Jump to content

file get contents not working any longer?


muppet77

Recommended Posts

the url now has an 's' after the http


$text = file_get_contents('https://www.xxx.com);

and i get

Warning: file_get_contents() [function.file-get-contents]: Failed to enable crypto in .......

i've tried adding the 's' to the file get contents above without luck and also added

allow_url_fopen
allow_url_include = On
extension=php_openssl.dll
allow_url_fopen = On

to the php5.ini file (which is hosted in the webroot.)

any ideas?

thank you

Link to comment
Share on other sites

any ideas?

 

Yes: Stop using those remote fopen/file_get_contents hacks. Not only do they open your entire website to remote file inclusion attacks (you've just allowed PHP to load code from arbitrary URLs). They also have a long history of security vulnerabilities. For example, PHP won't even check the certificate by default, which turns the whole HTTPS thing into a joke.

 

Use a proper HTTP/HTTPS library like cURL.

Link to comment
Share on other sites

Not only do they open your entire website to remote file inclusion attacks (you've just allowed PHP to load code from arbitrary URLs).

Huh. I must have missed the changelog entry that says "file_get_contents() will now attempt to execute what it retrieves as PHP code".
Link to comment
Share on other sites

I'm talking about the configuration. Enabling allow_url_include or even just allow_url_fopen means that every single include statement is now a potential RFI vulnerability. Given the total lack of path sanitzation in many applications, it's actually a very real vulnerability.

 

And then you still have to jump through hoops to prevent man-in-the-middle attacks. Depending on the PHP version, the configuration and the runtime settings, certificate verification is either impossible, disabled, defective or, if you're very lucky, enabled.

 

cURL has none of those problems.

 

 

 

Link to comment
Share on other sites

Thanks both. How do I get the code I posted into a similar format using curl?

 

$curl = curl_init();

curl_setopt ($curl, CURLOPT_URL, "http://www.xxxxxx.com);

curl_exec ($curl);

curl_close ($curl);

 

 

I need the page to equal a variable so I can interrogate the text.

 

That is

$text = .......,?

Edited by muppet77
Link to comment
Share on other sites

ok, tried this and nothing printed

$curl = curl_init();
    curl_setopt ($curl, CURLOPT_URL, "https://www.xxxxxxx.com");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

    $text = curl_exec ($curl);
    echo $text;
    curl_close ($curl);
    
 
any ideas please?

Nothing prints, so nothing is in $text variable?

 

Ah wait. Do I need a library or something on my hosting site? Where is it and what do I do? Could this be it?

 

thanks

Edited by muppet77
Link to comment
Share on other sites

Thanks Jacques.

I looked in a file called php5.ini but it doesn't have the extension line at all.

 

I use Godaddy Linux but have a Windows PC.

No idea what Apache is.

 

Really sorry I'm new to this!

 

Which file do I need to look for for the library to see if I have it? I've read lots of posts and FAQs and documents abou curl libraries but can't fathom what I need and where.

Link to comment
Share on other sites

thanks, yes it is the php5.ini contained in my root

register_globals = off
allow_url_fopen = on
upload_max_filesize = 512M
post_max_size = 190M
expose_php = Off
max_input_time = 240
max_execution_time = 240
variables_order = "EGPCS"
extension_dir = ./
upload_tmp_dir = /tmp
precision = 12
SMTP = relay-hosting.secureserver.net
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="
memory_limit = 512M
log_errors = On

allow_url_fopen
allow_url_include = On
extension=php_openssl.dll
allow_url_fopen = On

extension=php_curl.dll


[Zend]
zend_extension=/usr/local/zo/ZendExtensionManager.so
zend_extension=/usr/local/zo/4_3/ZendOptimizer.so

this is my php5.ini.....?

Link to comment
Share on other sites

ah, progress,

 

i checked phpinfo() and its said curl was "enabled".

i checked the curl commands from post #7 with a few different website that had https - Amazon, BBC etc and they worked!!

 

The one in question returns an absolutely blank page....?

 

mmm, maybe my ip address has been barred from the site that i am after??!

Maybe not - it returns a blank page when i log in remotely to work and try finding the page there....?

 

which is good news, i think.

Edited by muppet77
Link to comment
Share on other sites

an example of a page that doesn't curl is https://www.facebook.com/ if anyone can get this to work, i'd be thankful.

(it's not FB that I'm after but it does the same blank page return as my other page i'm after)

https://www.amazon.co.uk/ works fine though?

 

can anyone try it please or offer advice? thank you

<?php
$curl = curl_init();
curl_setopt ($curl, CURLOPT_URL, "https://www.facebook.com/");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    $text = curl_exec ($curl);
    echo $text;
    curl_close ($curl);
?>
Edited by muppet77
Link to comment
Share on other sites

still a blank page?

 

Not for me.

 

Either way, your code definitely needs error handling so that it doesn't just silently fail with a blank page:

<?php

const FETCH_URL = 'https://www.whoscored.com/Matches/829839/Live';



$curl = curl_init(FETCH_URL);

if (!$curl)
{
    trigger_error('Failed to initialize cURL.', E_USER_ERROR);
}

if (!curl_setopt($curl, CURLOPT_RETURNTRANSFER, true))
{
    trigger_error('Failed to set cURL option.', E_USER_ERROR);
}

if (!curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true))
{
    trigger_error('Failed to set cURL option.', E_USER_ERROR);
}

$curl_response = curl_exec($curl);

if ($curl_response === false)
{
    trigger_error('cURL error: '.curl_error($curl), E_USER_ERROR);
}

echo $curl_response;

curl_close($curl);

Make sure that your PHP error reporting is on and all the way up (only do this on your development machine, of course).

  • Like 1
Link to comment
Share on other sites

$curl_response = curl_exec($curl);

if ($curl_response === false)
{
    trigger_error('cURL error: '.curl_error($curl), E_USER_ERROR);
}

echo $curl_response;

curl_close($curl);

result

 

Fatal error: cURL error: SSL certificate problem: self signed certificate in certificate chain in C:\inetpub\...\noname12.php on line 25

  • Like 1
Link to comment
Share on other sites

Looks like cURL doesn't find the GoDaddy certificates. Download them manually and then point cURL to that file:

curl_setopt($curl, CURLOPT_CAINFO, '/path/to/gd_bundle-g2.crt');

In the long run, consider moving to a Unix-like operating system for development (Debian, Ubuntu, whatever). Windows can be troublesome, and it makes even less sense to debug Windows-specific problems when your server actually uses Linux.

 

You can simply use a virtual machine if you don't want to touch your current OS.

Edited by Jacques1
Link to comment
Share on other sites

thank you for your help Jacques, I feel that we are close now.

 

This scipt

<?php
const FETCH_URL = 'https://www.whoscored.com/Matches/829839/Live';

$curl = curl_init(FETCH_URL);
curl_setopt($curl, CURLOPT_CAINFO, 'gd_bundle-g2.crt');

if (!$curl)
{
    trigger_error('Failed to initialize cURL.', E_USER_ERROR);
}

if (!curl_setopt($curl, CURLOPT_RETURNTRANSFER, true))
{
    trigger_error('Failed to set cURL option.', E_USER_ERROR);
}

if (!curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true))
{
    trigger_error('Failed to set cURL option.', E_USER_ERROR);
}

$curl_response = curl_exec($curl);

if ($curl_response === false)
{
    trigger_error('cURL error: '.curl_error($curl), E_USER_ERROR);
}

echo $curl_response;
curl_close($curl);
?>

now gives this

 

Fatal error: cURL error: error setting certificate verify locations: CAfile: /gd_bundle-g2.crt CApath: none in /home/content/m/u/p/muppet77/html/footballstatistics.co/test.php on line 26

 

as you can see i added the certificate to the same folder as the script called test.php

Link to comment
Share on other sites

PHP cannot access the file. Use an absolute path and make sure PHP has read permissions on the file.

 

You can get the absolute path of the script directory with __DIR__ and then navigate to the file:

<?php

const CERTIFICATE_CHAIN_PATH = __DIR__.'/gd_bundle-g2.crt';



// testing certificate file
if (!file_exists(CERTIFICATE_CHAIN_PATH))
{
    echo 'Certificate chain does not exist.';
}
elseif (!is_readable(CERTIFICATE_CHAIN_PATH))
{
    echo 'Certificate chain exists but is not readable.';
}
else
{
    echo 'Certificate chain OK.';
}
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.