I am using the Google ReCaptcha library in my PHP application. It has been working reliably for quite a while now. However, today, I started receiving errors related to the library.
*[05-Apr-2018 09:19:03 America/Chicago] Severity: 2,Message: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed,File: E:\inetpub\wwwroot\vendor\google\recaptcha\src\ReCaptcha\RequestMethod\Post.php,Line: 68
[05-Apr-2018 09:19:04 America/Chicago] Severity: 2,Message: file_get_contents(): Failed to enable crypto,File: E:\inetpub\wwwroot\vendor\google\recaptcha\src\ReCaptcha\RequestMethod\Post.php,Line: 68
[05-Apr-2018 09:19:04 America/Chicago] Severity: 2,Message: file_get_contents(https://www.google.com/recaptcha/api/siteverify): failed to open stream: operation failed,File: E:\inetpub\wwwroot\vendor\google\recaptcha\src\ReCaptcha\RequestMethod\Post.php,Line: 68*
I did not make any changes to my application. The issue just started suddenly and (from my perspective) without logical explanation.
For reference, here is the Post.php from Google's library (not authored by me).
public function submit(RequestParameters $params)
{
/**
* PHP 5.6.0 changed the way you specify the peer name for SSL context options.
* Using "CN_name" will still work, but it will raise deprecated errors.
*/
$peer_key = version_compare(PHP_VERSION, '5.6.0', '<') ? 'CN_name' : 'peer_name';
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => $params->toQueryString(),
// Force the peer to validate (not needed in 5.6.0+, but still works)
'verify_peer' => true,
// Force the peer validation to use www.google.com
$peer_key => 'www.google.com',
),
);
$context = stream_context_create($options);
return file_get_contents(self::SITE_VERIFY_URL, false, $context);
}
The last line is "68". I am using PHP 7.1. with OpenSSL 1.0.2k 26 Jan 2017. I am calling the library as follows:
// validate ReCaptcha
$response = null;
$reCaptcha = new \ReCaptcha\ReCaptcha(RECAPTCHA_SECRET);
if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verify(
$_POST["g-recaptcha-response"], $_SERVER["REMOTE_ADDR"]
);
}
Any advice would be greatly appreciated. The application is hosted on IIS and Windows Server.
Mikail G.'s answer is nearly correct, you do need to access it over CURL. I think something has been changed to actually prevent your current (and mine) from working as I have seen several posts about it all from recent days.
Use this instead:
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => 'https://www.google.com/recaptcha/api/siteverify',
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => [
'secret' => $secretKey,
'response' => $captcha,
'remoteip' => $_SERVER['REMOTE_ADDR']
],
CURLOPT_RETURNTRANSFER => true
]);
$output = curl_exec($ch);
curl_close($ch);
$json = json_decode($output);
<?php
if(isset($_POST['submit']))
{
$stream_opts = [
"ssl" => [
"verify_peer"=>false,
"verify_peer_name"=>false,
]
];
$secret = '6Le__FoUAAXXXXXXXXXXXXXXoQtXhJfdZi92ZPHaAj';
$gRecaptchaResponse = $_POST['g-recaptcha-response'];
$remoteIp = $_SERVER['REMOTE_ADDR'];
$url="https://www.google.com/recaptcha/api/siteverify?secret=$secret&response=$gRecaptchaResponse&remoteip=$remoteIp";
$response=file_get_contents($url,false, stream_context_create($stream_opts));
$result = json_decode($response);
if ($result->success)
{
header("location: index.php");
}
else
echo 'Captcha verification failed.
}
?>
No need to include the autoload.php file. Just include the file below just before closing tag
<script src='https://www.google.com/recaptcha/api.js'></script> and before the submit button add the following code <div class="g-recaptcha" data-sitekey="6Le__FoUAAXXXXXXXXXXXXXXoQtXhJfdZi92ZPHaAj"></div>
Copy and paste all the folders of recaptcha v2 in home directory of your site. This will 100% work in localhost without ssl. Thanks
In order to fix the issue you need to call the google api with "http" , or use a diffrent way to make request such as curl , here the function to do so :
function file_get_contents_curl($url, $data (array)) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
json_encode($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec ($ch);
curl_close ($ch);
return $server_output;
}
Why don't you try Step by Step guide to integrate reCpatcha
Related
In lumen my code is below to send file content in api response , for some document it is working fine but for some document it gives error for HTTP_INTERNAL_SERVER_ERROR
$content = base64_encode(file_get_contents($URL));
Symfony\Component\HttpKernel\Exception\HttpException Object
(
[statusCode:Symfony\Component\HttpKernel\Exception\HttpException:private] => 500
[headers:Symfony\Component\HttpKernel\Exception\HttpException:private] => Array
(
)
[message:protected] => HTTP_INTERNAL_SERVER_ERROR
[string:Exception:private] =>
[code:protected] => 0
[file:protected] => D:\xampp7.1\htdocs\PROJECT_NAME\app\Exceptions\Handler.php
[line:protected] => 76
[trace:Exception:private] => Array
( ...
Is there any solution or required to set php.ini veriable ??
In web error log it gives me error like ,
failed to open stream: HTTP request failed! HTTP/1.1 505 HTTP Version not supported
to resolve this I have get file content with help of below,
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); //Set curl to return the data instead of printing it to the browser.
curl_setopt($ch, CURLOPT_URL, $data[$k]['doc_url']);
$data = curl_exec($ch);
curl_close($ch);
echo"<pre>";print_r($data);die;
it gives me empty output without file contect
I have also add below code
$content = base64_encode(file_get_contents(urlencode($data[$k]['doc_url'])));
$data[$k]['doc_content'] = "$content";
It gives me error of , failed to open stream: No such file or directory in PATH...
Could be that the URL your trying to reach is blocking such ways like you've tried to get contents from their server?
Maybe you should use a CURL with all the relevant settings.
The best way I know to duplicate a request is to open developers console on chrome, then on "Newtork" tab find the request that your trying to mimic. Right click -> Copy -> Copy as CURL (cmd), than paste it here to receive the equivalent PHP CURL code:
https://incarnate.github.io/curl-to-php/
hope it helps, if not, could you expan on the destination you're trying to reach?
good luck
First, you can set context to this kind of request:
$options = array(
'http' => array(
'protocol_version' => '1.0',
'method' => 'GET'
)
);
$context = stream_context_create($options);
Try to get the path to your file like this:
$api = "http://PATH_TO_YOUR_FILE?param=optional_query_params";
$response = file_get_contents($api, false, $context);
Good luck!
I recently set up FEDORA for a project I am working on to catalogue various
media. I want to be able to consume files (datastreams) via the FEDORA REST api. I managed to create a digital object via curl with no issues at all. I also managed to add an html page as a datastream to the digital object mentioned above with no problems as well.
However, adding a digital object with other content types/file types fails and throws an internal server error 500. On checking the logs, the following error appears:
[http-bio-8080-exec-18] (DatastreamResource) Error with uploaded://47 : XML was not well-formed. Invalid byte 1 of 1-byte UTF-8 sequence
The following is my code snippet of how I am ingesting the files:
$url = "http://localhost:8080/fedora/objects/changeme:5/datastreams/NEWDS8?controlGroup=X&dsLabel=LAZLO";
$file = "namibia2015.pdf";
// Build cURL options
$userPassword = "fedoraAdmin:test123"; // username:password
$verifyPeer = false; // false for ignoring self signed certificates
$headers = array("Accept: text/xml", "Content-Type: " . mime_content_type($file));
$fileContents = file_get_contents($file);
$curlOptions = array(
CURLOPT_URL => $url,
CURLOPT_HTTPHEADER => $headers,
CURLOPT_USERPWD => $userPassword,
CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
CURLOPT_SSL_VERIFYPEER => $verifyPeer,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $fileContents
);
$curlHandle = curl_init();
$success = curl_setopt_array($curlHandle, $curlOptions);
throw new Exception(
sprintf(
"curl_setopt_array(...) failed. Error: %s. Info: %s",
curl_error($curlHandle),
print_r(curl_getinfo($curlHandle), true)
),
curl_errno($curlHandle)
);
}
$curlReturn = curl_exec($curlHandle);
$httpCode = curl_getinfo($curlHandle, CURLINFO_HTTP_CODE);
I came across this post How can I ingest an image into Fedora Commons using PHP? tried the suggested method but still no luck.
What am I doing wrong? What am I missing? Why is it possible to add an html file datastream to the digital object but it fails when I try to
add .jpeg, .pdf, .txt etc?
I finally fixed the error. The exception was being caused by the way I was structuring my URL parameters in my curl request. Using a URL with the following format:
$url = "http://localhost:8080/fedora/objects/changeme:5/datastreams/NEWDS8?controlGroup=X&dsLabel=LAZLO";
will throw the error. Instead, you have to build an http query of all the options you want attached to the POST request. I did that as follows:
$array = array();
$array['dsID'] = '5' ;
$array['controlGroup'] = 'M' ;
$array['altIDS'] = 'Other';
$array['versionable'] = true;
$array['dsLabel'] = 'The pic';
$array['logMessage'] = 'Example log message';
$link = "http://localhost:8080/fedora/objects/changeme:5/datastreams/newobject";
$params = http_build_query($array);
$url = $link.'?'.$params; //add the http query parameters to the url
Thereafter, I made my curl request as before and it will successfully create a data stream attached to the digital object.
Hope this will help someone in the future.
Does anyone here know about how to access Google Photos API now that Google has started using OAuth2? The PHP client library in their developer website is now obsolete and does not work!
I have used OAuth to work with Google Drive but Photos does not work! :(
First I use Google_Client to successfully authenticate user. Then in the redirect page I am trying following:
require_once("Google/Client.php");
//set up path for Zend GData, because Google Documentation uses that lib
$clientLibraryPath = '/path/to/ZendGData/library';
$oldPath = set_include_path(get_include_path() . PATH_SEPARATOR . $clientLibraryPath);
require_once 'Zend/Loader.php';
Zend_Loader::loadClass('Zend_Gdata_Photos');
try
{
$authCode = $_GET['code']; //authorization code returned from google
//next create google OAuth Client object and validate...
$webAuth= new Google_Client();
$webAuth->setClientId($clientId);
$webAuth->setClientSecret($clientSecret);
$webAuth->authenticate($authCode); //this authenticate() works fine...
//now my problem is HOW do I tie this to GData API for Picasa :(
//I tried following but it throws error
//*Token invalid - Invalid token: Request token used when not allowed.*
$client = Zend_Gdata_AuthSub::getHttpClient($authCode);
$gp = new Zend_Gdata_Photos($client, "GData:2.0");
$userFeed = $gp->getUserFeed("default");
I have also tried a bunch of third party libraries, tried hooking up my $webAuth into Zend_GData_Photos in everywhich way I can try...I even tried raw curl calls, but nothing is working!
Can anyone help me please? I am at my wits end....I can't believe Google left a fully functional library (PicasaWeb PHP API Ver 1.0) hanging like that when they updated their authentication to OAuth.
I had the same problem but finally I got it working again.
The best thing is, that you do not need any client library to get access to private photos.
I have spent two days trying to make it work with 'service account' but with no luck.
Then I have found this page:
https://holtstrom.com/michael/blog/post/522/Google-OAuth2-with-PicasaWeb.html
which helped me to achieve what I wanted.
It is pretty long article but it should not take to long to sort it out and get it working. Basically you will need to use 'OAuth 2.0 client ID' instead of 'Service account' in your project at https://console.developers.google.com
Within your 'OAuth 2.0 client ID' you will have following information:
Client ID (something-random.apps.googleusercontent.com)
Client Secret (random-client-secret)
Name (www.yoursite.com)
Authorized JavaScript origins (https://www.yoursite.com)
Authorized redirect URIs (https://www.yoursite.com/oauth2.php)
You will use this data in your verification process.
Before you begin, you will need to complete OAuth Consent Screen.
In that tutorial there is a note to store these tokens in DB, but in this case I'd rather suggest to display them directly in web page. This is much easier.
There is suggestion to use https rather than http but it should work on both.
I have used https for my application.
This is shorter version of the article from the link above.
Create oauth2.php file and place it on https://www.yoursite.com/oauth2.php
<?php
if (isset($_GET['code']))
{
$clientId = 'your-client-id.apps.googleusercontent.com';
$clientSecret = 'your-client-secret';
$referer = 'https://www.yoursite.com/oauth2.php';
$postBody = 'code='.urlencode($_GET['code'])
.'&grant_type=authorization_code'
.'&redirect_uri='.urlencode($referer)
.'&client_id='.urlencode($clientId)
.'&client_secret='.urlencode($clientSecret);
$curl = curl_init();
curl_setopt_array( $curl,
array( CURLOPT_CUSTOMREQUEST => 'POST'
, CURLOPT_URL => 'https://accounts.google.com/o/oauth2/token'
, CURLOPT_HTTPHEADER => array( 'Content-Type: application/x-www-form-urlencoded'
, 'Content-Length: '.strlen($postBody)
, 'User-Agent: www.yoursite.com/0.1 +https://www.yoursite.com/'
)
, CURLOPT_POSTFIELDS => $postBody
, CURLOPT_REFERER => $referer
, CURLOPT_RETURNTRANSFER => 1 // means output will be a return value from curl_exec() instead of simply echoed
, CURLOPT_TIMEOUT => 15 // max seconds to wait
, CURLOPT_FOLLOWLOCATION => 0 // don't follow any Location headers, use only the CURLOPT_URL, this is for security
, CURLOPT_FAILONERROR => 0 // do not fail verbosely fi the http_code is an error, this is for security
, CURLOPT_SSL_VERIFYPEER => 1 // do verify the SSL of CURLOPT_URL, this is for security
, CURLOPT_VERBOSE => 0 // don't output verbosely to stderr, this is for security
) );
$response = curl_exec($curl);
$http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
curl_close($curl);
echo($response);
echo($http_code);
}
else { echo 'Code was not provided.'; }
?>
Prepare and visit this link:
https://accounts.google.com/o/oauth2/auth?scope=https://picasaweb.google.com/data/&response_type=code&access_type=offline&redirect_uri=https://www.yoursite.com/oauth2.php&approval_prompt=force&client_id=your-client-id.googleusercontent.com
fields to adjust: redirect_uri and client_id
After visiting link from step 2. you should see your consent screen where you will have to approve it and you will be redirected to your oauth.php page but this time with code parameter:
https://www.yoursite.com/oauth2.php?code=some-random-code
'code' parameter will be then sent by oauth.php to: https://accounts.google.com/o/oauth2/token
which will return(print) json formatted data containing: access_token, token_type, expires_in and refresh_token.
Http Response code should be 200.
Access_token will be the one to use to get privet albums data.
Create index.php with content:
<?php
$curl = curl_init();
$url = 'https://picasaweb.google.com/data/entry/api/user/default';
curl_setopt_array( $curl,
array( CURLOPT_CUSTOMREQUEST => 'GET'
, CURLOPT_URL => $url
, CURLOPT_HTTPHEADER => array( 'GData-Version: 2'
, 'Authorization: Bearer '.'your-access-token' )
, CURLOPT_RETURNTRANSFER => 1 // means output will be a return value from curl_exec() instead of simply echoed
) );
$response = curl_exec($curl);
$http_code = curl_getinfo($curl,CURLINFO_HTTP_CODE);
curl_close($curl);
echo($response . '<br/>');
echo($http_code);
?>
After running script from step 5. you should receive your default feed from picasaweb API. When I say 'default' it ,eans default when you are logged that is with private albums. From now on, you should be able to use that approach to get access to your picasa photo library.
Access token will expire after 3600 seconds (1 hour) so you will have to get new one. this can be achieved with script like this one below:
$clientId = 'your-client-id.apps.googleusercontent.com';
$clientSecret = 'your-client-secret';
$referer = 'https://www.yoursite.com/oauth2.php';
$refreshToken = 'your-refresh-token';
$postBody = 'client_id='.urlencode($clientId)
.'&client_secret='.urlencode($clientSecret)
.'&refresh_token='.urlencode($refreshToken)
.'&grant_type=refresh_token';
$curl = curl_init();
curl_setopt_array( $curl,
array( CURLOPT_CUSTOMREQUEST => 'POST'
, CURLOPT_URL => 'https://www.googleapis.com/oauth2/v3/token'
, CURLOPT_HTTPHEADER => array( 'Content-Type: application/x-www-form-urlencoded'
, 'Content-Length: '.strlen($postBody)
, 'User-Agent: www.yoursite.com/0.1 +https://www.yoursite.com/'
)
, CURLOPT_POSTFIELDS => $postBody
, CURLOPT_RETURNTRANSFER => 1 // means output will be a return value from curl_exec() instead of simply echoed
, CURLOPT_TIMEOUT => 15 // max seconds to wait
, CURLOPT_FOLLOWLOCATION => 0 // don't follow any Location headers, use only the CURLOPT_URL, this is for security
, CURLOPT_FAILONERROR => 0 // do not fail verbosely fi the http_code is an error, this is for security
, CURLOPT_SSL_VERIFYPEER => 1 // do verify the SSL of CURLOPT_URL, this is for security
, CURLOPT_VERBOSE => 0 // don't output verbosely to stderr, this is for security
) );
$response = curl_exec($curl);
$http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
curl_close($curl);
if (strlen($response) < 1)
{ echo('fail 01'); }
$NOW = time();
$responseDecoded = json_decode($response, true); // convert returned objects into associative arrays
$expires = $NOW - 60 + intval($responseDecoded['expires_in']);
if ( empty($responseDecoded['access_token'])
|| $expires <= $NOW )
{ echo('fail 02'); }
echo($http_code . '<br/>');
echo($response . '<br/>');
echo($expires . '<br/>');
?>
You can run code from step 7. in separate script manually, just to get new access-token for another 3600 seconds, but normally you would want to have it automated so when access_token expires, you automatically ask for new one using a call with refresh_token from step 4.
Ufff. That is is. I hope you'll get this up and running.
I tried to send sms using php with the help of twilio API. But I have occeured fallowing errors when running code.
my code
{require ('./twilio/Services/Twilio.php'); // Loads the library
$accountSid = 'AC****************************';
$authToken = 'ec****************************';
$client = new Services_Twilio($accountSid, $authToken);
$sms = $client->account->sms_messages->create("number", "number", "Jenny please?! I love you <3");
errors
Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in C:\wamp\www\Pizza4U\twilio\Services\Twilio\HttpStream.php on line 62
Warning: file_get_contents(): Failed to enable crypto in C:\wamp\www\Pizza4U\twilio\Services\Twilio\HttpStream.php on line 62
Is there a way to fix this. Thank you
To avoid SSL certificate issues on wampserver localhost whilst testing, make sure that you insert the following line of code:
CURLOPT_SSL_VERIFYPEER => false,
in
twilio/sdk/Twilio/Http/CurlClient.php (from line 113 onwards)
public function options($method, $url, $params = array(), $data = array(),
$headers = array(), $user = null, $password = null,
$timeout = null) {
$timeout = is_null($timeout)
? self::DEFAULT_TIMEOUT
: $timeout;
$options = $this->curlOptions + array(
CURLOPT_URL => $url,
CURLOPT_HEADER => true,
CURLOPT_RETURNTRANSFER => true,
//added here during localhost wampserver testing to avoid SSL issues
//CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_INFILESIZE => Null,
CURLOPT_HTTPHEADER => array(),
CURLOPT_TIMEOUT => $timeout,
);
Remove the line once you are in production mode. The server that you are hosted on will I'm sure have the correct bundle of trusted certificates. At least with this setting set to false, your twilio application on localhost will not be checking your localhost for SSL certificates. This avoids having to download the correct certificates and bypasses the issues completely. See pflammer's comment at https://github.com/twilio/twilio-php/issues/203.
What is the procedure for sending secure data (login id, password) over https to an Apache 2.2 server with self-signed certificates?
<?php
$uid=$_POST['user'];
$password=$_POST['pass'];
$url = "https://example.com/login";
$cert_file = './certificate.com.pem';
$cert_password = 'xxxxxx';
$ch = curl_init();
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_POSTFIELDS => 'uid:'.$uid.'&password:'.$password,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_VERBOSE => true,
CURLOPT_URL => $url ,
CURLOPT_SSLCERT => $cert_file ,
CURLOPT_SSLCERTPASSWD => $cert_password ,
CURLOPT_POST => true
);
curl_setopt_array($ch , $options);
$output = curl_exec($ch);
if(!$output)
{
echo "Curl Error : " . curl_error($ch);
}
else
{
echo htmlentities($output);
}
?>
the ERROR we are getting is :
curl error:unable to use client certificate (no key found or wrong passphrase ?)
You'd need to think about it this way:
Your local server asks the remote server to validate the login info. — You would need to make an exception for the self-signed certificate and remember it. (It would be a really a bad habit to simply ignore certificate errors.)
Your local server then checks if the data the remote one sent back isn't an error message and is indeed valid JSON data.
Here's some info on how to make curl remember the self-signed certificate and trust it permanently: http://turboflash.wordpress.com/2009/06/23/curl-adding-installing-trusting-new-self-signed-certificate/ — It should work for the command-line utility just as well as the PHP module.
So, let's make a little function for it. — I'm not going to test its functionality, so I can't promise to have it perfectly error free. I'm also using some practices I wouldn't use in production code, don't account for an API key, use GET parameters and I also make the remote server responsible for any serious sort of error checking and sanitation.
<?php
function remote_login($username, $password) {
/*
Initialize the curl object
*/
$login = curl_init();
/*
Some sanitation. This is probably not enough though.
*/
$username = urlencode($username);
$password = urlencode($password);
/*
Set the url we're going to use.
REST services use clean urls, but here we simply use GET parapeters.
*/
$login_url = 'https://example.com/?username='+$username+'&password='+$password;
curl_setopt($login, CURLOPT_URL, $login_url);
/*
Tell curl we would like to use the data returned from the remote server
*/
curl_setopt($login, CURLOPT_RETURNTRANSFER, true);
/*
Set the returned data as a variable
*/
$login_data = curl_exec($login);
$login_json = json_decode($login_data);
/*
We're not going to do anything else if we encounter any sort of error.
*/
if (($login_data == false) || ($login_json == false)) {
return false;
}
/*
Return the login result as a JSON object
*/
return json_decode($login_data);
}
?>
Hope this helps.