带有 cURL 的 PHP NTLM 会话
所以先说一点琐事..
有一个用 ASP.NET 编写的网站,它使用 NTLM 协议对想要登录的用户进行身份验证.他们通常使用它时完全可以,他们输入网站 URL,他们提供他们的凭据,进行身份验证和维护会话网络浏览器.
There is written in ASP.NET website, which uses NTLM protocol to authenticate users that want to log in. It's perfectly ok when they normally use it, they type in website URL, they provide their credentials, authenticate and maintain session in web browser.
我想做的是创建一个充当机器人的 PHP 网站.这是我公司的内部网站,我被批准这样做.我遇到的问题是管理会话.用户将能够在我的 PHP 网站中输入他们的凭据,我的 PHP 网站将使用 cURL 对目标站点进行身份验证.
What I want to do, is create PHP website that will act as bot. It is my companys internal website and I am approved to do so. The problem I run into, is managing session. Users will be able to type in their credentials in my PHP website, and my PHP website will authenticate them to target site, using cURL.
目前我得到的代码是:
$cookie_file_path = dirname(__FILE__) . '/cookies.txt';
$ch = curl_init();
//==============================================================
curl_setopt($ch, CURLOPT_USERPWD, $username. ':' . $password);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_MAXREDIRS, 100);
//=============================================================
$ret = curl_exec($ch);
上面的代码通过 cURL 登录到目标网站(它似乎管理 NTLM 握手),并获取网站内容.它还存储在 cookie 文件中发回的会话 ID.
Above code logs in to target website by cURL (which manages NTLM handshake, as it seems), and fetches websites content. It also stores Session ID that is sent back in cookie file.
我接下来要做的是评论 CURLOPT_USERPWD
选项,希望此脚本将使用存储在 cookie 文件中的会话 ID 在此脚本的第二次执行中验证先前登录的用户.它可以摆脱用户凭据并且不以这种方式将其存储在任何地方,因为将其存储在手动创建的会话、数据库或其他任何地方都不安全.
What I'm trying to do next, is comment the CURLOPT_USERPWD
option, in hope that this script will use session ID stored in cookie file to authenticate previously logged in user in second execution of this script. It could get rid of user credentials and do not store it anywhere that way, becouse it is not safe to store it in manually created session, database, or anywhere else.
我需要这个,因为机器人将使用 CRON 定期检查网站状态是否已更改,并执行一些用户操作作为对此的反应.但要做到这一点,用户首先必须经过身份验证,并且他的用户名和密码不能存储在任何地方,所以我必须使用他最初登录时建立的会话信息.
I need this becouse bot will be using CRON to periodically check if website status has changed and perform some user actions as reaction to this. But to do this, user first must be authenticated, and his username and password must not be stored anywhere, so I have to use session information estabilished when he initially logged in.
CURL 似乎不这样做.当我第二次使用带注释的 CURLOPT_USERPWD
选项执行脚本时,它不使用存储的 cookie 来保持身份验证.相反,它 REWRITES 带有不相关数据的 cookie 文件从服务发送给我,作为对 NOT AUTHRORISED 访问请求的响应.
CURL seems to NOT DO THIS. When I execute script second time with commented CURLOPT_USERPWD
option, it does not use stored cookie to keep beeing authenticated. Instead, it REWRITES cookie file with not relevant data send to me from service as response to NOT AUTHRORISED access request.
我的问题是:为什么 cURL 不使用存储的会话信息来保持身份验证?有什么方法可以维护与基于 cURL 和 NTLM 协议的网站的会话?
My questions are: Why cURL doesnt use stored session information to keep beeing authenticated? Is there any way to maintain this session with cURL and NTLM protocol based website?
提前致谢.
推荐答案
我有同样的问题,我使用 curl_setopt($ch, CURLOPT_COOKIEFILE, "");
行代码解决了它.字符串应该是empty.
I have the same problem and i solved it using curl_setopt($ch, CURLOPT_COOKIEFILE, "");
line of code. The string should be exactly empty.
相关文章