php curl登錄instagram進入重定向循環

Question

我使用curl和php登錄instagram，它進入重定向循環，在該循環中回顯與此類似的文本，每個回顯之間幾乎沒有變化

> HTTP/1.1 301 Moved Permanently Location: https://www.instagram.com/
> Content-Type: text/plain Server: proxygen Date: Mon, 16 Jan 2017
> 12:53:26 GMT Connection: keep-alive Content-Length: 0
> 
> HTTP/1.1 200 OK Content-Type: text/html Vary: Cookie, Accept-Language,
> Accept-Encoding Content-Language: en Pragma: no-cache Expires: Sat, 01
> Jan 2000 00:00:00 GMT Strict-Transport-Security: max-age=86400 Date:
> Mon, 16 Jan 2017 12:53:27 GMT X-Frame-Options: SAMEORIGIN
> Content-Encoding: gzip Cache-Control: private, no-cache, no-store,
> must-revalidate Set-Cookie: sessionid=; expires=Thu, 01-Jan-1970
> 00:00:00 GMT; Max-Age=0; Path=/; HttpOnly; Domain=instagram.com
> Set-Cookie: csrftoken=uWHWfgmVVhdROoG3HsyIevXMq4mcEGVU; expires=Mon,
> 15-Jan-2018 12:53:27 GMT; Max-Age=31449600; Path=/; Secure Connection:
> keep-alive Content-Length: 3373

我正在使用的代碼是這樣

<?php

    include_once('simple_html_dom.php'); 

        $usuario = "username";
        $password = "password";

        $url = 'https://www.instagram.com/';
        $url_login = 'https://www.instagram.com/accounts/login/ajax/';
        $user_agent = array("Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 ",
                      "(KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36");

        $ch = curl_init(); 

        $headers = [
        'Accept-Encoding: gzip, deflate',
        'Accept-Language: en-US;q=0.6,en;q=0.4',
        'Connection: keep-alive',
        'Content-Length: 0',
        'Host: www.instagram.com',
        'Origin: https://www.instagram.com',
        'Referer: https://www.instagram.com/',
        'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36', 
        'X-Instagram-AJAX: 1',
        'X-Requested-With: XMLHttpRequest'  
        ];

        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
        curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookie/pruebalogininsta3.txt");
        curl_setopt($ch, CURLOPT_REFERER, $sTarget);
        curl_setopt($ch, CURLOPT_HEADER, TRUE);

        $html = curl_exec($ch);

        preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $html, $matches);
        $cookies = array();
        foreach($matches[1] as $item) {
            parse_str($item, $cookie);
            $cookies = array_merge($cookies, $cookie);
        }


        $headers = [
        'Accept-Language: en-US;q=0.6,en;q=0.4',
        'Connection: keep-alive',
        'Content-Length: 0',
        'Host: www.instagram.com',
        'Origin: https://www.instagram.com',
        'Referer: https://www.instagram.com/',
        'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36', 
        'X-Instagram-AJAX: 1',
        'X-Requested-With: XMLHttpRequest'
        ];

        $cadena_agregar_vector = 'X-CSRFToken:'. $cookies["csrftoken"];

        $headers[] = $cadena_agregar_vector ;

        $sPost=http_build_query(array('username'=>$usuario,'password'=>$password));


        # Creo que falta agregar la variable POST para que mande un POST y no un GET

        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $sPost);
        curl_setopt($ch, CURLOPT_ENCODING, 'gzip, deflate');
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($ch, CURLOPT_URL, $url_login);  

        $html2 = curl_exec($ch);

        curl_setopt($ch, CURLOPT_URL, "http://www.instagram.com/");  

        $html4 = curl_exec($ch);

        echo $html4;

    ?>

Answer 1

你犯了一些錯誤，

1：您手動添加'Accept-Encoding: gzip, deflate',標頭。 如果服務器選擇實際使用gzip / deflate，則響應主體看起來會出現亂碼（二進制壓縮數據），如果要在curl中使用壓縮，請改用CURLOPT_ENCODING ，curl會為您解壓縮。 （至少您在第二次調用中正確執行了此操作）

2：您添加Referer: https://www.instagram.com/ ，只是稍后用curl_setopt($ch, CURLOPT_REFERER, $sTarget);覆蓋它curl_setopt($ch, CURLOPT_REFERER, $sTarget); ，使自定義標頭被忽略，並且$ sTarget似乎是未定義的變量。

3：在HTTP標頭中使用大寫字母。 據我所知，登錄協議未在任何標題中使用大寫字母。 （例如，您將其稱為X-Instagram-AJAX: 1 ，但登錄頁面將其稱為x-instagram-ajax: 1 ）

使用https://github.com/divinity76/hhb_.inc.php/blob/master/hhb_.inc.php中的 hhb_curl，

這是一個有效的示例代碼：

<?php
declare(strict_types = 1);
require_once('hhb_.inc.php');
$hc = new hhb_curl ();
$hc->_setComfortableOptions ();

$username = 'nigeriansdddd';
$password = '3fc2p4xy049q3om@my10minutemail.com';
// get a cookie session and login page etc
$hc->exec ( 'https://www.instagram.com/' );
// hhb_var_dump($hc->getStdErr(),$hc->getResponseBody());
$html = $hc->getResponseBody ();
$token = getCsrfToken ( $html );
$hc->setopt_array ( array (
        CURLOPT_URL => 'https://www.instagram.com/accounts/login/ajax/',
        CURLOPT_POST => true,
        CURLOPT_HTTPHEADER => array (
                'x-csrftoken: ' . $token,
                'x-instagram-ajax: 1',
                'x-requested-with: XMLHttpRequest',
                'accept-language: en-US,en;q=0.8,nb;q=0.6',
                'origin: https://www.instagram.com',
                'referer: https://www.instagram.com/' 
        )
        ,
        CURLOPT_POSTFIELDS => http_build_query ( array (
                'username' => $username,
                'password' => $password 
        ) ) 
) );
$hc->exec ();
// hhb_var_dump ( $hc->getStdErr (), $hc->getResponseBody () );
$jsonRAW = $hc->getResponseBody ();
$json = json_decode ( $jsonRAW, true );
if (! is_array ( $json ) || $json ['status'] !== 'ok' || $json ['authenticated'] !== true) {
    throw new RuntimeException ( 'failed to login. last curl request: ' . $hc->getStdErr () . $hc->getResponseBody () );
}
$hc->exec ( 'https://www.instagram.com/' );
$html = $hc->getResponseBody ();
if (false === strpos ( $html, $username )) {
    throw new RuntimeException ( 'failed to confirm login. last curl request: ' . $hc->getStdErr () . $hc->getResponseBody () );
}
hhb_var_dump ( $hc->getStdErr (), $hc->getResponseBody () );


function getCsrfToken(string $html): string {
    $matches = array ();
    $rexret = preg_match ( '/\"csrf_token\"\s*\:\s*\"([^\"]*)/', $html, $matches );
    if ($rexret !== 1) {
        throw new RuntimeException ( 'failed to find the csrf token!' );
    }
    // hhb_var_dump($rexret,$matches);
    $csrftoken = $matches [1];
    return $csrftoken;
}

（請注意：該帳戶nigeriansdddd / 3fc2p4xy049q3om@my10minutemail.com只是一個虛假的一次性帳戶，我不在乎該帳戶是否受到威脅，這顯然是在我將憑據發布到此處時發生的）