I'm using google recaptcha v2 on my websites (html / php).
On the server side I am trying to contact google recaptcha to check the user's input:
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$privatekey."&response=".$_POST['g-recaptcha-response']);
The line above is not working. It normally just times out. Occasionally it will work though.
IPv6 is the Issue
It appears to be an issue with the call to google resolving to IPv6 (from https://github.com/google/recaptcha/issues/193)
I have tried turning off IPv6 on my internet connection and that makes it work.
How do I fix this issue properly? I don't think I could turn off IPv6 on the servers (we use some shared hosting as well as a VPS). Is there a way to force it to resolve to IPv4?
Thanks!
Issue was that php could not verify the SSL certificate. The IPv4 / IPv6 was a bit of a red herring I think.
Great post here on that: file_get_contents(): SSL operation failed with code 1. And more
Related
Just installed DreamFactory on a server and have it connecting correctly to the database. When trying to send a cURL request, I'm receiving this error:
curl: (35) Unknown SSL protocol error in connection to [api.domain.net].
I'm not exactly sure where to start to get this to work with an SSL connection to the database. Any help would be incredible at this point because searching this issue isn't helping much.
Are you forcing SSL3? Since DreamFactory docs say "Using SSL with our API requires SSL3" you may need to use the -3 or --sslv3 cURL options, as indicated on the cURL man page. The DreamFactory docs page of cURL examples uses the -3 option repeatedly. You will need to ensure that SSLv3 support is enabled in your web server of choice, as well.
This SO answer indicates the cURL error message "Unknown SSL protocol error" can be caused by using the wrong SSL/TLS protocol version, so the above is the most likely resolution given the details provided.
You will also need to ensure you've properly installed and enabled your SSL cert. If you deployed DreamFactory using Bitnami, you may want to review their documentation on enabling SSL. If you installed DreamFactory manually, you will need to consult documentation for your particular environment. Just visiting https://[api.domain.net] in a modern browser should give you a good indication of whether or not your cert is properly installed and enabled. Your browser will also report which version of SSL is being used.
Since your question is not specific and does not provide details on your setup, I cannot provide a more concrete answer. If you can edit to provide basic information, the community may provide a better response.
We are using PHP and fsockopen() to check if a host is available. It works great for standard ipv4 addresses, but recently we started adding ipv6 addresses and it fails. According to the PHP documentation for fsockopen() we simply just need to enclose the ipv6 address in brackets for ipv6 support.
fsockopen('[2a03:b0c0:3:d0::14a:e001]', 80, $return_error_number, $return_error, 10);
However, we are always getting:
Network is unreachable
Does the server running PHP need to support ipv6 as well for this to work? Any other gotchas?
Network is unreachable
This is an error message of the underlying infrastructure and is most likely not produced by PHP itself. It means that the network trying to be reached (in this case the IPv6 global scope) cannot be communicated with. This is usually due to misconfiguration or failure to implement IPv6 by the ISP.
Does the server running PHP need to support ipv6 as well for this to work?
Yes. Very much so. Think of network protocols as languages spoken over phone lines; if two callers don't speak the same language they won't be able to understand each other and hence their information will be mutually unreachable.
There are however services that let you NAT or embed IPv6 within IPv4, maybe even by your ISP. Such offers are usually titled "IPv6 tunnel" or similar. Inquiring about IPv6 at you ISP is usually a good first step - professional server hosters and datacenters will often provide an option to enable or order basic IPv6 through their customer panel.
Check if IPv6 is properly configured for your particular environment or if you want to utilize a tunnel service. If there is no other simple way for you to get global IPv6 connectivity, then you will probably not be able to get your code to work.
A great stackexchange community for server configuration of any kind is https://serverfault.com/ and many questions about IPv6 have already been answered there.
I run wordpress sites on my domains. I am having an issue with cURL on the server side.
Basically I have tried installing multiple plugins on my sites (Some fresh installs) but they all result in the same cURL error
"cURL: Curl is available but cannot access Facebook! (0 - )"
I have asked around and some have said it is a server side problem.
If anyone has any knowledge or experience why this might be happening would be great to know.
Examples of plugins I am using (I have also tried others)
http://wordpress.org/extend/plugins/wp-fb-autoconnect/
http://wordpress.org/extend/plugins/simple-facebook-connect/
Your hosting provider probably has an IP filter activated.
You can issue outgoing connections only towards domains/IPs you specify in the cPanel.
You either specify the domain/IP in the cPanel or ask the hosting providers to deactivate the filter.
I am using Google GeoCoding services.
I have a PHP application which calls the Google Maps API, and receives JSON data.
The function which calls Google Maps host hangs until it times out, but only when I push to Godaddy Virtual Private server.
I have already ssh'd into the server and edited php.ini
I changed "safe mode" to "off"
I get this error message:
Message:
file_get_contents(http://maps.googleapis.com/maps/api/geocode/json?address=xYxY&sensor=false):
failed to open stream: Connection timed out
This works fine in my WAMP server but fails on live server. Any ideas why?
I have found the answer. What has been a week, now? I hope others find this solution. The virtual dedicated servers from GoDaddy are ipv6 enabled, but google maps API is having none of that. So tell Curl to force v4 request, like this:
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 );
credit is due in part to a blog where I found this information:
http://www.businesscorner.co.uk/disable-ipv6-in-curl-and-php/
Rather than just disabling IPv6, you can try to connect over one IP version and then swap to the other if the first attempt fails. This makes your implementation more robust to temporary routing issues on your and the remote end.
You can get this behavior in file_get_contents() by binding the connection to an interface with either inet6 or inet, and then try the other address family if the first attempt returns FAIL. I wrote up how to make file_get_contents() more routing-robust and dual-stack for anyone that is interested. I also shows you how to force connections to use IPv4 or IPv6 if you prefer to go down that route.
Use curl for getting external data. Many shared servers prevent use of file_get_contents for external data (http://www.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen) due to security risks.
Plenty of curl examples online.
Check your network. Google doesn't block such request.
Check here.
Ok, I'm sure someone is going to tell me this is a really dumb idea but please humor me.
I have a php site that is hosted using Lighttpd. I have multiple domains that resolve to my website (for example...mysite.com and mysite2.com). These sites need to use https.
When either mysite.com or mysite2.com are requested I want my php page to respond with the correct certificate. So, to clarify, when the browser gets the response from my php page it will not complain about the certificate because it will use the correct certificate.
Is this possible? How?
Thanks!
EV
By the time PHP is running the SSL handshake has already been completed by your web server, so there's no way it can do anything about the certificate.
If you're using name-based virtual hosting but you still want to use different SSL certificates, you can leverage on SNI (an extension on SSL and TLS) which is supported by most browsers and web servers (requires OpenSSL >= 0.9.8), including Lighttpd.