php curl 仿冒

php curl 伪造
http://www.yygh.net/index.php

直接表格提交，一直提示账号不存在。应该后台需要验证。


我想伪造Origin的来源。不知道这么设置origin的来源

$ch = curl_init(); //初始化
$this->url = "http://www.yygh.net/usercenter/userinfo_action.php";
$fields = 'actionpost=login&logintype=0&cardtype=1&userid=34262619702200379&pwd=123qwe&validate=cndm&imagesField.x=32&imageField.y=11';
curl_setopt($ch, CURLOPT_POST, 1);//设置为POST方式
curl_setopt($ch, CURLOPT_POSTFIELDS,$fields); 

curl_setopt($ch, 这里);
        
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名
curl_setopt($ch, CURLOPT_URL, $this->url);


curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串，而非直接输出

 $this->content=curl_exec($ch);
 curl_close($ch);
------解决思路----------------------

<?php<br />$cookie_file = dirname(__FILE__).'/cookie.txt';<br /><br />if(isset($_GET['verification'])) {<br />  $url = 'http://www.yygh.net/include/validateimg.php?' . rand();<br />  $ch = curl_init(); //初始化       <br />  curl_setopt($ch, CURLOPT_COOKIEFILE,  $cookie_file); <br />  curl_setopt($ch, CURLOPT_URL, $url);<br />  curl_exec($ch);<br />  curl_close($ch);<br />  exit;<br />}<br />if(! $_POST) {<br />  $url = "http://www.yygh.net/usercenter/userinfo_action.php";<br />  $ch = curl_init(); //初始化       <br />  curl_setopt($ch, CURLOPT_COOKIEJAR,  $cookie_file); //存储cookies<br />  curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0<br />  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '<br />  curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名<br />  curl_setopt($ch, CURLOPT_URL, $url);<br />  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串，而非直接输出<br />  $content = curl_exec($ch);<br />  curl_close($ch);<br />echo <<< HTML<br /><form method=post><br /><img  src='?verification=1' alt="php curl 仿冒" ><br /><input type=text name=code><br /><input type=submit value=ok><br /></form><br />HTML;<br />  exit;<br />}else {<br />  $ch = curl_init(); //初始化       <br />  $url = "http://www.yygh.net/usercenter/userinfo_action.php";<br />  $fields = array(<br />    'actionpost' => 'login',<br />    'logintype' => 0,<br />    'cardtype' => 1,<br />    'userid' => '330724197712316212',<br />    'pwd' => '123qwe',<br />    'validate' => $_POST['code'],<br />    //cndm&imagesField.x=32&imageField.y=11';<br />  );<br />  curl_setopt($ch, CURLOPT_POST, 1);//设置为POST方式<br />  curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); <br />  curl_setopt($ch, CURLOPT_COOKIEFILE,  $cookie_file); //使用上面获取的cookies<br />  curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0<br />  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '<br />  curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名<br />  curl_setopt($ch, CURLOPT_URL, $url);<br />  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串，而非直接输出<br />  $content = curl_exec($ch);<br />  curl_close($ch);<br />  echo $content;  <br />}<br />

请核实用户信息的正确性