I tried to send sms using php with the help of twilio API. But I have occeured fallowing errors when running code.
my code
{require ('./twilio/Services/Twilio.php'); // Loads the library
$accountSid = 'AC****************************';
$authToken = 'ec****************************';
$client = new Services_Twilio($accountSid, $authToken);
$sms = $client->account->sms_messages->create("number", "number", "Jenny please?! I love you <3");
errors
Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in C:\wamp\www\Pizza4U\twilio\Services\Twilio\HttpStream.php on line 62
Warning: file_get_contents(): Failed to enable crypto in C:\wamp\www\Pizza4U\twilio\Services\Twilio\HttpStream.php on line 62
Is there a way to fix this. Thank you
To avoid SSL certificate issues on wampserver localhost whilst testing, make sure that you insert the following line of code:
CURLOPT_SSL_VERIFYPEER => false,
in
twilio/sdk/Twilio/Http/CurlClient.php (from line 113 onwards)
public function options($method, $url, $params = array(), $data = array(),
$headers = array(), $user = null, $password = null,
$timeout = null) {
$timeout = is_null($timeout)
? self::DEFAULT_TIMEOUT
: $timeout;
$options = $this->curlOptions + array(
CURLOPT_URL => $url,
CURLOPT_HEADER => true,
CURLOPT_RETURNTRANSFER => true,
//added here during localhost wampserver testing to avoid SSL issues
//CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_INFILESIZE => Null,
CURLOPT_HTTPHEADER => array(),
CURLOPT_TIMEOUT => $timeout,
);
Remove the line once you are in production mode. The server that you are hosted on will I'm sure have the correct bundle of trusted certificates. At least with this setting set to false, your twilio application on localhost will not be checking your localhost for SSL certificates. This avoids having to download the correct certificates and bypasses the issues completely. See pflammer's comment at https://github.com/twilio/twilio-php/issues/203.
Related
I have the following PHP code to send Apple Push Notifications to my app:
<?php
$body = '{"aps":{"alert":{"title":"test title","subtitle":"","body":"test body"},"badge":0,"sound":"default","additional_data":"test additional_data"}}';
$context = stream_context_create();
stream_context_set_option($context, "ssl", "local_cert", "certificate.pem");
stream_context_set_option($context, "ssl", "passphrase", "HERE_COMES_THE_PASSWORD_OF_THE_certificate.pem_FILE");
$socket = stream_socket_client("ssl://gateway.sandbox.push.apple.com:2195", $error, $errstr, 30, STREAM_CLIENT_CONNECT|STREAM_CLIENT_PERSISTENT, $context);
$msg = chr(0) . chr(0) . chr(32) . pack("H*", "HERE_COMES_MY_APPLE_PUSH_TOKEN") . pack("n", strlen($body)) . $body;
$result = fwrite($socket, $msg, strlen($msg));
fclose($socket);
?>
This code is stored on my server together with the certificate file called certificate.pem.
I'm using this code unchanged since month without any problems. Today, I noticed, that I'm not getting push notifications any more.
The PHP error log shows the following:
[23-Mar-2022 11:39:45 UTC] PHP Warning: stream_socket_client(): unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Connection timed out) in /home2/kd37875/public_html/test/index.php on line 7
[23-Mar-2022 11:39:45 UTC] PHP Warning: fwrite() expects parameter 1 to be resource, bool given in /home2/kd37875/public_html/test/index.php on line 9
[23-Mar-2022 11:39:45 UTC] PHP Warning: fclose() expects parameter 1 to be resource, bool given in /home2/kd37875/public_html/test/index.php on line 10
First, I thought, there's something wrong with the certificate file. Then, I found this: https://www.pushtry.com website. If I insert the Device Token, upload the certificate.pem file, insert the Bundle ID and a message, I'm successfully receiving a push message in my app. (There's a field for password on the website but it's also working if I don't insert it. No idea, why.) So this says me, that the certificate.pem must be okay.
Do you have any idea what I'm doing wrong? Why doesn't it work any more? Did Apple change something?
I finally solved my problem. Apple made a change to this about a year ago. No idea why it affected me only today.
This is the working code:
<?php
function sendHTTP2Push($http2_server, $apple_cert, $app_bundle_id, $message, $token) {
if(!defined('CURL_HTTP_VERSION_2_0')) {
define('CURL_HTTP_VERSION_2_0', 3);
}
$http2ch = curl_init();
curl_setopt($http2ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
curl_setopt_array($http2ch, array(
CURLOPT_URL => "{$http2_server}/3/device/{$token}",
CURLOPT_PORT => 443,
CURLOPT_HTTPHEADER => array("apns-topic: {$app_bundle_id}"),
CURLOPT_POST => TRUE,
CURLOPT_POSTFIELDS => $message,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_TIMEOUT => 30,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSLCERT => realpath($apple_cert),
CURLOPT_HEADER => 1
));
$result = curl_exec($http2ch);
if($result === FALSE) {
throw new Exception('Curl failed with error: ' . curl_error($http2ch));
}
$status = curl_getinfo($http2ch, CURLINFO_HTTP_CODE);
return $status;
curl_close($http2ch);
}
$status = sendHTTP2Push('https://api.development.push.apple.com', 'certificate.pem', 'HERE_COMES_THE_APPS_BUNDLE_ID', '{"aps":{"alert":{"title":"test title","subtitle":"","body":"test body"},"badge":0,"sound":"default","additional_data":"test additional_data"}}', 'HERE_COMES_MY_APPLE_PUSH_TOKEN');
echo "Response code: ".$status;
?>
Source: https://gist.github.com/valfer/18e1052bd4b160fed86e6cbb426bb9fc
I am using the Google ReCaptcha library in my PHP application. It has been working reliably for quite a while now. However, today, I started receiving errors related to the library.
*[05-Apr-2018 09:19:03 America/Chicago] Severity: 2,Message: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed,File: E:\inetpub\wwwroot\vendor\google\recaptcha\src\ReCaptcha\RequestMethod\Post.php,Line: 68
[05-Apr-2018 09:19:04 America/Chicago] Severity: 2,Message: file_get_contents(): Failed to enable crypto,File: E:\inetpub\wwwroot\vendor\google\recaptcha\src\ReCaptcha\RequestMethod\Post.php,Line: 68
[05-Apr-2018 09:19:04 America/Chicago] Severity: 2,Message: file_get_contents(https://www.google.com/recaptcha/api/siteverify): failed to open stream: operation failed,File: E:\inetpub\wwwroot\vendor\google\recaptcha\src\ReCaptcha\RequestMethod\Post.php,Line: 68*
I did not make any changes to my application. The issue just started suddenly and (from my perspective) without logical explanation.
For reference, here is the Post.php from Google's library (not authored by me).
public function submit(RequestParameters $params)
{
/**
* PHP 5.6.0 changed the way you specify the peer name for SSL context options.
* Using "CN_name" will still work, but it will raise deprecated errors.
*/
$peer_key = version_compare(PHP_VERSION, '5.6.0', '<') ? 'CN_name' : 'peer_name';
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => $params->toQueryString(),
// Force the peer to validate (not needed in 5.6.0+, but still works)
'verify_peer' => true,
// Force the peer validation to use www.google.com
$peer_key => 'www.google.com',
),
);
$context = stream_context_create($options);
return file_get_contents(self::SITE_VERIFY_URL, false, $context);
}
The last line is "68". I am using PHP 7.1. with OpenSSL 1.0.2k 26 Jan 2017. I am calling the library as follows:
// validate ReCaptcha
$response = null;
$reCaptcha = new \ReCaptcha\ReCaptcha(RECAPTCHA_SECRET);
if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verify(
$_POST["g-recaptcha-response"], $_SERVER["REMOTE_ADDR"]
);
}
Any advice would be greatly appreciated. The application is hosted on IIS and Windows Server.
Mikail G.'s answer is nearly correct, you do need to access it over CURL. I think something has been changed to actually prevent your current (and mine) from working as I have seen several posts about it all from recent days.
Use this instead:
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => 'https://www.google.com/recaptcha/api/siteverify',
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => [
'secret' => $secretKey,
'response' => $captcha,
'remoteip' => $_SERVER['REMOTE_ADDR']
],
CURLOPT_RETURNTRANSFER => true
]);
$output = curl_exec($ch);
curl_close($ch);
$json = json_decode($output);
<?php
if(isset($_POST['submit']))
{
$stream_opts = [
"ssl" => [
"verify_peer"=>false,
"verify_peer_name"=>false,
]
];
$secret = '6Le__FoUAAXXXXXXXXXXXXXXoQtXhJfdZi92ZPHaAj';
$gRecaptchaResponse = $_POST['g-recaptcha-response'];
$remoteIp = $_SERVER['REMOTE_ADDR'];
$url="https://www.google.com/recaptcha/api/siteverify?secret=$secret&response=$gRecaptchaResponse&remoteip=$remoteIp";
$response=file_get_contents($url,false, stream_context_create($stream_opts));
$result = json_decode($response);
if ($result->success)
{
header("location: index.php");
}
else
echo 'Captcha verification failed.
}
?>
No need to include the autoload.php file. Just include the file below just before closing tag
<script src='https://www.google.com/recaptcha/api.js'></script> and before the submit button add the following code <div class="g-recaptcha" data-sitekey="6Le__FoUAAXXXXXXXXXXXXXXoQtXhJfdZi92ZPHaAj"></div>
Copy and paste all the folders of recaptcha v2 in home directory of your site. This will 100% work in localhost without ssl. Thanks
In order to fix the issue you need to call the google api with "http" , or use a diffrent way to make request such as curl , here the function to do so :
function file_get_contents_curl($url, $data (array)) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
json_encode($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec ($ch);
curl_close ($ch);
return $server_output;
}
Why don't you try Step by Step guide to integrate reCpatcha
I've just noticed the new vulnerability discovered in Wordpress and I'm trying to fix it with the following code (but with any success
<?php
$url = 'https://mywebip/wp-login.php?action=lostpassword';
$data = 'user_login=admin&redirect_to=&wp-submit=Get+New+Password';
// use key 'http' even if you send the request to https://...
$options = array(
'http' => array(
'header' => "Host: mailserver\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: ". strlen($data) ."\r\n",
'method' => 'POST',
'content' => $data,
'ssl'=>array('verify_peer'=>true, 'capath'=>'/etc/ssl/certs')
)
);
$context = stream_context_create($options);
//$result = file_get_contents($url, false, $context);
$fp = stream_socket_client($url, $errno, $errstr, 30);
//stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_SSLv23_CLIENT);
$fp = fopen($url, 'r', false, $context);
if ($fp === FALSE) { /* Handle error */ }
var_dump($result);
?>
The error log I got is just like this:
PHP Warning: stream_socket_client(): unable to connect to https://mywebip/wp-login.php?action=lostpassword (Unable to find the socket transport "https" - did you forget to enable it when you configured PHP?) in /home/jorge/Escritorio/joomla.php on line 18
PHP Warning: fopen(): Peer certificate CN=`website` did not match expected CN=`mywebip' in /home/jorge/Escritorio/joomla.php on line 21
PHP Warning: fopen(): Failed to enable crypto in /home/jorge/Escritorio/joomla.php on line 21
PHP Warning: fopen(https://mywebip/wp-login.php?action=lostpassword): failed to open stream: operation failed in /home/jorge/Escritorio/joomla.php on line 21
Where mywebip represents the actual ip that hosts my website and website and mailserver the DNS directions of the services.
Thank you.
Via socket you do not specify a protocol.
http://php.net/stream_socket_client
First parameter:
remote_socket
Address to the socket to connect to.
Adress is only mywebip.
You should use CURL instead.
See http://php.net/manual/en/curl.examples.php
The other problem (with fopen(), which can handle streams with protocols!) is a malformed/wrong certificate issued by your webserver.
Use this service to debug problems with your webservers certificate:
https://www.ssllabs.com/ssltest/
What is the procedure for sending secure data (login id, password) over https to an Apache 2.2 server with self-signed certificates?
<?php
$uid=$_POST['user'];
$password=$_POST['pass'];
$url = "https://example.com/login";
$cert_file = './certificate.com.pem';
$cert_password = 'xxxxxx';
$ch = curl_init();
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_POSTFIELDS => 'uid:'.$uid.'&password:'.$password,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_VERBOSE => true,
CURLOPT_URL => $url ,
CURLOPT_SSLCERT => $cert_file ,
CURLOPT_SSLCERTPASSWD => $cert_password ,
CURLOPT_POST => true
);
curl_setopt_array($ch , $options);
$output = curl_exec($ch);
if(!$output)
{
echo "Curl Error : " . curl_error($ch);
}
else
{
echo htmlentities($output);
}
?>
the ERROR we are getting is :
curl error:unable to use client certificate (no key found or wrong passphrase ?)
You'd need to think about it this way:
Your local server asks the remote server to validate the login info. — You would need to make an exception for the self-signed certificate and remember it. (It would be a really a bad habit to simply ignore certificate errors.)
Your local server then checks if the data the remote one sent back isn't an error message and is indeed valid JSON data.
Here's some info on how to make curl remember the self-signed certificate and trust it permanently: http://turboflash.wordpress.com/2009/06/23/curl-adding-installing-trusting-new-self-signed-certificate/ — It should work for the command-line utility just as well as the PHP module.
So, let's make a little function for it. — I'm not going to test its functionality, so I can't promise to have it perfectly error free. I'm also using some practices I wouldn't use in production code, don't account for an API key, use GET parameters and I also make the remote server responsible for any serious sort of error checking and sanitation.
<?php
function remote_login($username, $password) {
/*
Initialize the curl object
*/
$login = curl_init();
/*
Some sanitation. This is probably not enough though.
*/
$username = urlencode($username);
$password = urlencode($password);
/*
Set the url we're going to use.
REST services use clean urls, but here we simply use GET parapeters.
*/
$login_url = 'https://example.com/?username='+$username+'&password='+$password;
curl_setopt($login, CURLOPT_URL, $login_url);
/*
Tell curl we would like to use the data returned from the remote server
*/
curl_setopt($login, CURLOPT_RETURNTRANSFER, true);
/*
Set the returned data as a variable
*/
$login_data = curl_exec($login);
$login_json = json_decode($login_data);
/*
We're not going to do anything else if we encounter any sort of error.
*/
if (($login_data == false) || ($login_json == false)) {
return false;
}
/*
Return the login result as a JSON object
*/
return json_decode($login_data);
}
?>
Hope this helps.
I am developing an open id app for facebook.
I am getting this error:
Fatal error: Uncaught CurlException: 60: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed thrown in C:\wamp\www\x\modules\openid\facebook.php on line 614
Around there is this code:
if (isset($opts[CURLOPT_HTTPHEADER])) {
$existing_headers = $opts[CURLOPT_HTTPHEADER];
$existing_headers[] = 'Expect:';
$opts[CURLOPT_HTTPHEADER] = $existing_headers;
} else {
$opts[CURLOPT_HTTPHEADER] = array('Expect:');
}
curl_setopt_array($ch, $opts);
$result = curl_exec($ch);
if ($result === false) {
$e = new FacebookApiException(array(
'error_code' => curl_errno($ch),
'error' => array(
'message' => curl_error($ch),
'type' => 'CurlException',
),
));
curl_close($ch);
throw $e;
}
curl_close($ch);
return $result;
}
The actual line 614 is:
$e = new FacebookApiException(array(
I' m running windows 7 and WAMP with php 5.2.11
For whatever reason it wants you to verify the SSL Cert. You can make curl continue working with: (From curl )
CURLOPT_SSL_VERIFYHOST FALSE
to stop cURL from verifying the peer's certificate. Alternate certificates to verify against can be specified with the CURLOPT_CAINFO option or a certificate directory can be specified with the CURLOPT_CAPATH option. CURLOPT_SSL_VERIFYHOST may also need to be TRUE or FALSE if CURLOPT_SSL_VERIFYPEER is disabled (it defaults to 2). TRUE by default as of cURL 7.10. Default bundle installed as of cURL 7.10.
You may also need to check into that as well as the CURLOPT_SSL_VERIFYHOST setting.
You should also look over this link: http://forum.developers.facebook.net/viewtopic.php?pid=258460