SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Member
    Join Date
    Mar 2002
    Posts
    23
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    internal PHP SSL connection... is it possible?

    I'm in a dilemma here. I've been unable to solve this problem...

    I have a PHP script, running on Apache - UNIX, that needs to open and read a secure page (via SSL -- https://page...) and parse out some values. Sounds simple enough... fopen("http:// ... right?

    The hitch is that the PHP script is running on a normal *non-SSL page*, but needs to open up a secure page.

    Also the secure page is unique each time, generated on-the-fly by a CGI script, so it has to be opened via https like a webpage.

    By the way, all these pages on my site are on the same machine, only the secure pages are delivered from iPlanet webserver software, and the non-secure pages are delivered from Apache (don't ask ... that's just how things got set up).

    Using fopen("https://... etc
    doesn't work. Using fsockopen() gives a "need a secure connection" error, among other errors.

    Is there any way to do this in PHP, without having the PHP script itself on a secure page?

    Thanks for your help.

    David

  2. #2
    .NET inside archigamer's Avatar
    Join Date
    Jan 2002
    Location
    Strongsville OH
    Posts
    1,534
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i believe you have to use the cURL library of php to open secure connections. have a look at it on www.php.net
    Web Finesse Studios
    Professional, business oriented web hosting and development.

  3. #3
    SitePoint Member
    Join Date
    Mar 2002
    Posts
    23
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's about what I've concluded based on my research again today. However I've also seen some concerns about security using cURL.

    Heard of any security issues yourself?

    So I believe I'll have to recompile PHP with cURL. Are there any special issues to be aware of when recompiling/reinstalling PHP with cURL, especially since my website is currently live?

  4. #4
    There is no general chat z0s0's Avatar
    Join Date
    Aug 1998
    Location
    Melbourne
    Posts
    172
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As long as you get cURL compiled into PHP as a module, the security risks inherent with use of command line cURL are mitigated.

    In short: You'll be fine!
    Wormly Server Performance Monitoring
    Don't wait for an SMS at 4am. Find out what's really
    going on and fix the problem. www.wormly.com/website-monitoring

  5. #5
    SitePoint Member
    Join Date
    Mar 2002
    Posts
    23
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the info.

    About security -- here is one comment I found regarding the security risks. I'm not sure whether this applies to command line cURL or cURL as a PHP module...

    http://www.phpbuilder.com/annotate/m...hp3?id=1011446

  6. #6
    SitePoint Enthusiast lauriek's Avatar
    Join Date
    Dec 2002
    Posts
    74
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've looked at the curl documentation and its not entirely clear how to do what I want - which is connect to an https page and read in the contents. I have this script:-

    Code:
      <?php
      
         $url = 'https://[HOST]/XMLDescriptions.aspx?XMLDoc=ReferenceData';
         $params = "pgExternalLogin:txtEmailAddress=[USERID]&pgExternalLogin:txtPassword=[PWD]";
         $user_agent = "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)";
      
         $ch = curl_init();
         curl_setopt($ch, CURLOPT_POST,1);
         curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
         curl_setopt($ch, CURLOPT_URL,$url);
         curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,  2);
         curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
         curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
         curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);  // this line makes it work under https
      
         $result=curl_exec ($ch);
         curl_close ($ch);
      
         echo("Results: <br>".$result);
      
      ?>
    where

    [HOST] is the hostname of the machine I'm connecting to.
    pgExternalLogin:txtEmailAddress is the login form field name
    [USERID] is the login value
    pgExternalLogin:txtPassword is the password form field name
    [PWD] is the password value

    But I just get this "object moved to here" message, which I think comes from the remote server. I certainly don't get the expected contents of the page. I've guessed how to enter the username and password on the $params line, I have a feeling this is where I'm going wrong. I looked at the login form on the page before the page I'm trying to look up and identified the form field names and have used those as parameters. Obviously I've substituted in the relevent host, user and pwd values into the script but I'm not posting those values here!

    Any pointers much appreciated!

  7. #7
    SitePoint Enthusiast lauriek's Avatar
    Join Date
    Dec 2002
    Posts
    74
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmm, after a lot of looking around I am now here:

    Code:
      <?php
      
      if($WINDIR) curl_setopt($curl, CURLOPT_CAINFO, "c:\\windows\\curl-ca-bundle.crt");
         
      $ch = curl_init();
      
      curl_setopt($ch, CURLOPT_URL,"https//[HOST]/XMLDescriptions.aspx?XMLDoc=ReferenceData");
      curl_setopt($ch, CURLOPT_USERPWD , "[USERNAME]:[PASSWORD]");
      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
      curl_setopt($ch, CURLOPT_VERBOSE, 1);
      curl_setopt($ch, CURLOPT_POST, 0);
      curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
      
      ob_start();
      $result=curl_exec ($ch);
      ob_end_flush();
      
      if (curl_error($ch))
      	printf("Error %s: %s", curl_errno($ch), curl_error($ch));
      	
      curl_close ($ch);
      	   
      echo("Results: <br>".$result);
      
         
         
      
      ?>
    Where obviously [HOST], [USERNAME] and [PASSWORD] are set to the appropriate values.

    However I'm still getting exactly the same response. I'm really stuck on this and I really need to automate this process. I am authorised to pick up and process the XML data which I'm attempting to get to, and from a browser can connect and download the file with no problem.
    TIA!

  8. #8
    SitePoint Enthusiast lauriek's Avatar
    Join Date
    Dec 2002
    Posts
    74
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just bumping this up the thread list - I've made no real progress on this as yet, so any pointers would be hugely appreciated!

  9. #9
    SitePoint Addict Fire59's Avatar
    Join Date
    Aug 2003
    Location
    mn
    Posts
    272
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this might be a dumb question but is your server set up for ssl?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •