我一直在尝试制作简单的 Steam 机器人,通过登录 Steam 页面然后发送公告来向 Steam 群组发送公告。我在登录时卡住了。这是我所拥有的:
include('Math/BigInteger.php');
include('Crypt/RSA.php');
$url = 'http://store.steampowered.com/login/getrsakey/'; // here I get public key
$data = array('username' => 'user'); // I'm sending username by POST method
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded'r'n",
'method' => 'POST',
'content' => http_build_query($data),
),
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$result = json_decode($result)
// And this is part that don't work:
$rsa = new Crypt_RSA();
$key = array(
'n' => new Math_BigInteger($result->publickey_mod,16),
'e' => new Math_BigInteger($result->publickey_exp,2)
);
$rsa->loadKey($key);
$password = $rsa->encrypt("password"); // encrypting password
$data = array(
'username' => 'user',
'password' => $password,
'twofactorcode'=> "",
'emailauth'=> "",
'loginfriendlyname'=> "",
'captchagid'=> "",
'captcha_text'=> "",
'emailsteamid'=> "",
'rsatimestamp'=> $result->timestamp,
'remember_login'=> "false"
);
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded'r'n",
'method' => 'POST',
'content' => http_build_query($data),
),
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
结果是:
{"success":false}
问题是加密的密码看起来与我使用 Steam 使用的 javascript 函数加密时不同。所以我尝试在javascript中加密密码,然后将其粘贴到PHP代码中,但这也没有用。
任何帮助将不胜感激。
最初,我来这里是为了寻找我自己问题的答案,但我很失望地看到没有人正式提供答案。所以,在使用这里的信息为自己指出正确的方向之后,我已经削减了大约一个小时,终于让它为自己工作了。
为了使其正常工作,您所要做的就是在此处下载.zip文件:https://github.com/phpseclib/phpseclib。将其解压缩到服务器/应用程序目录,然后使用以下代码。
<?php
include('Math/BigInteger.php');
include('Crypt/RSA.php');
define('CRYPT_RSA_PKCS15_COMPAT', true); // May not be necessary, but never hurts to be sure.
$url_rsa = 'https://steamcommunity.com/login/getrsakey/?username=';
$username = ""; // Insert bot's username here.
$password = ""; // Insert bot's password here.
// Skip the extra work of POST'ing the data, just GET'ing the url works fine and saves space
$result = file_get_contents($url_rsa . $username);
$result = json_decode($result);
/*if ($result->success){
echo "Got Info!<br/><br/>";
} else if (!$result->success){ // Remove comment markers during testing
echo "Unable to grab Info<br/><br/>"; // You can also use this to log errors to a database or email you if needed.
}*/
//echo var_dump($result);
// More testing code, just to help you see what's going on.
//echo "<br/><br/>";
$rsa = new Crypt_RSA();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$key = array(
'n' => new Math_BigInteger($result->publickey_mod,16),
'e' => new Math_BigInteger($result->publickey_exp,16) // Fixed base :)
);
$rsa->loadKey($key);
$password = base64_encode($rsa->encrypt($password)); // Steam uses Base64_Encode()
//echo "Password Encrypted: " . $password . "<br/><br/>";
// Should look like numbers and letters, any 'weird' characters shouldn't be here
$data = array(
'username' => $username,
'password' => $password,
'twofactorcode'=> "",
'emailauth'=> "",
'loginfriendlyname'=> "",
'captchagid'=> "", // If all goes well, you shouldn't need to worry
'captcha_text'=> "", // about Captcha.
'emailsteamid'=> "",
'rsatimestamp'=> $result->timestamp,
'remember_login'=> "false"
);
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded'r'n",
'method' => 'POST',
'content' => http_build_query($data),
),
);
$url="https://steamcommunity.com/login/dologin/";
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$result = json_decode($result);
//echo var_dump($result);
// Hopefully everything went O.K. and you should be able pull out tokens
// for usage in your application.
?>
结果应类似于以下内容:
{
"success":true,
"requires_twofactor":false,
"login_complete":true,
"transfer_urls":["https:'/'/store.steampowered.com'/login'/transfer","https:'/'/help.steampowered.com'/login'/transfer"],
"transfer_parameters":{
"steamid":"XXXXXXXXXXXXXXXXX",
"token":"Combination of Letters and Numbers",
"auth":"Looks like a Hash Here",
"remember_login":false,
"token_secure":"More Letters and Numbers"
}
}
在创建机器人时,尤其是可能被委托保存人们贵重物品的机器人(就像大多数机器人一样),最好使用非常安全的密码。
一个好的格式是大约 20 个字符长的密码,包含数字、字母和一些符号。一个在客户端生成密码的好网站是 http://passwordsgenerator.net。请遵循网站上列出的建议,以确保您的帐户安全。