d3xt3r32 Posted March 22, 2014 Report Share Posted March 22, 2014 Salutare tuturor!Vreau sa fac un script in php care sa posteze un anunt pe un site cu datele pe care le prestabilesc eu, insa nu am success.Iata ce am pana acum:<?php$curl=curl_init();curl_setopt($curl,CURLOPT_RETURNTRANSFER ,1 );curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 5.1; rv:28.0) Gecko/20100101 Firefox/28.0');curl_setopt($curl,CURLOPT_HEADER , 1);curl_setopt($curl,CURLOPT_FOLLOWLOCATION, 1);curl_setopt($curl,CURLOPT_SSL_VERIFYPEER, FALSE);curl_setopt($curl,CURLOPT_SSL_VERIFYHOST, 2);curl_setopt($curl,CURLOPT_COOKIEJAR, "cookie.txt");curl_setopt($curl,CURLOPT_COOKIEFILE, "cookie.txt");curl_setopt($curl,CURLOPT_TIMEOUT,10000);curl_setopt($curl,CURLOPT_URL,"http://post.vivastreet.com");curl_setopt($curl,CURLOPT_POST ,1);$post = array("incorrect_username" => '0', "pic_hash" => '', "postingsubcategory" => 'phones_pdas', "posting_category_select" => 'phones_pdas', "selectedGeo" => '22009', "originalGeo" => '', "original_p2p_id" => '0', "featuredAd" => '1', "featuredPlan" => '0', "premiumPlan" => '0', "searchGeo_text" => 'Bannay - 18300', "foreignCountryModify" => '', "transport_posting" => '', "individual_type" => 'individual', "title" => 'titlu', "detail" => 'detail detail detail detail detail detail detail detail', "offer_type" => 'offer', "brand" => '', "price" => '999', "phone_nbr" => '', "anonymize_phone" => 'on', "image_modify" => '1', "image_total" => '0', "thumbnail_index" => '', "resume_attached" => 'no', "logo_attached" => 'no', "trusted_proxy" => '', "trusted_email" => '', "posting_auth_type" => 'register', "user_email" => 'email2@domeniu2.nl', "user_password" => 'parola123', "external_url" => '', "captcha_loaded" => 'false', "captcha" => 'na', "from_partners" => 'true', "target" => 'publish', "publish" => '1');curl_setopt($curl,CURLOPT_POSTFIELDS,$post);echo curl_exec($curl);curl_close($curl);?> Este posibil ce incerc eu sa fac?Daca da, va rog sa ma indrumati.Multumesc. Quote Link to comment Share on other sites More sharing options...
Silviu Posted March 22, 2014 Report Share Posted March 22, 2014 Foloseste functia asta si trebuie sa mearga daca ai pus totul ok:<?php// Create a function to handle the posting of datafunction http_post($url, $post) { $c = curl_init(); curl_setopt($c, CURLOPT_URL, $url); curl_setopt($c, CURLOPT_POST, true); curl_setopt($c, CURLOPT_POSTFIELDS, $post); curl_setopt ($c, CURLOPT_RETURNTRANSFER, true); return curl_exec($c);}$fields = array('data' => 'John Doe', 'idx' => 11321);echo http_post('http://example.com/script.php', http_build_query($fields));?> Quote Link to comment Share on other sites More sharing options...
d3xt3r32 Posted March 22, 2014 Author Report Share Posted March 22, 2014 Exact aceeasi chestie imi returneaza. cred ca mai sunt unele scripturi pe acolo care lucreaza, gen ajax.. Quote Link to comment Share on other sites More sharing options...
Silviu Posted March 22, 2014 Report Share Posted March 22, 2014 Exact aceeasi chestie imi returneaza. cred ca mai sunt unele scripturi pe acolo care lucreaza, gen ajax..Ca tot sunt in aceeasi "incurcatura" cu un login care imi face probleme. Incearca sa faci cu PhantomJS, se instaleaza foarte usor pe server si ai deja model de script care face submit la un form. Quote Link to comment Share on other sites More sharing options...
SticKyWoX Posted March 22, 2014 Report Share Posted March 22, 2014 curl_setopt($curl,CURLOPT_COOKIEJAR, dirname(__FILE__)."\cookie.txt");curl_setopt($curl,CURLOPT_COOKIEFILE, dirname(__FILE__)."\cookie.txt"); Quote Link to comment Share on other sites More sharing options...
Silviu Posted March 22, 2014 Report Share Posted March 22, 2014 curl_setopt($curl,CURLOPT_COOKIEJAR, dirname(__FILE__)."\cookie.txt");curl_setopt($curl,CURLOPT_COOKIEFILE, dirname(__FILE__)."\cookie.txt"); Nu au bre treaba astea, nici macar nu are nevoie de cookies, pentru ca nu se logheaza nicaieri. Quote Link to comment Share on other sites More sharing options...
SticKyWoX Posted March 22, 2014 Report Share Posted March 22, 2014 Nu au bre treaba astea, nici macar nu are nevoie de cookies, pentru ca nu se logheaza nicaieri."user_email" => 'email2@domeniu2.nl', "user_password" => 'parola123'Asa mi s-a parut Quote Link to comment Share on other sites More sharing options...
Dubfx Posted March 22, 2014 Report Share Posted March 22, 2014 Instaleaza firebug si modifica din consola url-ul de post din<form action="login.php" method="post"> (ex.)in<form action="http://www.siteul-tau/a.php" method="post">in a.php pune<?phpforeach($_POST as $k=>$v){echo $k . ' ' . $v . '<br/>';}?>dupa care dai submit la formular si vezi ce iti lipseste.Daca are protectie crsf , le iei cu un preg_match si le adaugi automat in variabilele de post. Quote Link to comment Share on other sites More sharing options...
d3xt3r32 Posted March 22, 2014 Author Report Share Posted March 22, 2014 Instaleaza firebug si modifica din consola url-ul de post din<form action="login.php" method="post"> (ex.)in<form action="http://www.siteul-tau/a.php" method="post">in a.php pune<?phpforeach($_POST as $k=>$v){echo $k . ' ' . $v . '<br/>';}?>dupa care dai submit la formular si vezi ce iti lipseste.Daca are protectie crsf , le iei cu un preg_match si le adaugi automat in variabilele de post.Am facut deja un "grabber" pentru a vedea ce variabile se trimit, insa nu prea inteleg exact la ce te referi in legatura cu protectia crsf.Ai putea sa imi dai un exemplu de cod cum as putea sa extrag variabilele cu preg_match?Multumesc. Quote Link to comment Share on other sites More sharing options...
SirGod Posted March 23, 2014 Report Share Posted March 23, 2014 (edited) Am facut deja un "grabber" pentru a vedea ce variabile se trimit, insa nu prea inteleg exact la ce te referi in legatura cu protectia crsf.Ai putea sa imi dai un exemplu de cod cum as putea sa extrag variabilele cu preg_match?Multumesc.Pentru protectia impotriva CSRF se adauga, de obicei, un input hidden cu un token (un cod unic, de obicei un hash random). La trimiterea formularului se verifica daca acel cod este valid: daca este, formularul este trimis, daca nu este valid ti se intoarce o eroare sau te redirectioneaza etc. Ca si un exemplu real, sa intelegi cum functioneaza, sa zicem ca ai in control panel un formular de schimbare a parolei care are doua inputuri, new password, repeat new password si mai are un buton de submit (fara sa ceara parola veche). Tu poti abuza de asta creand o pagina HTML cu inputurile deja completate (parola pe care vrei sa o setezi tu) si sa faci submit al formului pe eventul onLoad cu datele tale, catre pagina care le proceseaza. Cand "victima" it va vizita pagina se va face un request catre pagina care schimba parola si parola va fi schimbata cu cea prestabilita de tine. "Victima" doar trebuie sa fie logata. Ca sa ajungem inapoi la hash-ul impotriva CSRF, daca in exemplu mentionat, pe langa cele doua inputuri mai exista si un hash unic, tu nu aveai cum sa faci submit la form deoarece nu aveai cum sa stii acel hash incat sa il "completezi" in pagina ta HTML.Pentru preg_match:PHP: preg_match - ManualAi exemple destul acolo. Edited March 23, 2014 by SirGod Quote Link to comment Share on other sites More sharing options...
SticKyWoX Posted March 23, 2014 Report Share Posted March 23, 2014 Te pot ajuta eu, dar ca orice om care lucreaza pentru alt om, la mijloc trebuie sa fie vorba de o remuneratie.Sau, poti folosi simple_html_dom.php ca sa iei acel token de care se zice in postul de mai sus, apoi faci iar requestul de tip POST. (intai get, ca sa iei tokenul, apoi post cu tokenul luat) Quote Link to comment Share on other sites More sharing options...
