问题
I try to login on steam using the following code.
steamcommunity.com/login/getrsakey
first request is successful.
Request a steamcommunity.com/login/dologin/
all the time gives an error incorrect login.
Perhaps dealing with encryption password or need to add ssl.
I use to encrypt library on http://phpseclib.sourceforge.net/
function geturl($url, $ref, $cookie, $postdata, $header, &$info, &$output)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36');
if ($ref)
{
curl_setopt($ch, CURLOPT_REFERER, $ref);
}
if ($cookie)
{
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
}
if ($postdata)
{
curl_setopt($ch, CURLOPT_POST, true);
$postStr = "";
foreach ($postdata as $key => $value)
{
if ($postStr)
$postStr .= "&";
$postStr .= $key . "=" . $value;
}
curl_setopt($ch, CURLOPT_POSTFIELDS, $postStr);
}
curl_setopt($ch, CURLOPT_HEADER, $header);
$info = curl_getinfo($ch);
$output = curl_exec($ch);
curl_close($ch);
}
geturl("https://steamcommunity.com/login/getrsakey", null, null, array('username' => $login), 0, $info, $output);
$data = json_decode($output, true);
if ($data['success'] === true)
{
$publickey_exp = $data['publickey_exp'];
$publickey_mod = $data['publickey_mod'];
$RSA = new Crypt_RSA();
$RSA->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$n = new Math_BigInteger($publickey_mod, 16);
$e = new Math_BigInteger($publickey_exp, 16);
$key = array("modulus"=>$n, "publicExponent"=>$e);
$RSA->loadKey($key, CRYPT_RSA_PUBLIC_FORMAT_RAW);
$encryptedPassword = base64_encode($RSA->encrypt($password, false));
$captchaGid = -1;
$captchaText;
$emailAuth;
$emailSteamId;
$params = array(
'username' => $login,
'password' => $encryptedPassword,
'rsatimestamp' => $data['timestamp'],
'captcha_gid' => $captchaGid,
'captcha_text' => $captchaText,
'emailauth' => $emailAuth,
'emailsteamid' => $emailSteamId
);
geturl("https://steamcommunity.com/login/dologin/", null, null, $params, 0, $info, $output);
$data = json_decode($output, true);
var_dump($data);
if ($data['captcha_needed'])
{
$captchaGid = $data['captcha_gid'];
echo '<img src="https://steamcommunity.com/public/captcha.php?gid=' . $captchaGid . '">';
}
}
回答1:
I think it would be better to use third-part libraries to auth. Check this one: https://github.com/SmItH197/SteamAuthentication
It creates login button like "Sign in via Facebook".
EDIT: Steam has alsow his own API https://steamcommunity.com/dev
回答2:
I can't be sure, but it looks like you are attempting to log a user into your site using Steam as the login method. Is this what you are attempting to do? If so, I recommend using the LightOpenID library.
<?php
require 'includes/lightopenid/openid.php';
$_STEAMAPI = "YOURSTEAMAPIKEY";
try
{
$openid = new LightOpenID('http://URL.TO.REDIRECT.TO.AFTER.LOGIN/');
if(!$openid->mode)
{
if(isset($_GET['login']))
{
$openid->identity = 'http://steamcommunity.com/openid/?l=english'; // This is forcing english because it has a weird habit of selecting a random language otherwise
header('Location: ' . $openid->authUrl());
}
?>
<form action="?login" method="post">
<input type="image" src="http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_small.png">
</form>
<?php
}
elseif($openid->mode == 'cancel')
{
echo 'User has canceled authentication!';
}
else
{
if($openid->validate())
{
$id = $openid->identity;
// identity is something like: http://steamcommunity.com/openid/id/76561197960435530
// we only care about the unique account ID at the end of the URL.
$ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
preg_match($ptn, $id, $matches);
echo "User is logged in (steamID: $matches[1])\n";
// $matches[1] is the profile ID you will want to use for additional API calls
}
else
{
echo "User is not logged in.\n";
}
}
}
catch(ErrorException $e)
{
echo $e->getMessage();
}
?>
At the end of this login, you will have the user's profile ID (ie. 76561197960435530
) which you can use against many of the API's that Steam provides to gather further information on the player.
回答3:
Use "urlencode()"
function
$encryptedPassword = urlencode(base64_encode($RSA->encrypt($password, false)));
来源:https://stackoverflow.com/questions/22749711/how-i-can-authentication-on-steam-site