set_time_limit(0);
session_start();
require("config.php");
if($_SERVER["REQUEST_METHOD"]=="POST")
{
$cookie_jar2=tempnam("temp","C3");
$cookie_jar3=tempnam("temp","C4");
$array=array(
'answer'=>'',
'formhash'=>$_SESSION["hash"],
'loginfield'=>'username',
'loginsubmit'=>true,
'password'=>trim($_POST["password"]),
'questionid'=>0,
'seccodeverify'=>trim($_POST["code"]),
'username'=>trim($_POST["username"]),
);
$url=DZ."logging.php?action=login&loginsubmit=yes";
$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_USERAGENT,$_SERVER["HTTP_USER_AGENT"]);
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,http_build_query($array));
curl_setopt($ch,CURLOPT_COOKIEFILE,$_SESSION["cookie_jar1"]);
curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_jar2);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_exec($ch);
curl_close($ch);
$url=DZ."index.php";
$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_USERAGENT,$_SERVER["HTTP_USER_AGENT"]);
curl_setopt($ch,CURLOPT_COOKIEFILE,$cookie_jar2);
curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_jar3);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
$html=curl_exec($ch);
curl_close($ch);
preg_match("/(?<=name="formhash" value=").*?(?=")/",$html,$hash);
echo $html."<br>";
}
?>
html文件
header("Content-Type:text/html;charset=utf-8");
?>
请先配置config.php,没有验证码的请直接忽略验证码,不支持中文帐号,仅作交流使用
<form id="form1" name="form1" method="post" action="post.php">
验证码<input type="text" name="code" onblur="ischeck('check.php','status')"><img src="getcode.php" style="cursor:pointer;" onclick="this.src+='?'+Math.floor(Math.random()*10);" alt="点击刷新" ><div id="status"></div><br>
用户<input type="text" name="username" value=""><br>
密码<input type="text" name="password" value=""><br>
<input type="submit" name="sub" value="提交">
</form>
<script>
function ischeck(url,id)
{
var xhr=window.ActiveXObject? new ActiveXObject("Microsoft.XMLHTTP"):new XMLHttpRequest();
xhr.onreadystatechange=function ()
{
if(xhr.readyState==4&&xhr.status==200)
{
document.getElementById(id).innerHTML=xhr.responseText;
}
}
a=document.form1.code.value;
url=url+"?code="+a;
xhr.open("GET",url,true);
xhr.setRequestHeader("If-Modified-Since","0");
xhr.send(null);
}
</script>