使用 cURL 针对 PHP 的 C++ 身份验证
C++ authentication against PHP with cURL
我正在尝试让我的 C++ 应用程序根据 Web 数据库验证 user/pass。为此,我有一个用于 user/pass 的简单 html 表单,它会触发身份验证 php 脚本。
我很难理解 cURL,因为我对它完全是菜鸟。
现在,我可以将数据发送到 html 表单,但我什至不知道我是否正常工作。
理想情况下,我希望您能教我怎么做,以及如何阅读回复。我的意思是,如果登录正确,我如何让 C++ 知道它?
我拥有的所有代码:
HTML
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<form method="post" action="check.php">
<input type="text" name="uname"/>
<input type="password" name="password"/>
<input type="submit"/>
</form>
</html>
PHP
<?php
$fileDir = '/var/www/html/forums/';
require($fileDir . '/src/XF.php');
XF::start($fileDir);
$app = \XF::setupAPP('XF\App');
$username = $_POST['uname']; $password = $_POST['password'];
$ip = $app->request->getIp();
$loginService = $app->service('XF:User\Login', $username, $ip);
$userValidate = $loginService->validate($password, $error);
if(!$userValidate)
{
//Not good pass / user
$data = ['validated' => false];
}
else $data = ['validated' => true];
header('Content-type: application/json');
echo json_encode($data);
?>
C++
#include "stdafx.h"
#include <iostream>
#include <stdio.h>
#include <curl/curl.h>
using namespace std;
int main()
{
char username[20];
char password[25];
cout << "Username: ";
cin >> username;
cout << "Password: ";
cin >> password;
/*------------------------------------------*/
CURL *curl;
CURLcode res;
curl_global_init(CURL_GLOBAL_ALL);
curl = curl_easy_init();
if (curl) {
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_URL, "https://localhost/index.hmtl");
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "uname=?&password=?", username, password);
res = curl_easy_perform(curl);
if (res != CURLE_OK) {
fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
}
curl_easy_cleanup(curl);
}
curl_global_cleanup();
}
编辑:可行的解决方案
#include "stdafx.h"
#include <iostream>
#include <stdio.h>
#include <string>
#include <curl/curl.h>
using namespace std;
string urlencode(const string &str) {
char *escaped = curl_escape(str.c_str(), str.length());
if (escaped == NULL) throw runtime_error("curl_escape failed!");
string ret = escaped;
curl_free(escaped);
return ret;
}
size_t my_write_function(const void * indata, const size_t size, const size_t count, void *out) {
(*(string*)out).append((const char*)indata, size*count);
return size * count;
}
int main()
{
string username;
string password;
cout << "Username: ";
getline(cin, username);
cout << "Password: ";
getline(cin, password);
/*------------------------------------------*/
CURL *curl;
CURLcode res;
curl_global_init(CURL_GLOBAL_ALL);
curl = curl_easy_init();
if (curl) {
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_URL, "https://urlto/index.html");
curl_easy_setopt(curl, CURLOPT_COPYPOSTFIELDS, string("uname=" + urlencode(username) + "&password=" + urlencode(password)).c_str());
string response;
curl_easy_setopt(curl, CURLOPT_URL, "https://urlto/check.php");
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, my_write_function);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);
res = curl_easy_perform(curl);
//cout << "Response from website: " << response << endl;
if (response.find("true") == string::npos) {
cout << "Failed to login";
}
else cout << "Log in successful";
if (res != CURLE_OK) {
fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
}
curl_easy_cleanup(curl);
}
curl_global_cleanup();
}
i dont even know if im doing properly. - 好吧,你的代码中肯定有几个错误,
首先,如果用户名超过 20 个字节,或者密码超过 25 个字节,您认为会发生什么情况?尝试
string username;
getline(cin, username);
相反。 c++ 将根据需要不断增加用户名的大小,直到你 运行 超出 ram,这是应该的。
我看到你在使用 CURLOPT_POSTFIELDS(而且是错误的),在你知道自己在做什么之前,我建议你改用 CURLOPT_COPYPOSTFIELDS。 (顺便说一句,我自己几乎总是使用 COPYPOSTFIELDS)这一行是错误的:
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "uname=?&password=?", username, password);`
因为 curl_easy_setopt() 只接受 3 个参数,但你试图给它 5 个。我不认为它甚至可以编译,但即使它可以,它肯定不应该工作在 运行 时间。
试试像这样的东西:
string urlencode(const string& str)
{
char *escaped = curl_escape(str.c_str(), str.length());
if (unlikely(escaped==NULL))
{
throw runtime_error("curl_escape failed!");
}
string ret = escaped;
curl_free(escaped);
return ret;
}
curl_easy_setopt(curl, CURLOPT_COPYPOSTFIELDS, string("uname="+urlencode(username)+"&password="+urlencode(password)).c_str());
至于读取(和捕获)输出,有很多方法可以做到,但是挂钩 CURLOPT_WRITEFUNCTION 怎么样?往往会起作用,例如:
size_t my_write_function( const void * indata, const size_t size, const size_t count, void *out){
(*(string*)out).append((const char*)indata,size*count);
return size*count;
}
然后
string response;
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,my_write_function);
curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response);
res = curl_easy_perform(curl);
cout << "response from website: " << response << endl;
现在您可以通过检查响应中是否存在字符串 "true" 来检查您是否已登录(因为如果您是,它应该响应类似 {validated:true} 的内容),例如
if(response.find("true")==string::npos){
cout << "failed to authenticate!";
}else{
cout << "authenticated successfully!";
}
(还有一个警告,虽然使用带有 CURLOPT_WRITEFUNCTION 的 lambda 回调可能很诱人,但它是一个陷阱,当将 curl 作为回调提供给 c++ lambda 时,它可能会崩溃......在那里,做到了。 )
我正在尝试让我的 C++ 应用程序根据 Web 数据库验证 user/pass。为此,我有一个用于 user/pass 的简单 html 表单,它会触发身份验证 php 脚本。
我很难理解 cURL,因为我对它完全是菜鸟。 现在,我可以将数据发送到 html 表单,但我什至不知道我是否正常工作。
理想情况下,我希望您能教我怎么做,以及如何阅读回复。我的意思是,如果登录正确,我如何让 C++ 知道它?
我拥有的所有代码:
HTML
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<form method="post" action="check.php">
<input type="text" name="uname"/>
<input type="password" name="password"/>
<input type="submit"/>
</form>
</html>
PHP
<?php
$fileDir = '/var/www/html/forums/';
require($fileDir . '/src/XF.php');
XF::start($fileDir);
$app = \XF::setupAPP('XF\App');
$username = $_POST['uname']; $password = $_POST['password'];
$ip = $app->request->getIp();
$loginService = $app->service('XF:User\Login', $username, $ip);
$userValidate = $loginService->validate($password, $error);
if(!$userValidate)
{
//Not good pass / user
$data = ['validated' => false];
}
else $data = ['validated' => true];
header('Content-type: application/json');
echo json_encode($data);
?>
C++
#include "stdafx.h"
#include <iostream>
#include <stdio.h>
#include <curl/curl.h>
using namespace std;
int main()
{
char username[20];
char password[25];
cout << "Username: ";
cin >> username;
cout << "Password: ";
cin >> password;
/*------------------------------------------*/
CURL *curl;
CURLcode res;
curl_global_init(CURL_GLOBAL_ALL);
curl = curl_easy_init();
if (curl) {
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_URL, "https://localhost/index.hmtl");
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "uname=?&password=?", username, password);
res = curl_easy_perform(curl);
if (res != CURLE_OK) {
fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
}
curl_easy_cleanup(curl);
}
curl_global_cleanup();
}
编辑:可行的解决方案
#include "stdafx.h"
#include <iostream>
#include <stdio.h>
#include <string>
#include <curl/curl.h>
using namespace std;
string urlencode(const string &str) {
char *escaped = curl_escape(str.c_str(), str.length());
if (escaped == NULL) throw runtime_error("curl_escape failed!");
string ret = escaped;
curl_free(escaped);
return ret;
}
size_t my_write_function(const void * indata, const size_t size, const size_t count, void *out) {
(*(string*)out).append((const char*)indata, size*count);
return size * count;
}
int main()
{
string username;
string password;
cout << "Username: ";
getline(cin, username);
cout << "Password: ";
getline(cin, password);
/*------------------------------------------*/
CURL *curl;
CURLcode res;
curl_global_init(CURL_GLOBAL_ALL);
curl = curl_easy_init();
if (curl) {
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_URL, "https://urlto/index.html");
curl_easy_setopt(curl, CURLOPT_COPYPOSTFIELDS, string("uname=" + urlencode(username) + "&password=" + urlencode(password)).c_str());
string response;
curl_easy_setopt(curl, CURLOPT_URL, "https://urlto/check.php");
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, my_write_function);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);
res = curl_easy_perform(curl);
//cout << "Response from website: " << response << endl;
if (response.find("true") == string::npos) {
cout << "Failed to login";
}
else cout << "Log in successful";
if (res != CURLE_OK) {
fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
}
curl_easy_cleanup(curl);
}
curl_global_cleanup();
}
i dont even know if im doing properly. - 好吧,你的代码中肯定有几个错误,
首先,如果用户名超过 20 个字节,或者密码超过 25 个字节,您认为会发生什么情况?尝试
string username;
getline(cin, username);
相反。 c++ 将根据需要不断增加用户名的大小,直到你 运行 超出 ram,这是应该的。
我看到你在使用 CURLOPT_POSTFIELDS(而且是错误的),在你知道自己在做什么之前,我建议你改用 CURLOPT_COPYPOSTFIELDS。 (顺便说一句,我自己几乎总是使用 COPYPOSTFIELDS)这一行是错误的:
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "uname=?&password=?", username, password);`
因为 curl_easy_setopt() 只接受 3 个参数,但你试图给它 5 个。我不认为它甚至可以编译,但即使它可以,它肯定不应该工作在 运行 时间。 试试像这样的东西:
string urlencode(const string& str)
{
char *escaped = curl_escape(str.c_str(), str.length());
if (unlikely(escaped==NULL))
{
throw runtime_error("curl_escape failed!");
}
string ret = escaped;
curl_free(escaped);
return ret;
}
curl_easy_setopt(curl, CURLOPT_COPYPOSTFIELDS, string("uname="+urlencode(username)+"&password="+urlencode(password)).c_str());
至于读取(和捕获)输出,有很多方法可以做到,但是挂钩 CURLOPT_WRITEFUNCTION 怎么样?往往会起作用,例如:
size_t my_write_function( const void * indata, const size_t size, const size_t count, void *out){
(*(string*)out).append((const char*)indata,size*count);
return size*count;
}
然后
string response;
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,my_write_function);
curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response);
res = curl_easy_perform(curl);
cout << "response from website: " << response << endl;
现在您可以通过检查响应中是否存在字符串 "true" 来检查您是否已登录(因为如果您是,它应该响应类似 {validated:true} 的内容),例如
if(response.find("true")==string::npos){
cout << "failed to authenticate!";
}else{
cout << "authenticated successfully!";
}
(还有一个警告,虽然使用带有 CURLOPT_WRITEFUNCTION 的 lambda 回调可能很诱人,但它是一个陷阱,当将 curl 作为回调提供给 c++ lambda 时,它可能会崩溃......在那里,做到了。 )