I am currently working on a project that involves connecting to the clients FTPS server and downloading a file that they are updating automatically with the data we require. I am wanting to access this server via PHP so I can automate it.
The issue that I have is that FTP_SSL_CONNECT will NOT work due to the client using Implicit TLS security on the server.
Does anyone have any experience of getting this connection working?
Thanks,
T
$username = 'username here';
$password = 'password here';
$get_file = "file to get here";
//set ftps url
$url = "ftps urls here";
$local_prefix = 'local folder prefix here';
$location = "ftps://" . $username . ":" . $password . "#" . $url;
$port = "any port number here";
//********************************************************************//
//initialize cURL and begin
print("Initializing cURl and saving file from scure ftp.");
$curl = curl_init();
//create or open a file for writing
$file = fopen("$local_prefix$get_file", "w");
//set cURL options *note* these must occur in order for implicit ftp to work correctly
curl_setopt($curl, CURLOPT_URL, "$location$get_file");
curl_setopt($curl, CURLOPT_PORT, "$port");
curl_setopt($curl, CURLOPT_USERPWD, "$username:$password");
curl_setopt($curl, CURLOPT_FILE, $file);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($curl, CURLOPT_FTP_SSL, CURLFTPSSL_TRY);
curl_exec($curl) or die("did not save file");
curl_close ($curl);
fclose($file);
You need to add these option to curl call
CURLOPT_FTP_SSL => CURLFTPSSL_ALL, // require SSL For both control and data connections
CURLOPT_FTPSSLAUTH => CURLFTPAUTH_DEFAULT, // let cURL choose the FTP authentication method (either SSL or TLS)
Related
I'm trying to get results from a server which is protected with an PEM cerficate and private key.
I have results, but it is unstable. Most of te time i have response, sometimes an Curl error: NSS: private key from file not found.
The code:
$url = escape($this->url).'/jira/rest/api/2/project';
// Variables
$apiGrantType = 'client_credentials';
$cliendId = $this->username; // Client ID
$clientSecret = $this->password; // Client Secret
$certUserPwd = $cliendId . ":" . $clientSecret; // Client ID:Client Secret
$certFile = PATH_FILES.'certificate/cert.pem'; // Private Cert
$certKey = PATH_FILES.'certificate/key.pem'; // Private Cert
$certPassword = '*****'; // Cert Password
$curl = curl_init();
curl_setopt($curl, CURLOPT_USERPWD, PWSTR);
curl_setopt($curl, CURLOPT_URL, $url);
//curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
//curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_SSLCERT, $certFile);
curl_setopt($curl, CURLOPT_SSLKEY, $certKey);
curl_setopt($curl, CURLOPT_SSLKEYPASSWD, $certKey);
//curl_setopt($curl, CURLOPT_TIMEOUT, 30);
//curl_setopt($curl, CURLOPT_VERBOSE, 1);
if(!$exec = curl_exec($curl))
{
echo 'Curl error: ' . curl_error($curl);
}
dump($exec);
Sometimes it runs perfectly and returns the requested response.
Othertimes it return Curl error: NSS: private key from file not found.
Server where request is calling from is running on CENTOS 7 and PHP 7.2.
How can i make my request stable?
I know this is an old thread, but recently had same issue.
Based on the above code, it looks like the curl definitions are within a class, and that one is used with include/include_once or require/require_once.
In my case seems that using include_once/require_once was the reason, hence
you can replace any include_once/require_once in favour of include/require.
alternatively use something like
if (!class_exists('some_class')) {
include 'some_path/some_class.php';
}
I'm trying do retrieve and download a file (image) from a remote location.
Inside the php.ini the allow_url_fopen is enabled, but i can't download the image.
Code i'm using is described below
$local_file = "test.jpg";
$remote_file = "http://somehost:6346/cgi-bin/CGIProxy.fcgi?cmd=snapPicture2&usr=xxxx&pwd=xxxx";
$ch = curl_init();
$fp = fopen ($local_file, 'w+');
$ch = curl_init($remote_file);
curl_setopt($ch, CURLOPT_TIMEOUT, 50);
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_ENCODING, "");
curl_exec($ch);
curl_close($ch);
fclose($fp);
with any other url that contains a real jpg file, it's working perfectly, i suppose that the issue is that the url use some special characters that doesn't like to curl.
If i try to execute the php snippet above,page load for almost 1 minute,and it seems that no error are displayed,the image test.jpg is created, but it's empty.
Do you have any suggestion?
Thanks!
Try this
$local_file = "test.jpg";
$remote_file = "http://somehost:6346/cgi-bin/CGIProxy.fcgi?cmd=snapPicture2&usr=xxxx&pwd=xxxx";
function getPage($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
function saveToFile($base, $decode=false, $output_file)
{
$ifp = fopen($output_file, "wb");
if ($decode){
fwrite($ifp, base64_decode($base));
}else{
fwrite($ifp, $base);
}
fclose($ifp);
return($output_file);
}
$remote_page = getPage($remote_file);
$saved_file = saveToFile($remote_page , false, $local_file);
when debugging issues like this, set CURLOPT_VERBOSE, it will probably reveal why the page loaded for almost 1 minute, with no apparent output.
i suppose that the issue is that the url use some special characters - this is fully possible, for example your username and password, they're supposed to be urlencoded. urlencoding is binary safe, meaning you can have any special characters you'd like, you just need to encode it properly. use urlencode() or http_build_query() for that, eg
$remote_file = "http://somehost:6346/cgi-bin/CGIProxy.fcgi?" . http_build_query ( array (
'cmd' => 'snapPicture2',
'usr' => 'username',
'pwd' => 'password'
) );
now http_build_query will properly urlencode any special characters in your username and password (for example, if your username is an email address, the # becomes %40).
if that doesn't fix it, what does CURLOPT_VERBOSE say?
also, final note, here you're sending the download request with credentials in a GET request. that's very unusual, the vast majority of websites want you to login with a POST request, and there are good security-related reasons for that, are you sure your website allows sending credentials in GET parameters? the vast majority of websites doesn't allow it... (and the best way to find out, is to record a browser logging in, does the browser use GET parameters, or POST parameters?)
I am brand new to using an API outside of an API wrapper. I can access the API using
curl -u username:password https://company.c
om/api/v1/resources/xxxxxxx
That loads up all the information, but what I need to do is send a DELETE to the url based on an array of filenames; e.g. ['/js/jquery.js']. The name of the parameter is Files.
I already have in code the directory and file name variables.
$storageFilename = $directoryname . "/" . $asset->name;
Above returns the /directoryname/filename from the database.
To send an HTTP(S) DELETE using the cURL library in PHP:
$url = 'https://url_for_your_api';
//this is the data you will send with the DELETE
$fields = array(
'field1' => urlencode('data for field1'),
'field2' => urlencode('data for field2'),
'field3' => urlencode('data for field3')
);
/*ready the data in HTTP request format
*(like the querystring in an HTTP GET, after the '?') */
$fields_string = http_build_query($fields);
//open connection
$ch = curl_init();
/*if you need to do basic authentication use these lines,
*otherwise comment them out (like, if your authenticate to your API
*by sending information in the $fields, above. */
$username = 'your_username';
$password = 'your_password';
curl_setopt($process, CURLOPT_USERPWD, $username . ":" . $password);
/*end authentication*/
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE');
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
/*unless you have installed root CAs you can't verify the remote server's
*certificate. Disable checking if this is suitable for your application*/
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
//perform the HTTP DELETE
$result = curl_exec($ch);
//close connection
curl_close($ch);
/* this answer builds on David Walsh's very good HTTP POST example at:
* http://davidwalsh.name/curl-post
* modified here to make it work for HTTPS and DELETE and Authentication */
Hi I'm doing a website right now. Both of these files is in one server and domain and I'm using cloudflare to boost the loading. I'm using Full SSL option on cloudflare because I bought my own SSL Geotrust on my server. I already upgraded my curl on the server to 7.41.0.
One php file consist of the function
Function File:
<?php
function get_content($session){
$endpoint = "https://sample.ph/php/resource.php";
// Use one of the parameter configurations listed at the top of the post
$params = array(
"yel" => $session
);
$curl = curl_init();
curl_setopt($curl,CURLOPT_URL,$endpoint);
$strCookie = 'PHPSESSID='.$_COOKIE['PHPSESSID'];
curl_setopt($curl, CURLOPT_COOKIE, $strCookie);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_VERBOSE, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
$postData = "";
//This is needed to properly form post the credentials object
foreach($params as $k => $v)
{
$postData .= $k . '='.urlencode($v).'&';
}
$postData = rtrim($postData, '&');
curl_setopt($curl, CURLOPT_POSTFIELDS, $postData);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 60);
curl_setopt($curl, CURLOPT_HEADER, 0); // Don’t return the header, just the html
curl_setopt($curl, CURLOPT_CAINFO,"/home/sample/public_html/php/cacert.pem"); // Set the location of the CA-bundle
session_write_close();
$response = curl_exec($curl);
if ($response === FALSE) {
return "cURL Error: " . curl_error($curl);
}
else{
// evaluate for success response
return $response;
}
curl_close($curl);
}
?>
Resource File
<?php
session_start();
if(isset($_POST['yel'])){
$drcyt_key = dcrypt("{$_POST['yel']}");
if($drcyt_key == $_SESSION['token']){
echo "Success";
}
}
?>
How do you think will I fix this?
The SSL Verification error. Upon debugging sometimes I got cURL Error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sometimes I got cURL Error: SSL peer certificate or SSH remote key was not OK
When I put curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true); to FALSE, which is not a good idea; There comes a second problem for the SESSION COOKIE becoming blank on first load.
I HOPE YOU CAN HELP ME. THANK YOU.
This issue looks to be an outdated certificate bundle or outdated OpenSSL version on the server. You should both ensure you have the latest root certificates on your computer and also ensure that you have the latest versions of OpenSSL (including the PHP OpenSSL module).
I'm using a php client written by a company for accessing their web service.
The client is very comprehensive and includes classes that get populated from XML responses that the web service endpoint generates.
when I run it on a proper web server, it works. But, when I use it locally with wamp it's throwing an error that no data was received.
I've already checked all around StackOverflow, I usually find answers to my questions but this one has drived me crazy!
here is the httpPost function (written as part of the php client they provide):
private function _httpPost(array $parameters)
{
$query = $this->_getParametersAsString($parameters);
$url = parse_url ($this->_config['ServiceURL']);
$scheme = '';
switch ($url['scheme']) {
case 'https':
$scheme = 'https://';
$port = $port === null ? 443 : $port;
break;
default:
$scheme = '';
$port = $port === null ? 80 : $port;
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $scheme . $url['host'] . $url['path']);
curl_setopt($ch, CURLOPT_PORT, $port);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_USERAGENT, $this->_config['UserAgent']);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
if ($_config['ProxyHost'] != null && $_config['ProxyPort'] != -1)
{
curl_setopt($ch, CURLOPT_PROXY, $_config['ProxyHost'] . ':' . $_config['ProxyPort']);
}
$response = "";
$response = curl_exec($ch);
$response = str_replace("HTTP/1.1 100 Continue\r\n\r\n", "", $response);
curl_close($ch);
list($other, $responseBody) = explode("\r\n\r\n", $response, 2);
$other = preg_split("/\r\n|\n|\r/", $other);
list($protocol, $code, $text) = explode(' ', trim(array_shift($other)), 3);
return array ('Status' => (int)$code, 'ResponseBody' => $responseBody);
}
By the way, my curl extension is active and I even made a simple test to fetch google.com with success.
My guess is that it's related to the VERIFYPEER option you have on, usually curl on wamp isn't configured by default to support it (CA certificate bundle), So by default it'll reject all SSL certificates as unverifiable.
try to replace it with (only when testing on your localhost, you want this to be ON when using a server):
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
good luck.
EDIT:
This is taken from curl's "Details on Server SSL Certificates":
If the remote server uses a self-signed certificate, if you don't
install a CA cert bundle, if the server uses a certificate signed by a
CA that isn't included in the bundle you use or if the remote host is
an impostor impersonating your favorite site, and you want to transfer
files from this server, do one of the following:
1) Tell libcurl to not verify the peer. With libcurl you disable this
with curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE); With
the curl command line tool, you disable this with -k/--insecure.
2) Get a CA certificate that can verify the remote server and use the proper option to point out this CA cert for verification when
connecting. For libcurl hackers: curl_easy_setopt(curl,
CURLOPT_CAPATH, capath); With the curl command line tool: --cacert
[file]
Shay, you are right, the issues is because CA cert bundle is not available in Windows distribution of WAMP.
To fix the issue without disabling ssl verification (which is not secure and not recommended for production)
download CA bundle. For example from official crul site: http://curl.haxx.se/ca/cacert.pem save to c:/wamp
open php.ini inside your apache. in my case: c:\wamp\bin\apache\apache2.4.9\bin\php.ini
set curl.cainfo="c:/wamp/cacert.pem"
restart Apache
Done)