The following script returns "HTTP/1.1 401 Unauthorized" by requesting, but i am not sure why. I know, the request goes to a https, but i "denied" the option "CURLOPT_SSL_VERIFYPEER".. and i think, that's not the problem at all, is it?
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$html_brand = "https://example.com/api/test";
$ch = curl_init();
$options = array(
CURLOPT_URL => $html_brand,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_HEADER => TRUE,
CURLOPT_FOLLOWLOCATION => TRUE,
CURLOPT_CONNECTTIMEOUT => 120,
CURLOPT_TIMEOUT => 120,
CURLOPT_SSL_VERIFYPEER => FALSE,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPAUTH => CURLAUTH_DIGEST,
CURLOPT_USERPWD => "user:pass",
CURLOPT_HTTPHEADER => array(
'Content-Type: application/json; charset=utf-8'
)
);
curl_setopt_array( $ch, $options );
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ( $httpCode != 200 ){
echo "Return code is {$httpCode} \n"
.curl_error($ch);
echo "<pre>";
print_r($response);
} else {
echo "<pre>".htmlspecialchars($response)."</pre>";
}
curl_close($ch);
I think, there is just one more option for the curl missing..
Response:
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Tue, 19 May 2015 18:52:26 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Www-Authenticate: Digest realm="REST-API", domain="/", nonce="", opaque="", algorithm="MD5", qop="auth"
Cache-Control: nocache, private
Vary: Accept-Encoding
HTTP/1.1 400 Bad Request
Server: nginx
Date: Tue, 19 May 2015 18:52:26 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Cache-Control: nocache, private
Vary: Accept-Encoding
May it's kind of stupid, but is it something about the auth algorithm - md5? The password is in plain-text and not encrypted by md5.
EDIT: It seems, that it's not about MD5 - got same response after coding password to md5.
ONE MORE Edit: Okay, same client works pretty well on HTTP Layer (and another INSTANCE!) instead HTTPS.. So something is broken on HTTPS?
I had the same problem, in my case server had a 301 redirect to url with double slash. In browser's address bar it was invisble, when I checked server response to my browser I realized that.
Related
I am trying to get the response code from the response header using cURL PHP.
When I send the request, this is the response header that is returned by MYOB AccountRight API:
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Request-Context
Cache-Control: must-revalidate, private
Content-Encoding: gzip
Content-Type: application/json;charset=utf-8
Date: Thu, 20 May 2021 01:07:56 GMT
ETag: "XXXXXXXXX"
Expires: -1
Request-Context: appId=cid-v1:a4936349-ef26-4f8a-9268-XXXXXXXXX
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
X-Mashery-Message-ID: 2fc6b494-54e8-43e2-8bc4-XXXXXXXXX
X-Mashery-Responder: prod-j-worker-ap-southeast-2b-33.mashery.com
x-myobapi-elapsed: 1370
x-myobapi-requestid: bb0764c8-f62d-4848-bcae-XXXXXXXXX
X-Powered-By: ASP.NET
Content-Length: 1205
Connection: keep-alive
I have tried the solution from Getting HTTP code in PHP using curl , but I will not get the http code.
This is my code to get the accounts data:
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://ar1.api.myob.com/accountright/766d620e-a5eb-41c3-8343-XXXXXXXX/GeneralLedger/Account?$filter=Name%20eq%20\'Inventory\'%20or%20Name%20eq%20\'Cost%20Of%20Sales\'%20or%20Name%20eq%20\'Inventory%20Income\'',
CURLOPT_HEADER => true,
CURLOPT_NOBODY => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'GET',
CURLOPT_HTTPHEADER => array(
'x-myobapi-version: v2',
'Accept-Encoding: gzip,deflate',
'x-myobapi-key: '.$theAPIKey,
'x-myobapi-cftoken: '.$theCFToken,
'Authorization: Bearer '.$theAccessToken
)
));
$response = curl_exec($curl);
$theInfo = curl_getinfo($response);
$http_code = $theInfo['http_code'];
curl_close($curl);
echo 'http code: ' . $http_code . '<br />';
echo '<pre>';
echo $response;
echo '</pre>';
When I echo the http code, nothing will be printed.
I think you need to pass $curl to the curl_getinfo method, not the $response
$response = curl_exec($curl);
$theInfo = curl_getinfo($curl);
$http_code = $theInfo['http_code'];
You can see the doco here.. https://www.php.net/manual/en/function.curl-getinfo.php
This is the error am getting in my curl PHP
HTTP/1.1 401 Unauthorized Cache-Control: no-cache Pragma: no-cache Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 WWW-Authenticate: Bearer WWW-Authenticate: Bearer X-Powered-By: ASP.NET Date: Thu, 23 Apr 2020 10:57:54 GMT Content-Length: 61 {"Message":"Authorization has been denied for this request."}";
The API isn't receiving an access token, I think its lacking authorization. pls help me with this below authorization code to add in my code properly, am a little bit confused where to add it.
below is the authorisation code
curl_setopt($handle1, CURLOPT_HTTPHEADER, array("Authorization: Bearer ".$access_token));
//the code I have written
<?php
$access_token = $_SESSION['token'];
$request_headers = array();
$request_headers[] = 'Bearer: ' . $access_token;
//$request_headers[]='Content-Length:150';
$handle1 = curl_init();
$api_url = 'API';
curl_setopt_array(
$handle1,
array(
CURLOPT_URL => $api_url,
CURLOPT_POST => false,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => $request_headers,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_HEADER => true,
CURLOPT_TIMEOUT => -1,
)
);
$data = curl_exec($handle1);
echo serialize($data);
?>
$request_headers[] = 'Bearer: ' . $access_token;
it seems like a typo -> $request_headers[] = 'Authorization: Bearer ' . $access_token;
Getting empty message as response PHP CURL
I have tried print_r, the httpcode is 200, even CURLOPT_VERBOSE shows no error. However, it is not returning any value.
curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "http://dummy.com/xxx",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_VERBOSE=>true,
CURLOPT_TIMEOUT => 50,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => $payload,
CURLOPT_HTTPHEADER => array(
"Authorization: Basic xxx",
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "error:" . $err;
} else {
echo "response: ".$response;
}
I am getting
response:
when I do CURLOPT_VERBOSE, this returned:
* Trying xxx.xx.xx.xxx...
* TCP_NODELAY set
* Connected to xxx.xx.xx.xxx (xxx.xx.xx.xxx) port xxxx (#0)
> POST /jw/web/json/plugin/org.joget.webservices.JsonRegistrationApiService/service HTTP/1.1
Host: xxx.xx.xxx.xxx
Accept: */*
Authorization: Basic Yxxxxxx
Content-Length: 775
Expect: 100-continue
Content-Type: application/json; boundary=------------------------916024cad4258a00
< HTTP/1.1 100
< HTTP/1.1 200
< Set-Cookie: JSESSIONID=4ED88EE9FD9746ED9C5F345F713FDB69; Path=/jw; HttpOnly
< X-Content-Type-Options: nosniff
< Content-Type: application/json;charset=utf-8
< Content-Length: 0
< Date: Tue, 16 Apr 2019 06:19:00 GMT
<
* Connection #0 to host xx.xx.xx.xxx left intact
Any php master care to help?
Content-Length: 0 means your content's length is zero.
Actually it is a good practice to return no content on POST request. So your curl code probably works fine.
The idea of this response is just to set you a session cookie. Using this cookie you can send other requests being already authorized.
I found the answer,the payload has to be json_encode()-ed .It was my bad
Here's the URL: https://www.grammarly.com
I'm trying to fetch HTTP headers by using the native get_headers() function:
$headers = get_headers('https://www.grammarly.com')
The result is
HTTP/1.1 400 Bad Request
Date: Fri, 27 Apr 2018 12:32:34 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 52
Connection: close
But, if I do the same with the curl command line tool, the result will be different:
curl -sI https://www.grammarly.com/
HTTP/1.1 200 OK
Date: Fri, 27 Apr 2018 12:54:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 25130
Connection: keep-alive
What is the reason for this difference in responses? Is it some kind of poorly implemented security feature on Grammarly's server-side or something else?
It is because get_headers() uses the default stream context, which basically means that almost no HTTP headers are sent to the URL, which most remote servers will be fussy about. Usually the missing header most likely to cause issues is the User-Agent. You can set it manually before calling get_headers() using stream_context_set_default. Here's an example that works for me:
$headers = get_headers('https://www.grammarly.com');
print_r($headers);
// has [0] => HTTP/1.1 400 Bad Request
stream_context_set_default(
array(
'http' => array(
'user_agent'=>"php/testing"
),
)
);
$headers = get_headers('https://www.grammarly.com');
print_r($headers);
// has [0] => HTTP/1.1 200 OK
Just use php curl function for it:
function getMyHeaders($url)
{
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_USERAGENT => "spider",
CURLOPT_AUTOREFERER => true,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_NOBODY => true
);
$ch = curl_init($url);
curl_setopt_array($ch, $options);
$content = curl_exec($ch);
curl_close($ch);
return $content;
}
print_r(getMyHeaders('https://www.grammarly.com'));
I am building a basic link checker at work using cURL. My application has a function called getHeaders() that returns an array of HTTP headers:
function getHeaders($url) {
if(function_exists('curl_init')) {
// create a new cURL resource
$ch = curl_init();
// set URL and other appropriate options
$options = array(
CURLOPT_URL => $url,
CURLOPT_HEADER => true,
CURLOPT_NOBODY => true,
CURLOPT_FOLLOWLOCATION => 1,
CURLOPT_RETURNTRANSFER => true );
curl_setopt_array($ch, $options);
// grab URL and pass it to the browser
curl_exec($ch);
$headers = curl_getinfo($ch);
// close cURL resource, and free up system resources
curl_close($ch);
} else {
echo "Error: cURL is not installed on the web server. Unable to continue.";
return false;
}
return $headers;
}
print_r(getHeaders('mail.google.com'));
Which yields the following results:
Array
(
[url] => http://mail.google.com
[content_type] => text/html; charset=UTF-8
[http_code] => 404
[header_size] => 338
[request_size] => 55
[filetime] => -1
[ssl_verify_result] => 0
[redirect_count] => 0
[total_time] => 0.128
[namelookup_time] => 0.042
[connect_time] => 0.095
[pretransfer_time] => 0.097
[size_upload] => 0
[size_download] => 0
[speed_download] => 0
[speed_upload] => 0
[download_content_length] => 0
[upload_content_length] => 0
[starttransfer_time] => 0.128
[redirect_time] => 0
)
I've tested it with several long links, and the function acknowledges redirects, all apart from mail.google.com it seems.
For fun, I passed the same URL (mail.google.com) to the W3C link checker, which produced:
Results
Links
Valid links!
List of redirects
The links below are not broken, but the document does not use the exact URL, and the links were redirected. It may be a good idea to link to the final location, for the sake of speed.
warning Line: 1 http://mail.google.com/mail/ redirected to
https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1<mpl=default<mplcache=2
Status: 302 -> 200 OK
This is a temporary redirect. Update the link if you believe it makes sense, or leave it as is.
Anchors
Found 0 anchors.
Checked 1 document in 4.50 seconds.
Which is correct, as the address above is where I am redirected to when I enter mail.google.com into my browser.
What cURL options would I need to use to make my function return 200 for mail.google.com?
Why is it that the function above returns 404 status code as opposed to 302 status code?
TIA
The problem is that the redirect is specified through methods that cURL won't follow.
Here is the response from http://mail.google.com:
HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Mon, 22 Jun 2009 14:58:18 GMT
Date: Mon, 15 Jun 2009 14:58:18 GMT
Refresh: 0;URL=http://mail.google.com/mail/
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Server: GFE/1.3
<html>
<head>
<meta http-equiv="Refresh" content="0;URL=http://mail.google.com/mail/" />
</head>
<body>
<script type="text/javascript" language="javascript">
<!--
location.replace("http://mail.google.com/mail/")
-->
</script>
</body>
</html>
As you can see, the page uses both a Refresh header (and HTML meta equivalent) and javascript in the body to change location to http://mail.google.com/mail/.
If you then request http://mail.google.com/mail/, you will be redirected (with the Location header, which cURL follows) to the page you had previously mentioned W3C correctly identifies.
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Mon, 15 Jun 2009 15:07:56 GMT
Location: https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1<mpl=default<mplcache=2
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Server: GFE/1.3
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Cache-control: no-cache, no-store
Pragma: no-cache
Expires: Mon, 01-Jan-1990 00:00:00 GMT
Set-Cookie: GALX=B8zH60M78Ys;Path=/accounts;Secure
Date: Mon, 15 Jun 2009 15:07:56 GMT
X-Content-Type-Options: nosniff
Content-Length: 19939
Server: GFE/2.0
(HTML page content here, removed)
Perhaps you should add an additional step in your script to check for a Refresh header.
Another possible error is that you have open_basedir set in your PHP configuration, which would disable CURLOPT_FOLLOWLOCATION - you can check this quickly by turning on error reporting, as a message is generated as either a warning or notice.
The results above were all obtained with the following cURL setup:
$useragent="Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_AUTOREFERER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$res = curl_exec($ch);
curl_close($ch);
Could it be that
mail.google.com -> mail.google.com/mail is a 404 and then a hard redirect
and
mail.google.com/mail -> https://www.google.com/accounts... etc is a 302 redirect