I've done extensive testing, enabled verbose cURL logging (Leaves no logs, gives a generic cURL error #7), tried using the built in handlers through file_get_contents. (Also errored, see below) It seems no matter what if I attempt to request information from anything on the roblox.com domain from my app it gets errored before it can even try. I know it is not the distant end as multiple other sites are working fine aswell as I've used an alternate host to try the same communications that I'm doing with Google App Engine and it worked without any issue. At this point I can only conclude that Google has banned my app from communicating with the ROBLOX website without giving me any indication of any kind. If this is true, why is my app banned, and more importantly, why wasn't I alerted?
cURL output with verbose logging enabled:
https://api.roblox.com/users/get-by-username?username=christbru01
CURL Failed with error #7:
CURL HTTP CODE #0
CURL INFO: 0
This is the code which generated these:
syslog(LOG_DEBUG,(string)$newurl);
syslog(LOG_WARNING,'CURL Failed with error #'.curl_errno($s).": ".curl_error($s));
syslog(LOG_DEBUG,'CURL HTTP CODE #'.curl_getinfo($s,CURLINFO_HTTP_CODE));
syslog(LOG_DEBUG,'CURL INFO: '.curl_getinfo($s,CURLINFO_HTTP_CONNECTCODE));
file_get_contents output:
file_get_contents(https://api.roblox.com/users/get-by-username?username=Christbru01): failed to open stream: Connection error
This is the code which generated this:
echo file_get_contents("link removed due to insufficient reputation");
You need to enable cURL in your instance by adding google_app_engine.enable_curl_lite = "1" to your php.ini file.
https://cloud.google.com/appengine/docs/php/config/php_ini
Related
My dilemma is that I have two domains running on localhost, domain_a and domain_b. They're both running nginx, apache, and php-fpm. domain_a is running CodeIgniter 3.0.0, and domain_b is running CodeIgniter 4. In another VM, I had domain_a in a Docker container, and was able to hit the API endpoints in domain_b without any issues. Development work made it a requirement to have them both be on the same server, as it's close to how it will be in other environments.
For specifics, we're using the PHP oAuth module, and it throws an error that "making the request failed (dunno why)", which is extremely helpful. After some digging, I found that I could hit other endpoints without issue (such as google.com and a known endpoint outside these domains). I attempted to use cURL in place of oAuth (just a simple test to hit the endpoint), and I consistently get the same error.
tls_process_server_certificate:certificate verify failed
The certs I use are all self-signed for both domains, and I'm able to reach both domains from within the browser without issue. If it matters, both domains have user certs when logging in, but the users aren't the same, as each domain has their own self-signed CA.
My current code is this:
$conn = new OAuth($consumer_key, $consumer_secret, $oauth_sig_method);
$conn->enableDebug();
/*
if (is_on_local()) {
$conn->setCAPath('path/to/cert.cert');
}*/
$conn->disableSSLChecks();
$token = $conn->getRequestToken($auth_url);
I left the commented out part in to show what I've tried - I've tried pointing that to the system cert, domain_a CA, and domain_b CA, none of which worked. It looks like (for some reason) $conn->disableSSLChecks() isn't working, but I'm not sure of that. The error thrown is in the call to getRequestToken().
My etc/hosts file:
127.0.0.1 domain_a.tld
127.0.0.1 domain_b.tld
The actual TLD isn't tld, but again, they work in the browser and it worked before when domain_a was in Docker.
I've already tweaked domain_a enough so CI 3 works with PHP 8, so I'm convinced the problem is talking from one domain to the other. I'm running RHEL 8, and I've already got SELinux set to Permissive (actually disabled, I think, for development). There's nothing in httpd, nginx, php-fpm, or firewall logs. The only indicator I have is what I get from CI 3 logs in domain_a:
Severity: Warning --> OAuth::getRequestToken(): SSL operation failed with code 1.
OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /path/to/file
Severity: Warning --> OAuth::getRequestToken(): Failed to enable crypto in /path/to/file
Severity: Warning --> OAuth::getRequestToken(domain_b/oauth/access): Failed to open stream: operation failed in /path/to/file
I feel like the answer is right there, I'm just not seeing it.
As usual, shortly after explaining my issue I found the fix.
Currently, I have the endpoint as https://domain_b.tld/oauth/access. After some tinkering, I got a different error about SSL version. That put me on the track to the correct answer:
http://domain_b.tld:port/oauth/access. I'm able to hit the endpoint now without issue. I've got a virtual hosts file that, even though both domains are on the same port, I had to specify it or the call fails.
If anyone else runs into this issue, check the base URL. I never would have thought about hitting http rather than https as a solution.
I am using Quickbooks PHP API and it is working fine when we set allow_url_fopen to true.
But when we set allow_url_fopen to false then this API is not
working.
I found that fetch function of OAuth library is not getting any
response.
When I debug, it gives error like this "Fatal error: Uncaught
exception 'OAuthException' with message 'making the request failed
(dunno why)' "
For use OAuth, we have to set allow_url_fopen to true?
allow_url_fopen allows functions such as fopen, fsockopen to be URL aware, as a result, these functions can read remote data. If you turn this setting off, these functions are no longer URL aware, which means you cannot use URL to open a file. I suspect the API is using these function(s) to allow for remote connections. This setting is a security feature, which stops your scripts from accessing remote files.
I am getting an error with nusoap and/or SugarCRM. Here is the error:
XML error parsing SOAP payload on line 1: Mismatched tag
I get that in the $soapclient->error_str response. Not exactly sure what this error means or where it is located and I could use some help. So here is the background, I am working in SugarCRM with the included nusoap class and have an external site accessing the soap interface. The weird thing is that I have working copy running locally and this error only occurred when I uploaded it to my linux server.
I now I have a low reputation but if you give a working answer I will accept it. And also, I have researched the error with no luck. Any help would be much appreciated. If you need me to post any code, just let me know.
MORE INFO:
I am using SugarCRM CE 6.2.1. My soap entry point is http://server/sugar/soap.php. Here is my instation of the nusoap client.
$soapclient = new nusoap_client('http://server/sugar/soap.php');
Here is an example of a call made to the soap client
$result = $soapclient->call('update_existing_contact', array($session_id, $data));
However the error is the same for every call.
Also I get the same error when I try to use the sugar/examples/SoapTest.php so I don't think it is the client.
Like I said earlier the thing that is the most weird is that the problem only occurs on my server even when it is the same code.
I would try to use e.g. SoapUI to test the web service. If that works, you know it's most likely a problem with the client. Some other suggestions for debugging
Look in the web server log (Is the call getting through OK)
Enable the SugarCRM logging and set the level to debug
Either enable PHP error output or make PHP log errors to a log file
Use e.g. SoapUI to test SOAP call
See question 5396302 for a thorough SOAP example
Check the SugarCRM SOAP documentation
I am stumped. The code is exactly the same and they are both hosted by the same rackspace . . . yet one works fine and the other generates an error:
[domdocument.load]: failed to open stream: HTTP request failed!
The code is fairly simple:
$doc = new DOMDocument();
$page_url = **valid XML feed**
$doc->load($page_url);
So I do not understand what is causing the error . . . Any ideas on what to check?
Also: everything was working fine until yesterday - so it must have been something in one of the (unfortunately very numerous) patches implemented yesterday. Just need an Idea of where to start looking
Some investigating reveals it is the feed's problem - (Indeed's job API) - switched to a different job feed provider & everything is working, still confused why it would work in dev but not production (unless indeed blocked us for some reason)
URL wrappers on your system might be disabled. Please can you check the value of the PHP ini variable allow_url_fopen? If it's disabled you won't be allowed to fetch files from URLs.
echo ini_get('allow_url_fopen');
Maybe:
http://www.php.net/manual/en/domdocument.load.php#91384
Jonas Due Vesterheden 09-Jun-2009 03:18
I had a problem with loading documents over HTTP. I would get errors looking like this:
Warning: DOMDocument::load(http://external/document.xml): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error
The document would load fine in browsers and using wget. The problem is that DOMDocument::load() on my systems (both OS X and Linux) didn't send any User-Agent header which for some weird reason made Microsoft-IIS/6.0 respond with the 500 error.
If you're using a remote feed (not on a machine local to each server) then chances are it's due to something related with allow_url_fopen. Usually loading files remotely as if they were a local resource is disabled for security reasons.
OK I found the problem: IP address was being blocked by the api provider . . . thanks for the advice anyways.
I've just migrated from PHP 5.2.3 using php5isapi.dll to PHP 5.3.0 using FastCGI and php-cgi.exe. On this site I have hooks for windows/ntlm/http authentication doing something like this:
if(empty($_SERVER["REMOTE_USER"]))
{
header("HTTP/1.1 401 Unauthorized");
exit;
}
$winuser = $_Server["REMOTE_USER"];
//parse $winuser to make sure it is on my domain, and can login to the site.
//set a cookie specifying that this user is logged in
//redirect to site.
This worked just great under PHP 5.2.3 with isapi. Now that I've moved to FastCGI on IIS6, it is broken. It works for me, but I have administrator on the server. Those without administrator (most people) see some variant of the following:
FastCGI Error
The FastCGI Handler was unable to process the request.
________________________________________
Error Details:
• The FastCGI process exited unexpectedly
• Error Number: -1073741819 (0xc0000005).
• Error Description: Unknown Error
HTTP Error 500 - Server Error.
Internet Information Services (IIS)
I have tried plowing through documentation and log files, but can't seem to make any headway. I don't actually want the remote username to be used to access my .php files, I just want to grab the name and match to my database. The anon user should still be the one doing the actual php execution.
Any leads?
Some progress, but no real solution yet.
Following the advice here was useful: FastCGI Docs
Especially the Security Recommendations section. This got my errors out of FASTCGI 500 and into the php error log.
It appears that PHP/IIS/FastCGI wants to access the session directory (mine is C:\PHP\Session) via whatever user attempts to authenticate instead of the anon user.
Setting "Modify" permissions on that folder to "All Users" allows the site to work as desired. However, I'm then wondering how big of a security hole I'm creating by doing this...