我如何为我的PHP libcurl脚本获取wp nonce值
[英]How do i get wp nonce value for my php libcurl script
问题描述
I'd like to automate some administrative task for myself on my wpmu install. 
我想在wpmu安装中为自己自动化一些管理任务。 For example, I'm trying to write php curl script for logging in and adding a new blog. 例如,我正在尝试编写php curl脚本以登录并添加新博客。 So i'm already logged in via curl and now i want to post form that's in wpmu-blogs.php but it has hidden wp nonce field. 所以我已经通过curl登录了,现在我想发布wpmu-blogs.php中的表单,但是它隐藏了wp nonce字段。 How do i get this value into variable? 我如何将此值转换为变量? I checked source but there are more than one wp nonce hidden fields. 我检查了源,但是有多个wp随机数隐藏字段。 I'm assuming that there are different nonce values for different tasks on different forms. 我假设不同形式的不同任务有不同的现时值。 How do i get the one i need - for adding new blog? 如何获得所需的-添加新博客?
2 个解决方案
解决方案1
3 2009-09-07 00:55:57
The point of a nonce is to protect against a cross site forgery attack . 随机数的目的是防止跨站点的伪造攻击 。 Because of this, a new nonce value is going to be generated on a regular basis. 因此,将定期生成新的现时值。 If the nonce was predictable, it wouldn't be effective. 如果随机数是可预测的,那将是无效的。
To post to a nonce enabled form using curl, you'd need to 要使用curl发布到启用了nonce功能的表单,您需要
Turn on all cookie handling options (both saving cookies to a cookie jar, and sending cookies in the saved cookie jar)
打开所有cookie处理选项(将cookie保存到cookie jar,以及在保存的cookie jar中发送cookie) Make a request to the page that contains your form
向包含您的表单的页面进行请求 Using regular expressions or an HTML/XHTML parsing library, pull out the nonce value you want
使用正则表达式或HTML / XHTML解析库,提取所需的现时值 With that value in hand, post to the page you want, sending the nonce along
有了该值,将其发布到所需的页面,并随即发送随机数
This kind of programming can be tedious. 这种编程可能很乏味。 You're essentially trying to emulate a web browser. 您实质上是在尝试模仿Web浏览器。 It's doable, but you may want to consider 可行,但是您可能要考虑
Looking into the Wordpress XML-RPC API .
研究Wordpress XML-RPC API 。 This is the supported way of doing the kind of things you're trying to automate with CURL, and will be much more straight forward once you climb the learning curve. 这是您尝试使用CURL进行自动化处理时所支持的方式,一旦您爬上学习曲线,它将更加直接。 There's also the AtomPub API.
还有AtomPub API。 AtomPub is, in part, an attempt to come up with a standard way of performing common actions to weblogs and personal publishing sites. AtomPub在某种程度上是尝试提出一种对Weblog和个人发布网站执行常见操作的标准方法。 The advantage is, in theroy, scripts written for one system (Wordpress) will work on another system (MovableType). 从理论上讲,优点是为一个系统(Wordpress)编写的脚本将在另一个系统(MovableType)上运行。 The disadvantage is AtomPub features tend to lag behind/differ from features supported in each engine's custom API. 缺点是AtomPub功能往往落后于/不同于每个引擎的自定义API支持的功能。 Finally, if you're not up for leaning either API, you might want to give Selenium a try.
最后,如果您不希望使用这两个API,则可以尝试Selenium 。 Selenium IDE will allow you to script Firefox and have the nonce handled automatically, since you're actually using a browser to visit each page. Selenium IDE允许您编写Firefox脚本并自动处理随机数,因为您实际上是在使用浏览器来访问每个页面。
解决方案2
0 2009-09-07 01:02:28
you can also use greasemonkey to script your firefox. 您还可以使用滑脂猴子编写您的Firefox脚本。
This addon permit to customize webpage and do some action using javascript. 此插件允许自定义网页并使用javascript执行某些操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.