muppet77 Posted January 23, 2016 Share Posted January 23, 2016 the url now has an 's' after the http $text = file_get_contents('https://www.xxx.com); and i get Warning: file_get_contents() [function.file-get-contents]: Failed to enable crypto in ....... i've tried adding the 's' to the file get contents above without luck and also added allow_url_fopen allow_url_include = On extension=php_openssl.dll allow_url_fopen = On to the php5.ini file (which is hosted in the webroot.) any ideas? thank you Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 23, 2016 Share Posted January 23, 2016 any ideas? Yes: Stop using those remote fopen/file_get_contents hacks. Not only do they open your entire website to remote file inclusion attacks (you've just allowed PHP to load code from arbitrary URLs). They also have a long history of security vulnerabilities. For example, PHP won't even check the certificate by default, which turns the whole HTTPS thing into a joke. Use a proper HTTP/HTTPS library like cURL. Quote Link to comment Share on other sites More sharing options...
requinix Posted January 24, 2016 Share Posted January 24, 2016 Not only do they open your entire website to remote file inclusion attacks (you've just allowed PHP to load code from arbitrary URLs).Huh. I must have missed the changelog entry that says "file_get_contents() will now attempt to execute what it retrieves as PHP code". Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 24, 2016 Share Posted January 24, 2016 I'm talking about the configuration. Enabling allow_url_include or even just allow_url_fopen means that every single include statement is now a potential RFI vulnerability. Given the total lack of path sanitzation in many applications, it's actually a very real vulnerability. And then you still have to jump through hoops to prevent man-in-the-middle attacks. Depending on the PHP version, the configuration and the runtime settings, certificate verification is either impossible, disabled, defective or, if you're very lucky, enabled. cURL has none of those problems. Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 24, 2016 Author Share Posted January 24, 2016 (edited) Thanks both. How do I get the code I posted into a similar format using curl? $curl = curl_init(); curl_setopt ($curl, CURLOPT_URL, "http://www.xxxxxx.com); curl_exec ($curl); curl_close ($curl); I need the page to equal a variable so I can interrogate the text. That is $text = .......,? Edited January 24, 2016 by muppet77 Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 24, 2016 Author Share Posted January 24, 2016 Ah. Would this line work ? $text = curl_exec ($curl); Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 24, 2016 Author Share Posted January 24, 2016 (edited) ok, tried this and nothing printed $curl = curl_init(); curl_setopt ($curl, CURLOPT_URL, "https://www.xxxxxxx.com"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); $text = curl_exec ($curl); echo $text; curl_close ($curl); any ideas please?Nothing prints, so nothing is in $text variable? Ah wait. Do I need a library or something on my hosting site? Where is it and what do I do? Could this be it? thanks Edited January 24, 2016 by muppet77 Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 24, 2016 Share Posted January 24, 2016 You need the cURL library (which may already be installed) and then enable cURL support in the PHP configuration. Judging from your first post, you have a Windows server? Try uncommenting the line ; extension=php_curl.dll from your php.ini and then restart Apache (or whatever webserver you're using). 1 Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 24, 2016 Author Share Posted January 24, 2016 Thanks Jacques. I looked in a file called php5.ini but it doesn't have the extension line at all. I use Godaddy Linux but have a Windows PC. No idea what Apache is. Really sorry I'm new to this! Which file do I need to look for for the library to see if I have it? I've read lots of posts and FAQs and documents abou curl libraries but can't fathom what I need and where. Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 24, 2016 Author Share Posted January 24, 2016 And does the php5 file need to be in the same folder as my script or can it be in the root? Quote Link to comment Share on other sites More sharing options...
Barand Posted January 24, 2016 Share Posted January 24, 2016 Run this script <?php phpinfo(); ?> In the first part of the output look for the heading "Loaded Configuration File". That tells you the php.ini file that is being used and its location. That is the file you need to edit. 1 Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 24, 2016 Author Share Posted January 24, 2016 thanks, yes it is the php5.ini contained in my root register_globals = off allow_url_fopen = on upload_max_filesize = 512M post_max_size = 190M expose_php = Off max_input_time = 240 max_execution_time = 240 variables_order = "EGPCS" extension_dir = ./ upload_tmp_dir = /tmp precision = 12 SMTP = relay-hosting.secureserver.net url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset=" memory_limit = 512M log_errors = On allow_url_fopen allow_url_include = On extension=php_openssl.dll allow_url_fopen = On extension=php_curl.dll [Zend] zend_extension=/usr/local/zo/ZendExtensionManager.so zend_extension=/usr/local/zo/4_3/ZendOptimizer.so this is my php5.ini.....? Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 24, 2016 Author Share Posted January 24, 2016 Which library files do I need and where should they be please? Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 24, 2016 Author Share Posted January 24, 2016 (edited) ah, progress, i checked phpinfo() and its said curl was "enabled". i checked the curl commands from post #7 with a few different website that had https - Amazon, BBC etc and they worked!! The one in question returns an absolutely blank page....? mmm, maybe my ip address has been barred from the site that i am after??! Maybe not - it returns a blank page when i log in remotely to work and try finding the page there....? which is good news, i think. Edited January 24, 2016 by muppet77 Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 24, 2016 Author Share Posted January 24, 2016 (edited) an example of a page that doesn't curl is https://www.facebook.com/ if anyone can get this to work, i'd be thankful. (it's not FB that I'm after but it does the same blank page return as my other page i'm after) https://www.amazon.co.uk/ works fine though? can anyone try it please or offer advice? thank you <?php $curl = curl_init(); curl_setopt ($curl, CURLOPT_URL, "https://www.facebook.com/"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); $text = curl_exec ($curl); echo $text; curl_close ($curl); ?> Edited January 24, 2016 by muppet77 Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 24, 2016 Share Posted January 24, 2016 curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); 1 Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 24, 2016 Author Share Posted January 24, 2016 thanks Jacques you mean to this? $curl = curl_init(); curl_setopt ($curl, CURLOPT_URL, "https://www.facebook.com/"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); $text = curl_exec ($curl); echo $text; curl_close ($curl); yes! this works fine! but alas not for https://www.whoscored.com/Matches/829839/Live still a blank page? Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 25, 2016 Share Posted January 25, 2016 still a blank page? Not for me. Either way, your code definitely needs error handling so that it doesn't just silently fail with a blank page: <?php const FETCH_URL = 'https://www.whoscored.com/Matches/829839/Live'; $curl = curl_init(FETCH_URL); if (!$curl) { trigger_error('Failed to initialize cURL.', E_USER_ERROR); } if (!curl_setopt($curl, CURLOPT_RETURNTRANSFER, true)) { trigger_error('Failed to set cURL option.', E_USER_ERROR); } if (!curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true)) { trigger_error('Failed to set cURL option.', E_USER_ERROR); } $curl_response = curl_exec($curl); if ($curl_response === false) { trigger_error('cURL error: '.curl_error($curl), E_USER_ERROR); } echo $curl_response; curl_close($curl); Make sure that your PHP error reporting is on and all the way up (only do this on your development machine, of course). 1 Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 25, 2016 Author Share Posted January 25, 2016 Fatal error: cURL error: Unknown SSL protocol error in connection to www.whoscored.com:443 in xxxxxxxxxx line 26 line 26 is trigger_error('cURL error: '.curl_error($curl), E_USER_ERROR); Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 25, 2016 Author Share Posted January 25, 2016 Please could a volunteer run the code in post 18 and see if it returns the page or gets an error code? Wondering if it is just me? Quote Link to comment Share on other sites More sharing options...
Barand Posted January 25, 2016 Share Posted January 25, 2016 $curl_response = curl_exec($curl); if ($curl_response === false) { trigger_error('cURL error: '.curl_error($curl), E_USER_ERROR); } echo $curl_response; curl_close($curl); result Fatal error: cURL error: SSL certificate problem: self signed certificate in certificate chain in C:\inetpub\...\noname12.php on line 25 1 Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 25, 2016 Author Share Posted January 25, 2016 Thanks Barand. Mmmm. Any ideas anyone? Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 25, 2016 Share Posted January 25, 2016 (edited) Looks like cURL doesn't find the GoDaddy certificates. Download them manually and then point cURL to that file: curl_setopt($curl, CURLOPT_CAINFO, '/path/to/gd_bundle-g2.crt'); In the long run, consider moving to a Unix-like operating system for development (Debian, Ubuntu, whatever). Windows can be troublesome, and it makes even less sense to debug Windows-specific problems when your server actually uses Linux. You can simply use a virtual machine if you don't want to touch your current OS. Edited January 25, 2016 by Jacques1 Quote Link to comment Share on other sites More sharing options...
muppet77 Posted January 26, 2016 Author Share Posted January 26, 2016 thank you for your help Jacques, I feel that we are close now. This scipt <?php const FETCH_URL = 'https://www.whoscored.com/Matches/829839/Live'; $curl = curl_init(FETCH_URL); curl_setopt($curl, CURLOPT_CAINFO, 'gd_bundle-g2.crt'); if (!$curl) { trigger_error('Failed to initialize cURL.', E_USER_ERROR); } if (!curl_setopt($curl, CURLOPT_RETURNTRANSFER, true)) { trigger_error('Failed to set cURL option.', E_USER_ERROR); } if (!curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true)) { trigger_error('Failed to set cURL option.', E_USER_ERROR); } $curl_response = curl_exec($curl); if ($curl_response === false) { trigger_error('cURL error: '.curl_error($curl), E_USER_ERROR); } echo $curl_response; curl_close($curl); ?> now gives this Fatal error: cURL error: error setting certificate verify locations: CAfile: /gd_bundle-g2.crt CApath: none in /home/content/m/u/p/muppet77/html/footballstatistics.co/test.php on line 26 as you can see i added the certificate to the same folder as the script called test.php Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 26, 2016 Share Posted January 26, 2016 PHP cannot access the file. Use an absolute path and make sure PHP has read permissions on the file. You can get the absolute path of the script directory with __DIR__ and then navigate to the file: <?php const CERTIFICATE_CHAIN_PATH = __DIR__.'/gd_bundle-g2.crt'; // testing certificate file if (!file_exists(CERTIFICATE_CHAIN_PATH)) { echo 'Certificate chain does not exist.'; } elseif (!is_readable(CERTIFICATE_CHAIN_PATH)) { echo 'Certificate chain exists but is not readable.'; } else { echo 'Certificate chain OK.'; } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.