PHP中使用CURL(一)
执行流程:
curl_init()初始化 -> curl_setopt()设置变量 -> curl_exec()获取结果 -> curl_close()释放句柄
Get:
1
2
3
4
5
6
7
|
$ch =
curl_init(); curl_setopt( $ch ,
curlOPT_URL, "http://www.baidu.com" ); curl_setopt( $ch ,
curlOPT_RETURNTRANSFER, 1); curl_setopt( $ch ,
curlOPT_HEADER, 0); $output =
curl_exec( $ch ); curl_close( $ch ); print_r( $output ); |
Post:
1
2
3
4
5
6
7
8
9
10
|
$url = "http://www.yudis.cn/callback.php" ; $data =
[ "username" => "uname" ]; $ch =
curl_init(); curl_setopt( $ch ,
curlOPT_URL, $url ); curl_setopt( $ch ,
curlOPT_RETURNTRANSFER, 1); curl_setopt( $ch ,
curlOPT_POST, 1); curl_setopt( $ch ,
curlOPT_POSTFIELDS, $data ); $output =
curl_exec( $ch ); curl_close( $ch ); print_r( $output ); |
PHP中使用CURL(二)
https不需要进行ca认证和证书中域名认证
1
2
|
curl_setopt( $ch ,CURLOPT_SSL_VERIFYHOST,false); curl_setopt( $ch ,CURLOPT_SSL_VERIFYPEER,false); |
例如:
1
2
3
4
5
6
7
|
$ch =curl_init(); $url = 'https://www.yudis.cn/callback.html' ; curl_setopt( $ch ,CURLOPT_URL, $url ); curl_setopt( $ch ,CURLOPT_RETURNTRANSFER,1); curl_setopt( $ch ,CURLOPT_SSL_VERIFYHOST,false); curl_setopt( $ch ,CURLOPT_SSL_VERIFYPEER,false); $ret =curl_exec( $ch ); |
https需要进行ca认证和证书中域名认证
1
2
3
4
|
curl_setopt( $ch ,CURLOPT_SSL_VERIFYPEER,true); //只信任CA颁布的证书 $cacert = getcwd (). '/zhenshu.crt' ; //证书的位置 curl_setopt( $ch ,CURLOPT_CAINFO, $cacert ); //CA根证书 curl_setopt( $ch ,CURLOPT_SSL_VERIFYHOST,1); //检查证书中是否设置域名 |
例如:
1
2
3
4
5
6
7
8
9
|
$ch =curl_init(); $url = 'https://www.yudis.cn/callback.html' ; curl_setopt( $ch ,CURLOPT_URL, $url ); curl_setopt( $ch ,CURLOPT_RETURNTRANSFER,1); curl_setopt( $ch ,CURLOPT_SSL_VERIFYPEER,true); //只信任CA颁布的证书 $cacert = getcwd (). '/zhenshu.crt' ; //证书的位置 curl_setopt( $ch ,CURLOPT_CAINFO, $cacert ); //CA根证书 curl_setopt( $ch ,CURLOPT_SSL_VERIFYHOST,1); //检查证书中是否设置域名 $ret =curl_exec( $ch ); |
PHP中使用CURL(三)
对 post 提交的数据进行 http_build_query处理,然后再send出去,能实现更好的兼容性,更小的请求数据包。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
<?php /** *
PHP发送Post数据 *
@param string $url 请求url *
@param array/string $params 发送的参数 *
@return array */ function http_post_data( $url , $params = array ()) { if ( is_array ( $params )) { $params =
http_build_query( $params ,
null, '&' ); } $ch =
curl_init(); curl_setopt( $ch ,
CURLOPT_POST, 1); curl_setopt( $ch ,
CURLOPT_URL, $url ); curl_setopt( $ch ,
CURLOPT_POSTFIELDS, $params ); curl_setopt( $ch ,
CURLOPT_RETURNTRANSFER, 1); $response =
curl_exec( $ch ); $httpCode =
curl_getinfo( $ch ,
CURLINFO_HTTP_CODE); curl_close( $ch ); return array ( $httpCode , $response ); } $url = "http://blog.snsgou.com" ; $data = array ( 'a' =>
1, 'b' =>
2, 'c' =>
2); list( $returnCode , $returnContent )
= http_post_data( $url , $data ); |
PHP中使用CURL(四)
为了安全,我们的web服务主机往往不能上网。维护的时候,也是通过跳板机,ssh登录后去操作。有时候我们的程序需要访问外网。比如需要调用外网其他程序的某个接口。这时可以通过PHP的CURL函数的CURLOPT_HTTPHEADER来配置设置host访问。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
<?php $host = array ( "Host:
act.qzone.qq.com" ); $data = 'user=xxx&qq=xxx&id=xxx&post=xxx' ; $url = 'http://192.168.1.12/xxx/xxx/api/' ; var_dump( $this ->curl_post( $host , $data , $url )
); / *
提交请求 *
@param $host array 需要配置的域名 array ( "Host:
app.cloopen.com" ); *
@param $data string
需要提交的数据 'post=xxx' *
@param $url string
要提交的url 'https://app.cloopen.com:8883/2013-12-26/Accounts/' ; */ function curl_post( $host , $data , $url ) { $ch =
curl_init(); $res =
curl_setopt ( $ch ,
CURLOPT_URL, $url ); var_dump( $res ); curl_setopt( $ch ,
CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt( $ch ,
CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt
( $ch ,
CURLOPT_HEADER, 0); curl_setopt( $ch ,
CURLOPT_POST, 1); curl_setopt( $ch ,
CURLOPT_POSTFIELDS, $data ); curl_setopt
( $ch ,
CURLOPT_RETURNTRANSFER, 1); curl_setopt( $ch ,CURLOPT_HTTPHEADER, $host ); $result =
curl_exec ( $ch ); curl_close( $ch ); if ( $result ==
NULL) { return 0; } return $result ; } ?> |
PHP中使用CURL(五)
curl伪造IP和来源
client.php请求server.php
client.php
1
2
3
4
5
6
7
8
9
|
<?php $ch =
curl_init(); curl_setopt( $ch ,
CURLOPT_URL, "http://localhost/server.php" ); curl_setopt( $ch ,
CURLOPT_HTTPHEADER, array ( 'X-FORWARDED-FOR:8.8.8.8' , 'CLIENT-IP:8.8.8.8' )); //构造IP curl_setopt( $ch ,
CURLOPT_REFERER, "http://www.google.com/
" );
//构造来路 curl_setopt( $ch ,
CURLOPT_HEADER, 1); $out =
curl_exec( $ch ); curl_close( $ch ); ?> |
server.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
<?php function getClientIp()
{ if (! empty ( $_SERVER [ "HTTP_CLIENT_IP" ])) $ip = $_SERVER [ "HTTP_CLIENT_IP" ]; else if (! empty ( $_SERVER [ "HTTP_X_FORWARDED_FOR" ])) $ip = $_SERVER [ "HTTP_X_FORWARDED_FOR" ]; else if (! empty ( $_SERVER [ "REMOTE_ADDR" ])) $ip = $_SERVER [ "REMOTE_ADDR" ]; else $ip = "err" ; return $ip ; } echo "IP:
" .
getClientIp() . "" ; //IP echo "referer:
" . $_SERVER [ "HTTP_REFERER" ]; //来源 ?> |
注:这个伪造建立在对方不对proxy ip还有remote_addr同时封禁的效果上。
PHP中使用CURL(六)
curl常用的几个例子
1、抓取无访问控制文件
1 <?php 2 $ch = curl_init(); 3 curl_setopt($ch, CURLOPT_URL, "http://localhost/mytest/phpinfo.php"); 4 curl_setopt($ch, CURLOPT_HEADER, false); 5 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); //如果把这行注释掉的话,就会直接输出 6 $result=curl_exec($ch); 7 curl_close($ch); 8 ?>
2、使用代理进行抓取
<?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://blog.snsgou.com"); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, TRUE); curl_setopt($ch, CURLOPT_PROXY, 125.21.23.6:8080); //url_setopt($ch, CURLOPT_PROXYUSERPWD, 'user:password');如果要密码的话,加上这个 $result=curl_exec($ch); curl_close($ch); ?>
3、post数据后,抓取数据
<?php $ch = curl_init(); $data = array('name' => 'test', 'sex' => 1);//array(1) curl_setopt($ch, CURLOPT_URL, 'http://localhost/mytest/curl/userinfo.php'); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_exec($ch); ?>
4、抓取一些有页面访问控制的页面
<?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://club-china"); curl_setopt($ch, CURLOPT_USERPWD, '[username]:[password]');//破解页面访问控制 curl_setopt($ch, CURLOPT_HTTPGET, 1); curl_setopt($ch, CURLOPT_REFERER, "http://club-china"); curl_setopt($ch, CURLOPT_HEADER, 0); $result = curl_exec($ch); curl_close($ch); ?>
5、模拟登录
<?php function checkLogin($user, $password){ if (empty($user) || empty($password)){ return false; } $ch = curl_init(); curl_setopt($ch, CURLOPT_REFERER, "http://mail.sina.com.cn/index.html"); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_USERAGENT, USERAGENT); curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIEJAR); curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT); curl_setopt($ch, CURLOPT_URL, "http://mail.sina.com.cn/cgi-bin/login.cgi"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, "&logintype=uid&u=" . urlencode($user) . "&psw=" . $password); $contents = curl_exec($ch); curl_close($ch); if (!preg_match("/Location: (.*)\\/cgi\\/index\\.php\\?check_time=(.*)\n/", $contents, $matches)){ return false; }else{ return true; } } define("USERAGENT", $_SERVER['HTTP_USER_AGENT']); define("COOKIEJAR", tempnam("c:\windwos\temp", "cookie")); define("TIMEOUT", 500); echo checkLogin("username", "password"); ?>
6、文件上传
<?php /** * @param string $target_url 上传目标地址 * @param string $filename 上传文件路径 * @param string $form_name 表单名称 */ function curlUploadFile($target_url, $filename, $form_name) { $upload_file = new CURLFile($filename); $post_data = array( $form_name => $upload_file ); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $target_url); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($ch); curl_close($ch); } $target_url = 'http://www.codean.net/notFound/test.php'; $filename = realpath("C:/Users/HelloWorld/Desktop/Images/1.jpg"); $form_name = 'file'; // 接收端使用$_FILES接受 curlUploadFile($target_url, $filename, $form_name); ?>
7、文件流上传
/* * 第三种写法,使用PHP流发送 * @param string $target_url 上传目标地址 */ function curlUploadFile($target_url) { $fh = fopen('php://temp', 'rw+'); $string = 'Hello World'; fwrite($fh, $string); rewind($fh); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $target_url); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($ch, CURLOPT_PUT, true); curl_setopt($ch, CURLOPT_INFILE, $fh); curl_setopt($ch, CURLOPT_INFILESIZE, strlen($string)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); curl_close($ch); } $target_url = 'http://www.codean.net/notFound/test.php'; curlUploadFile($target_url); // 接收端取出流文件并保存 $putdata = fopen('php://input', 'r'); $fp = fopen('test.txt', 'w'); while ($data = fread($putdata, 1024)) { fwrite($fp, $data); } fclose($fp); fclose($putdata);