Recently, I want to climb some of Taobao's products , However, if you want to use search and other functions, you need to log in , So I came up with an article to simulate the login of Taobao ！

Taobao series tutorial ：

• Chapter one ：Python Simulated Login Taobao , Explain in detail how to use requests Library login Taobao pc End .
• Second articles ： Taobao auto login 2.0, newly added Cookies serialize , Teach you how to cookies Save up .
• Third articles ：Python Take Taobao condom , Teach you how to climb Taobao pc End product information .
• Fourth articles ：Python analysis 2000 A condom , How to do data analysis and draw conclusions .

Taobao complete series above ,vx Scan the QR code below the code , Focus on vx official account ： Naked pigs reply ： TaoBao You can get the tutorial and source code ！

I read a lot about simulated Login on Taobao , But it's basically using scrapy、pyppeteer、selenium Wait for the library to simulate login , But we haven't talked about these libraries yet , Just about requests library , Let's use it today requests Library simulation login Taobao ！

Talk about analog login before Taobao , Let's review the previous use of requests Database simulation login Douban and Sina weibo The process of ： This kind of simulated Login is a relatively simple login , Just upload and verify the user name and password at the time of login request , That is to say, one step in place ！

And Taobao login is more complex , Why is it complicated ？ Because Taobao login There are many parameters involved And Ask more than once ！ Let's talk about the process of Taobao login first , First, understand the process principle , Go ahead and type the code , It's easy for everyone to understand ！

One 、 Taobao login process

For your understanding , Brother pig drew a non-standard Taobao login request sequence diagram

TaoBao ua Parameters ：ua(User-Agent) So it's called user agent , Taobao's ua Parameters are added to the browser 、ip、 The computer 、 Time and other information , And then encryption is generated , Use... In many places , It's not just logging in ！

Above is a more detailed flow chart , Considering from the code level, brother pig divides the simulated Login to Taobao into the following four steps ：

1. After entering the user name , The browser will ask Taobao （taobao.com） To launch a post Request , Determine whether the slider verification appears ！
2. After the user enters the password , Browser to Taobao （taobao.com） Launch another post request , Verify that the username and password are correct , If it is correct, return a token.
3. Browser holding token Go to Alibaba （alibaba.com） In exchange for st code ！
4. Browser access st After a yard , Hold st Code acquisition cookies, Login successful

Some students may ask questions here ： Why Taobao （taobao.com） After the verification is passed, you need to take token Go to Alibaba （alibaba.com） In exchange for st Yard ？ Let's talk about this later ！

Two 、 Simulated Login implementation

We only talked about the login process , Here, brother pig will first explain the operation of each step in detail , Then paste out the implementation code ！

1. Determine if a verification code is needed

At present, when we log in to Taobao , In most cases, the slider verification code will not appear , Piggy tried to log in and out many times, but only once in the middle , What controls whether the slider verification code is needed ？

As can be seen from the above figure , When pig enters the user name （ It must be a mobile phone number ） after , The browser will launch a post request , To verify whether the slider verification code needs to appear , If you return true, The slider verification code appears ！ Otherwise, it will not appear , In general, it will not appear ！

We can see in the picture this time post The request uploads two parameters ：username、ua！

Brother pig said before ua For browsers 、ip、 Device information and other multi information encryption parameters , So brother pig guesses whether the verification code of Taobao appears not only from the account point of view , also ip、 Equipment etc ！

for instance ： A device may have a large number of accounts logged in , At this time, Taobao can start from ua Parameter to get the device number , Then limit the device ！

After knowing the process and request links and parameters , We can use code to request ！

2. Verify username and password

Here is the first step in the above sequence diagram 5 Step ： Request login , The user name will be 、ua Parameters 、 Encryption password, etc 30 A dozen parameters post To Taobao （taobao.com） To verify .

Let's implement it in code , Don't be frightened by so many parameters , It's all copied from the browser ！

Look at the result of the request ！

You can see the application st Code link with a token, Specifically token What is it for? Let's analyze it later ！

3. apply st code

We have applied to Taobao （taobao.com） Of token, This step is to use token In exchange for st code .

Many people here may have questions ： Why is Taobao so troublesome to log in ？ Directly in taobao.com Login is OK ？ Why do you have to be first in taobao Verify username and password , Go to... After passing alibaba.com Exchange for st Code login ？

The framework of any company is the result of a gradual evolution , I think the initial Taobao login is not so complicated . But as Alibaba grows , Many business lines are divided , But these business lines are related , Such as user After logging into the Taobao account, tmall doesn't need to log in anymore ？（ Note that Taobao and tmall's top-level domains are different , So we can't share cookis） To solve this problem , Single sign on And that's what happened .

Single sign on （Single Sign On）, Referred to as SSO, Is one of the more popular enterprise business integration solutions .SSO Is defined in multiple application systems , Users only need to log in once to access all mutual trust application systems . —— Baidu Encyclopedia

Many large enterprises almost do single sign on , Alibaba's single sign on system must be the parent company Alibaba （alibaba.com） Here we go , All subsidiaries call the parent company interface ！

We will come back to analyze why Taobao login is so complicated ： User data is here on Taobao , So we need to Taobao now （taobao.com） Verify user name and password , Verify by generating a token, Browser holding token Go to Alibaba （alibaba.com） Apply for single sign on code （st code ）, Alibaba received a request to verify token Pass and return st code , So use token in st The reason for the code is single sign on ！

After understanding the design principles , Code implementation is very clear ！

4. Use st Code login

Succeed in getting st After the code, we can log in , This step is through st Code to get the login cookies.

Here we have simulated the success of Taobao login ！

5. Get Taobao's nickname

In fact, we have successfully logged into Taobao and returned the link to the user's home page , In order to further verify the login success , Just ask for Taobao's user homepage , By the way, take out Taobao's nickname ！

3、 ... and 、 summary

Let's summarize a little after the whole talk , Mainly from The code structure and The problem is Two aspects ：

1. The code structure

To release a code structure diagram , Let us have an intuitive understanding of

This is the four steps of simulated Login Taobao that we mentioned earlier , But here we are using code to realize ！

2. Existing problems

Before writing this tutorial, brother pig also learned about it on the Internet , Then I use the browser and the bag grabbing tool （Charles） Step by step practice , The most important thing is that you first need to understand the general process of Taobao login , Otherwise, you will be confused in actual operation , Let's talk about the current problems and existing problems

1. The first problem is to unlock Taobao's slider , at present requests There's no good way to crack it , After introducing some crawler frames, let's break them ！
2. Brother pig tried many times （50 More than once ） There is no slider verification code for login and exit .
3. Someone on the Internet uses an agent ip, It's no use here , As long as you're not super super super frequent and crawling a lot of data , In general, big factories are not very good at sealing ip, Because there is a wide range of injury rate and influence users , Maybe one is the whole community .
4. When verifying the user name and password in the second step , Uploaded near 30 Parameters , If you put username、ua、 You can try to copy the encrypted password to verify it or not 30 Change one parameter to... In your browser ！
5. There is an occasional mistake in step 3 and step 4 , Just try again ！

See here is not feeling Taobao analog login on a lot of clear , Interested students can collect and forward , Try it on your own at weekends . Conquer Taobao login , Other logins are relatively simple ！

Access to the source code ,vx Scan the qr code below , Focus on vx official account 「 Naked pigs 」 reply ： Simulated Login Taobao Can get ！