file get contents not working any longer?

[muppet77]

the url now has an 's' after the http

$text = file_get_contents('https://www.xxx.com);

and i get

Warning: file_get_contents() [function.file-get-contents]: Failed to enable crypto in .......

i've tried adding the 's' to the file get contents above without luck and also added

allow_url_fopen
allow_url_include = On
extension=php_openssl.dll
allow_url_fopen = On

to the php5.ini file (which is hosted in the webroot.)

any ideas?

thank you

[Jacques1]

any ideas?

 

Yes: Stop using those remote fopen/file_get_contents hacks. Not only do they open your entire website to remote file inclusion attacks (you've just allowed PHP to load code from arbitrary URLs). They also have a long history of security vulnerabilities. For example, PHP won't even check the certificate by default, which turns the whole HTTPS thing into a joke.

 

Use a proper HTTP/HTTPS library like cURL.

[requinix]

Not only do they open your entire website to remote file inclusion attacks (you've just allowed PHP to load code from arbitrary URLs).

Huh. I must have missed the changelog entry that says "file_get_contents() will now attempt to execute what it retrieves as PHP code".

[Jacques1]

I'm talking about the configuration. Enabling allow_url_include or even just allow_url_fopen means that every single include statement is now a potential RFI vulnerability. Given the total lack of path sanitzation in many applications, it's actually a very real vulnerability.

 

And then you still have to jump through hoops to prevent man-in-the-middle attacks. Depending on the PHP version, the configuration and the runtime settings, certificate verification is either impossible, disabled, defective or, if you're very lucky, enabled.

 

cURL has none of those problems.

 

 

 

[muppet77]

Thanks both. How do I get the code I posted into a similar format using curl?

 

$curl = curl_init();

curl_setopt ($curl, CURLOPT_URL, "http://www.xxxxxx.com);

curl_exec ($curl);

curl_close ($curl);

 

 

I need the page to equal a variable so I can interrogate the text.

 

That is

$text = .......,?

Edited January 24, 2016 by muppet77

[muppet77]

Ah. Would this line work ?

 

$text = curl_exec ($curl);

[muppet77]

ok, tried this and nothing printed

$curl = curl_init();
    curl_setopt ($curl, CURLOPT_URL, "https://www.xxxxxxx.com");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

    $text = curl_exec ($curl);
    echo $text;
    curl_close ($curl);
    
 

any ideas please?

Nothing prints, so nothing is in $text variable?

 

Ah wait. Do I need a library or something on my hosting site? Where is it and what do I do? Could this be it?

 

thanks

Edited January 24, 2016 by muppet77

[Jacques1]

You need the cURL library (which may already be installed) and then enable cURL support in the PHP configuration. Judging from your first post, you have a Windows server? Try uncommenting the line

; extension=php_curl.dll

from your php.ini and then restart Apache (or whatever webserver you're using).

[muppet77]

Thanks Jacques.

I looked in a file called php5.ini but it doesn't have the extension line at all.

 

I use Godaddy Linux but have a Windows PC.

No idea what Apache is.

 

Really sorry I'm new to this!

 

Which file do I need to look for for the library to see if I have it? I've read lots of posts and FAQs and documents abou curl libraries but can't fathom what I need and where.

[muppet77]

And does the php5 file need to be in the same folder as my script or can it be in the root?

[Barand]

Run this script

<?php
   phpinfo();
?>

In the first part of the output look for the heading "Loaded Configuration File". That tells you the php.ini file that is being used and its location. That is the file you need to edit.

[muppet77]

thanks, yes it is the php5.ini contained in my root

register_globals = off
allow_url_fopen = on
upload_max_filesize = 512M
post_max_size = 190M
expose_php = Off
max_input_time = 240
max_execution_time = 240
variables_order = "EGPCS"
extension_dir = ./
upload_tmp_dir = /tmp
precision = 12
SMTP = relay-hosting.secureserver.net
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="
memory_limit = 512M
log_errors = On

allow_url_fopen
allow_url_include = On
extension=php_openssl.dll
allow_url_fopen = On

extension=php_curl.dll


[Zend]
zend_extension=/usr/local/zo/ZendExtensionManager.so
zend_extension=/usr/local/zo/4_3/ZendOptimizer.so

this is my php5.ini.....?

[muppet77]

Which library files do I need and where should they be please?

[muppet77]

ah, progress,

 

i checked phpinfo() and its said curl was "enabled".

i checked the curl commands from post #7 with a few different website that had https - Amazon, BBC etc and they worked!!

 

The one in question returns an absolutely blank page....?

 

mmm, maybe my ip address has been barred from the site that i am after??!

Maybe not - it returns a blank page when i log in remotely to work and try finding the page there....?

 

which is good news, i think.

Edited January 24, 2016 by muppet77

[muppet77]

an example of a page that doesn't curl is https://www.facebook.com/ if anyone can get this to work, i'd be thankful.

(it's not FB that I'm after but it does the same blank page return as my other page i'm after)

https://www.amazon.co.uk/ works fine though?

 

can anyone try it please or offer advice? thank you

<?php
$curl = curl_init();
curl_setopt ($curl, CURLOPT_URL, "https://www.facebook.com/");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    $text = curl_exec ($curl);
    echo $text;
    curl_close ($curl);
?>

Edited January 24, 2016 by muppet77

[Jacques1]

curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);

[muppet77]

thanks Jacques

 

you mean to this?

$curl = curl_init();
curl_setopt ($curl, CURLOPT_URL, "https://www.facebook.com/");
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
    $text = curl_exec ($curl);
    echo $text;
    curl_close ($curl);

yes! this works fine!

 

but alas not for

https://www.whoscored.com/Matches/829839/Live

still a blank page?

[Jacques1]

still a blank page?

 

Not for me.

 

Either way, your code definitely needs error handling so that it doesn't just silently fail with a blank page:

<?php

const FETCH_URL = 'https://www.whoscored.com/Matches/829839/Live';



$curl = curl_init(FETCH_URL);

if (!$curl)
{
    trigger_error('Failed to initialize cURL.', E_USER_ERROR);
}

if (!curl_setopt($curl, CURLOPT_RETURNTRANSFER, true))
{
    trigger_error('Failed to set cURL option.', E_USER_ERROR);
}

if (!curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true))
{
    trigger_error('Failed to set cURL option.', E_USER_ERROR);
}

$curl_response = curl_exec($curl);

if ($curl_response === false)
{
    trigger_error('cURL error: '.curl_error($curl), E_USER_ERROR);
}

echo $curl_response;

curl_close($curl);

Make sure that your PHP error reporting is on and all the way up (only do this on your development machine, of course).

[muppet77]

 

Fatal error: cURL error: Unknown SSL protocol error in connection to www.whoscored.com:443 in xxxxxxxxxx line 26

 

line 26 is

    trigger_error('cURL error: '.curl_error($curl), E_USER_ERROR);

[muppet77]

Please could a volunteer run the code in post 18 and see if it returns the page or gets an error code? Wondering if it is just me?

[Barand]

$curl_response = curl_exec($curl);

if ($curl_response === false)
{
    trigger_error('cURL error: '.curl_error($curl), E_USER_ERROR);
}

echo $curl_response;

curl_close($curl);

result

 

Fatal error: cURL error: SSL certificate problem: self signed certificate in certificate chain in C:\inetpub\...\noname12.php on line 25

[muppet77]

Thanks Barand.

Mmmm. Any ideas anyone?

[Jacques1]

Looks like cURL doesn't find the GoDaddy certificates. Download them manually and then point cURL to that file:

curl_setopt($curl, CURLOPT_CAINFO, '/path/to/gd_bundle-g2.crt');

In the long run, consider moving to a Unix-like operating system for development (Debian, Ubuntu, whatever). Windows can be troublesome, and it makes even less sense to debug Windows-specific problems when your server actually uses Linux.

 

You can simply use a virtual machine if you don't want to touch your current OS.

Edited January 25, 2016 by Jacques1

[muppet77]

thank you for your help Jacques, I feel that we are close now.

 

This scipt

<?php
const FETCH_URL = 'https://www.whoscored.com/Matches/829839/Live';

$curl = curl_init(FETCH_URL);
curl_setopt($curl, CURLOPT_CAINFO, 'gd_bundle-g2.crt');

if (!$curl)
{
    trigger_error('Failed to initialize cURL.', E_USER_ERROR);
}

if (!curl_setopt($curl, CURLOPT_RETURNTRANSFER, true))
{
    trigger_error('Failed to set cURL option.', E_USER_ERROR);
}

if (!curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true))
{
    trigger_error('Failed to set cURL option.', E_USER_ERROR);
}

$curl_response = curl_exec($curl);

if ($curl_response === false)
{
    trigger_error('cURL error: '.curl_error($curl), E_USER_ERROR);
}

echo $curl_response;
curl_close($curl);
?>

now gives this

 

Fatal error: cURL error: error setting certificate verify locations: CAfile: /gd_bundle-g2.crt CApath: none in /home/content/m/u/p/muppet77/html/footballstatistics.co/test.php on line 26

 

as you can see i added the certificate to the same folder as the script called test.php

[Jacques1]

PHP cannot access the file. Use an absolute path and make sure PHP has read permissions on the file.

 

You can get the absolute path of the script directory with __DIR__ and then navigate to the file:

<?php

const CERTIFICATE_CHAIN_PATH = __DIR__.'/gd_bundle-g2.crt';



// testing certificate file
if (!file_exists(CERTIFICATE_CHAIN_PATH))
{
    echo 'Certificate chain does not exist.';
}
elseif (!is_readable(CERTIFICATE_CHAIN_PATH))
{
    echo 'Certificate chain exists but is not readable.';
}
else
{
    echo 'Certificate chain OK.';
}