication redirects you to the blank page with your code, but if you are not, there is NO REDIRECT and it shows you a html page with login. 好的,问题是您尚未登录,如果您登录了OAuth身份验证,则会将您的代码重定向到空白页面,但是如果没有登录,则不会重定向,并且会显示带有登录名的html页面。
So, in order to get that code you have to login, you can login using your browser and then get the cookies from your browser and use them in your code. 因此,为了获得您必须登录的代码,可以使用浏览器登录,然后从浏览器获取cookie,并在代码中使用它们。 This option is good if you only want that code for testing. 如果只希望该代码进行测试,则此选项很好。
The second options is more complex you have to do the login programmatically, that implies more than one curl, saving cookies and sending them to the next request. 第二个选项更加复杂,您必须以编程方式进行登录,这意味着多个卷曲,保存cookie并将它们发送到下一个请求。 I made an example for this OAuth authentication in particular that at least works for me. 我为此OAuth身份验证创建了一个示例,至少对我有用。 Is quite ugly but is ok as proof of concept. 相当丑陋,但可以作为概念证明。
<?php
$email = "myemailorphone";
$pass = "mypassword";
$id = "myID";
//this url returns a login page
$url= "https://oauth.vk.com/authorize?".http_build_query(["client_id"=>$id,"scope"=>"MyWall","redirect_uri"=>"https://oauth.vk.com/blank.html","response_type"=>"code"]);
$b64url = str_replace("==","--",base64_encode($url)); //different base64 code, just to have all parameters
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
//curl_setopt($ch,CURLOPT_NOBODY,true);
curl_setopt($ch, CURLOPT_USERAGENT,"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$result = curl_exec($ch);
curl_close($ch);
$cookieString = "";
if(strpos($result,"log in")) {
//get all the cookies
preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $result, $matches);
$cookies = array();
foreach($matches[1] as $item) {
parse_str($item, $cookie);
$cookies = array_merge($cookies, $cookie);
}
$cookieString = "";
foreach($cookies as $key=>$val){
$cookieString .= $key."=".$val.";";
}
//CREATE LOGIN POST
$ip_h = explode("name=\"ip_h\" value=\"",$result);
$ip_h = substr($ip_h[1],0,18); // some hidden fields on that page, maybe important
$lg_h = explode("name=\"lg_h\" value=\"",$result);
$lg_h = substr($lg_h[1],0,18); // some hidden fields on that page, maybe important
$fields = [
"origin"=>"https://oauth.vk.com",
"to"=>$b64url, // this is where it redirects after login, not used in the php code but, just for the request
"email"=>$email,//phone or email of user
"expire"=>0,
"pass"=>$pass, //your password
"ip_h"=>$ip_h,
"lg_h"=>$lg_h
];
$post = http_build_query($fields);
$login_url = "https://login.vk.com/?act=login&soft=1";
$ch = curl_init($login_url);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Cookie: '.$cookieString));
curl_setopt($ch, CURLOPT_USERAGENT,"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
//get the new cookies
$result = curl_exec($ch);
preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $result, $matches);
$login_cookies = array();
foreach($matches[1] as $item) {
parse_str($item, $cookie);
$login_cookies = array_merge($login_cookies, $cookie);
}
foreach($login_cookies as $key=>$val){
$cookieString .= $key."=".$val.";";
}
//get next location redirect
preg_match_all('/^Location:\s*(.*)/mi', $result, $matches);
$first_redirect = str_replace("\"","_",$matches[1][0]);
$first_redirect = filter_var($first_redirect,FILTER_SANITIZE_URL); //sanitize url, because it returns unwanted chars
//use the second location redirect
$ch = curl_init($first_redirect);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT,"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Cookie: '.$cookieString,"accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$result = curl_exec($ch);
curl_close($ch);
//last location forward
preg_match_all('/^Location:\s*(.*)/mi', $result, $matches);
$second_redirect = str_replace("\"","_",$matches[1][0]);
$second_redirect = filter_var($second_redirect,FILTER_SANITIZE_URL);
$ch = curl_init($second_redirect);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT,"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Cookie: '.$cookieString,"accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$result = curl_exec($ch);
curl_close($ch);
preg_match_all('/^Location:\s*(.*)/mi', $result, $matches);
$blank = str_replace("\"","_",$matches[1][0]);
$blank = filter_var($blank,FILTER_SANITIZE_URL);
echo "Blank url: ".$blank;
}
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.