使用 cURL 检索网站 HTML 页面,并在安全页面上提供当前会话和 Cookie 数据
2022-08-30 22:27:50
问题完全修订于:2月19日
我想要的东西(简而言之):
我想使用cURL获取一个HTML页面,该页面通过用户登录名进行保护(在cURL请求时,用户登录时具有该页面的权限)。
更详细:
情况是用户在一个网页上,该网页是安全的(通过安全脚本)。在该页面上有一个“打印为pdf”按钮。这会将用户发送到此页面的页面,此页面将查看请求的来源并使用cURL获取该页面,并且该输出将作为PDF打印发送到浏览器。index.php?w=2344&y=lalala&x=somethingclass.Firewizz.Security.phpgetPDF.php
但是现在我在页面中设置了页面变量静态,因此它不会检查引用站点,并且我100%确定它尝试获取的页面是正确的。getPDF.php
此外,输出只是按原样回显,尚未转换为PDF,以免干扰问题。
预期输出现在与用户转到页面时的预期输出相同。除非情况并非如此,否则用户什么也得不到。
我们知道什么?我们知道数据没有被发送到cURL,我知道这是一个事实,因为我回显了输出文件上的数据,说它们是空的。$_SESSION$_SESSION
经过大量的尝试,我们仍然没有解决方案,仍然没有“$_SESSION”数据。
我不想以任何方式破坏安全脚本,因此解决方案“删除不是我正在寻找的”。ini_set('session.use_only_cookies', 1);
根据要求(对于致力于帮助的那些),我可以发送完整的脚本文件,但我会在下面发布相关的片段。
class.Firewizz.Security.php
<?php
/*
* Firewizz UserLogin
*/
namespace Firewizz;
class Security
{
// Start the session, with Cookie data
public function Start_Secure_Session()
{
// Forces sessions to only use cookies.
ini_set('session.use_only_cookies', 1);
// Gets current cookies params
$cookieParams = session_get_cookie_params();
// Set Cookie Params
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $this->isHTTPS, $this->deny_java_session_id);
// Sets the session name
session_name($this->session_name);
// Start the php session
session_start();
// If new session or expired, generate new id
if (!isset($_SESSION['new_session']))
{
$_SESSION['new_session'] = "true";
// regenerate the session, delete the old one.
session_regenerate_id(true);
}
}
// Check of user is logged in to current session, return true or false;
public function LOGGED_IN()
{
return $this->_login_check();
}
public function LOGOUT()
{
// Unset all session values
$_SESSION = array();
// get session parameters
$params = session_get_cookie_params();
// Delete the actual cookie.
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
// Destroy session
session_destroy();
if (!headers_sent())
{
header("Location: " . $this->login_string, true);
}
else
{
echo '<script>window.location="/"</script>';
}
}
// Must pass variables or send to login page!
public function BORDER_PATROL($user_has_to_be_logged_in, $page_loaded_from_index)
{
$pass_border_partrol = true;
if (!$this->LOGGED_IN() && $user_has_to_be_logged_in)
{
$pass_border_partrol = false;
}
if (filter_input(INPUT_SERVER, "PHP_SELF") != "/index.php" && $page_loaded_from_index)
{
$pass_border_partrol = false;
}
// Kick to login on fail
if (!$pass_border_partrol)
{
$this->LOGOUT();
exit();
}
}
// Catch login, returns fail string or false if no errors
public function CATCH_LOGIN()
{
if (filter_input(INPUT_POST, "id") == "login" && filter_input(INPUT_POST, "Verzenden") == "Verzenden")
{
// Variables from form.
$email = filter_input(INPUT_POST, "email");
$sha512Pass = filter_input(INPUT_POST, "p");
// Database variables
$db_accounts = mysqli_connect($this->mySQL_accounts_host, $this->mySQL_accounts_username, $this->mySQL_accounts_password, $this->mySQL_accounts_database);
// Prepage sql
if ($stmt = $db_accounts->prepare("SELECT account_id, verified, blocked ,login_email, login_password, login_salt, user_voornaam, user_tussenvoegsel, user_achternaam FROM accounts WHERE login_email = ? LIMIT 1"))
{
$stmt->bind_param('s', $email); // Bind "$email" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
$stmt->bind_result($user_id, $verified, $blocked, $email, $db_password, $salt, $voornaam, $tussenvoegsel, $achternaam); // get variables from result.
$stmt->fetch();
$password = hash('sha512', $sha512Pass . $salt); // hash the password with the unique salt.
$tussen = ' ';
if ($tussenvoegsel != "")
{
$tussen = " " . $tussenvoegsel . " ";
}
$username = $voornaam . $tussen . $achternaam;
if ($stmt->num_rows == 1)
{ // If the user exists
// Check blocked
if ($blocked == "1")
{
return 'Deze acount is geblokkeerd, neem contact met ons op.';
}
// We check if the account is locked from too many login attempts
if ($this->_checkBrute($user_id, $db_accounts) == true)
{
// Account is locked
// Send an email to user saying their account is locked
return "Te vaak fout ingelogd,<br />uw account is voor " . $this->blockout_time . " minuten geblokkerd.";
}
else
{
if ($db_password == $password && $verified == 1)
{
// Password is correct!, update lastLogin
if ($stmt = $db_accounts->prepare("UPDATE accounts SET date_lastLogin=? WHERE account_id=?"))
{
$lastlogin = date("Y-m-d H:i:s");
$stmt->bind_param('ss', $lastlogin, $user_id); // Bind "$email" to parameter.
$stmt->execute();
$stmt->close();
}
$ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
$user_id = preg_replace("/[^0-9]+/", "", $user_id); // XSS protection as we might print this value
$_SESSION['user_id'] = $user_id;
$username = $username; // XSS protection as we might print this value
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('sha512', $password . $ip_address . $user_browser);
// Login successful.
if ($this->MailOnLogin != FALSE)
{
mail($this->MailOnLogin, 'SECUREPLAY - LOGIN', $username . ' logged in to the secureplay platform..');
}
return false;
}
else
{
// Password is not correct
// We record this attempt in the database
$now = time();
$db_accounts->query("INSERT INTO login_attempts (userID, timestamp) VALUES (" . $user_id . ", " . $now . ")");
return "Onbekende gebruikersnaam en/of wachtwoord.";
}
}
}
else
{
return "Onbekende gebruikersnaam en/of wachtwoord.";
}
}
else
{
return 'SQL FAIL! ' . mysqli_error($db_accounts);
}
return "Onbekende fout!";
}
return false;
}
private function _checkBrute($user_id, $db_accounts)
{
// Get timestamp of current time
$now = time();
// All login attempts are counted from the past 2 hours.
$valid_attempts = $now - ($this->blockout_time * 60);
if ($stmt = $db_accounts->prepare("SELECT timestamp FROM login_attempts WHERE userID = ? AND timestamp > $valid_attempts"))
{
$stmt->bind_param('i', $user_id);
// Execute the prepared query.
$stmt->execute();
$stmt->store_result();
// If there has been more than 5 failed logins
if ($stmt->num_rows > $this->max_login_fails)
{
return true;
}
else
{
return false;
}
}
else
{
return true;
}
}
// Login Check if user is logged in correctly
private function _login_check()
{
// Database variables
$db_accounts = mysqli_connect($this->mySQL_accounts_host, $this->mySQL_accounts_username, $this->mySQL_accounts_password, $this->mySQL_accounts_database);
// Check if all session variables are set
if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string']))
{
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
if ($stmt = $db_accounts->prepare("SELECT login_password FROM accounts WHERE account_id = ? LIMIT 1"))
{
$stmt->bind_param('i', $user_id); // Bind "$user_id" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
if ($stmt->num_rows == 1)
{ // If the user exists
$stmt->bind_result($password); // get variables from result.
$stmt->fetch();
$login_check = hash('sha512', $password . $ip_address . $user_browser);
if ($login_check == $login_string)
{
// Logged In!!!!
return $user_id;
}
else
{
// Not logged in
return false;
}
}
else
{
// Not logged in
return false;
}
}
else
{
// Not logged in
//die("f3");
return false;
}
}
else
{
// Not logged in
return false;
}
}
}
secured_page
<?php
require_once 'assets/class.Firewizz.Security.php';
if (!isset($SECURITY))
{
$SECURITY = new Firewizz\Security();
}
// Check if user is logged in or redirect to login page;
$SECURITY->BORDER_PATROL(true, true);
// CONTENT bla bla
?>
getPDF.php
<?php
// Requires
require_once 'assets/class.FirePDF.php';
require_once 'assets/class.Firewizz.Security.php';
$SECURITY = new \Firewizz\Security();
$SECURITY->Start_Secure_Session();
// Html file to scrape, if this works replace with referer so the page that does the request gets printed.(prepend by security so it can only be done from securePlay
$html_file = 'http://www.website.nl/?p=overzichten&sort=someSort&s=67';
// Output pdf filename
$pdf_fileName = 'Test_Pdf.pdf';
/*
* cURL part
*/
// create curl resource
$ch = curl_init();
// set source url
curl_setopt($ch, CURLOPT_URL, $html_file);
// set cookies
$cookiesIn = "user_id=" . $_SESSION['user_id'] . "; username=" . $_SESSION['username'] . "; login_string=" . $_SESSION['login_string'] . ";";
// set cURL Options
$tmp = tempnam("/tmp", "CURLCOOKIE");
if ($tmp === FALSE)
{
die('Could not generate a temporary cookie jar.');
}
$options = array(
CURLOPT_RETURNTRANSFER => true, // return web page
//CURLOPT_HEADER => true, //return headers in addition to content
CURLOPT_ENCODING => "", // handle all encodings
CURLOPT_AUTOREFERER => true, // set referer on redirect
CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect
CURLOPT_TIMEOUT => 120, // timeout on response
CURLOPT_MAXREDIRS => 10, // stop after 10 redirects
CURLINFO_HEADER_OUT => true,
CURLOPT_SSL_VERIFYPEER => false, // Disabled SSL Cert checks
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_COOKIEJAR => $tmp,
//CURLOPT_COOKIEFILE => $tmp,
CURLOPT_COOKIE => $cookiesIn
);
// $output contains the output string
curl_setopt_array($ch, $options);
$output = curl_exec($ch);
// close curl resource to free up system resources
curl_close($ch);
// output the cURL
echo $output;
?>
我们如何测试
当前的测试是通过让用户登录并转到我们想要使用cURL获得的正确页面并验证他是否看到该页面(有效)来完成的。现在,我们在一个新选项卡中运行该页面,由于安全故障,我们在该选项卡中看到一个空白页。如果我们添加 ;在安全脚本中,我们看到 $_SESSION中的变量为空。当我们将同一行粘贴到 中时,我们看到它被设置在那里。所以我们知道一个事实是没有被cURL转移。getPDF.phpecho "session data:" . $_SESSION["login_string"]getPDF.php
一些简短的信息。
- 因此,使用上面的代码,我们得到一个空白页;
- $_SESSION 数据未发送;
- 非常确定饼干也不会发送;
- 尝试了各种cURL设置,没有一个成功;
- 如果传递所有$_SESSION和$_COOKIE数据,那将是完美的;
- 尝试了评论或答案中所说的一切。
