In addition to walking the user through the PayPal checkout process, I first need to do some DB work. Then I need to post 'https://www.paypal.com/cgi-bin/webscr/ using cURL, but I receive an error:
Bad Request. Your browser sent a request PayPal cannot understand.
I have added the following certificate to my shared server as instructed by the PayPal docs:
COMODO ECC Certification Authority
-----BEGIN CERTIFICATE-----
MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC
R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix
GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X
4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni
wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E
BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG
FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA
U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
-----END CERTIFICATE-----
Here is the relevant PHP code:
function post2PayPal() {
$url = 'https://www.paypal.com/cgi-bin/webscr';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
echo 'pp=' . $response;
exit();
}
post2PayPal();
What am i missing?
Related
I need to test a whois service to test domain names with PHP and a proxy connection with authentification. It works very well for whois.verisign-grs.com for the .com or whois.nic.fr for the .fr, but for the .org, I have the following result, and I don't understand what command it is waiting for?
I couldn't find a doc to refer me.
Thanks !
result : string(57) "Neither object nor interpretation control keyword found
"
$server='whois.pir.org';
$domain='archive.org';
$useragent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$server);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, true);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_PROXYPORT, $port);
curl_setopt($ch, CURLOPT_PROXY, $proxy);
curl_setopt($ch, CURLOPT_PROXYTYPE, 'CURLPROXY_SOCKS5');
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $userpass);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "$domain \r\n");
//curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "-T dn $domain\r\n");
$result = curl_exec($ch);
var_dump($result);
curl_close($ch);
WHOIS is NOT a HTTP protocol.
If you need to access the WHOIS information via cURL, I suggest you to look into the existing API providers such as JSONWHOIS, IP2WHOIS or WHOXY.
I have the following code :
<?php
$cookie_file_path = "cookie.txt"; //
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'theurl');
curl_setopt($ch, CURLOPT_POSTFIELDS,'blocPnr_textField_labelNom='.urlencode('www').'&blocPnr_textField_labelPnr='.urlencode('xxx').'&blocPnr_valider=Submit');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSLVERSION,3);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file_path);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file_path);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3");
curl_setopt($ch, CURLOPT_REFERER, "theurl");
$page = curl_exec($ch);
var_dump($page);
echo 'error:' . curl_error($ch);
?>
It gives me the following error:
bool(false) error:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
I can't figure out where the pb comes from. I looked for similar error message on Google and S/O but haven't found any solution.
You're trying to use version 3 of the SSL protocol which is either refused or unsupported by the server. The POODLE attack pushed a lot of system administrators to drop support for SSLv3 and its usage is not so widespread anymore (and definitely not recommended).
When you have SSL handshake errors, try different versions of SSL/TLS until one works (preferably the most secure). If you have a doubt, using CURL_SSLVERSION_DEFAULT works in most cases.
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_DEFAULT);
It seems that formulaire.sncf.com supports TLSv1.0. You could also force use that protocol version:
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0);
I am trying to integrate/replace my web edit queue into Trello.
I made an organization which is not public but have created a token for read/write access.
I haven't seen a good PHP wrapper for the Trello API (have looked at the two available and couldn't really get them up and running for my purposes.)
Anyway, what I'd like to do is provide rather rudimentary access to read and insert cards to a particular list.
I have gotten as far as using the API to return the results of a List using the following:
https://api.trello.com/1/lists/[mylistID]/cards?key=[myappkey]&token=[mytoken]
I get exactly what I want as a result, json of the cards in the list.
Now I;m trying to recreate that in PHP using CURL and I'm getting an error response of unauthorized or bad request from whatever I try in the following code:
$url = "https://api.trello.com/1/lists/[myboardID]/cards";
$trello_key = 'mykey';
$trello_list_id = 'mylistid';
$trello_member_token = 'mytoken';
$fields = "key=$trello_key&token=$trello_member_token&name=$name&idList=$trello_list_id";
e
# init curl
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLINFO_HEADER_OUT, TRUE); // make sure we see the sended header afterwards
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 0);
curl_setopt($ch, CURLOPT_POST, 1);
# dont care about ssl
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
# download and close
$output = curl_exec($ch);
$request = curl_getinfo($ch, CURLINFO_HEADER_OUT);
$error = curl_error($ch);
curl_close($ch);
So I'm just looking to see if anyone knows what I'm doing wrong. I feel like it should be simple but I've spent a couple hours on it and I think I need some help. Let me know if you have any ideas.
{i have left out obvious references to my API key, token, BoardID etc}
This actually seems to work for me. I was trying to use POST instead of the default GET with CURL. Still working on parsing the response but it seems like I'm on the right track. Got an "200 OK" in the response.
$url = 'https://api.trello.com/1/lists/[myListID]/cards?key=[MyApiKey]&token=[myToken]';
# init curl
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
//curl_setopt($ch, CURLOPT_POSTFIELDS, $encoded_fields);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLINFO_HEADER_OUT, TRUE); // make sure we see the sended header afterwards
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 0);
//curl_setopt($ch, CURLOPT_POST, 1);
# dont care about ssl
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
# download and close
$output = curl_exec($ch);
$request = curl_getinfo($ch, CURLINFO_HEADER_OUT);
$error = curl_error($ch);
curl_close($ch);
echo 'This is output = '.$output .'<br />';
echo 'This is request = '.$request .'<br />';
echo 'This is error = '.$error .'<br />';
$url = 'https://api.trello.com/1/boards/[myListID]/cards?key=[MyApiKey]&token=[myToken]';
# init curl
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
//curl_setopt($ch, CURLOPT_POSTFIELDS, $encoded_fields);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLINFO_HEADER_OUT, TRUE); // make sure we see the sended header afterwards
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 0);
//curl_setopt($ch, CURLOPT_POST, 1);
# dont care about ssl
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
# download and close
$output = curl_exec($ch);
$request = curl_getinfo($ch, CURLINFO_HEADER_OUT);
$error = curl_error($ch);
curl_close($ch);
echo 'This is output = '.$output .'<br />';
echo 'This is request = '.$request .'<br />';
echo 'This is error = '.$error .'<br />';
I'm only able to fetch from a site when I use cURL with a proxy. cURL without a proxy and file_get_contents() return nothing (cURL HTTP code "0" and curl_error()
Empty reply from server). I'm able to fetch other sites just fine without a proxy.
Aside from being blocked, is there any other possible explanation of why I can only access this site via proxy?
Did you set a USER AGENT in cURL? Sometimes websites will block you if your USER AGENT isn't set or if your HTTP request looks suspicious.
To set your USER AGENT in PHP:
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
Is this from your workplace or something? Many companies disable file_get_contents() on shared PHP installs, as it's quite risky.
The site probably has user agent detection. You can fake that in your curl call but I don't believe that's possible with file_get_contents(). Another method sites use is to only display content once a cookie has been set so site scrapers will never see the data.
Try this:
function curl_scrape($url,$data,$proxy,$proxystatus)
{
$fp = fopen("cookie.txt", "w");
fclose($fp);
$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($ch, CURLOPT_TIMEOUT, 40);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
if ($proxystatus == 'on')
{
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, TRUE);
curl_setopt($ch, CURLOPT_PROXY, $proxy);
}
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
ob_start(); // prevent any output
return curl_exec ($ch); // execute the curl command
ob_end_clean(); // stop preventing output
curl_close ($ch);
unset($ch);
}
I'm guessing I was truly blocked. Using proxy now and it works fine.
I am processing credit cards using a payment gateway. To POST the data to their servers, I am using cURL in PHP. I have an SSL certificate issued to my domain, to ensure all POST'ed data is encrypted. Because the SSL certificate is already installed, do I still need to use the SSL options for cURL? If so, which of the options do I need to set given my setup?
I have tried the following code unsuccessfully:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://secure.paymentgateway.com/blah.php");
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_CAINFO, getcwd().'/cert/ca.crt');
curl_setopt($ch, CURLOPT_SSLCERT, getcwd().'/cert/mycert.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'password');
curl_setopt($ch, CURLOPT_POST, $count);
curl_setopt($ch,CURLOPT_POSTFIELDS,"variables...");
$output = curl_exec($ch);
echo $output;
curl_close($ch);
Well you already disabled the verification (which I don't recommend: curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);). This opens you for Man-in-the-middle attacks.
Here's a simple tutorial that might help you:
http://developer.paypal-portal.com/pdn/board/message?board.id=ipn&message.id=12754#M12754