We Keep Coding

cURL works in CLI but not on HTTP: Could not resolve host

I'm having an issue with cURL where any request returns Could not resolve host: example.com; Name or service not known when the script is accessed from a browser.
However if I run the very same script from the cli I get the expected response.
Here is a snippit of the script I was using to test:
$curl = curl_init('http://example.com');
$options = [
CURLOPT_RETURNTRANSFER => true, // return web page
CURLOPT_HEADER => false, // don't return headers
CURLOPT_FOLLOWLOCATION => true, // follow redirects
CURLOPT_MAXREDIRS => 10, // stop after 10 redirects
CURLOPT_AUTOREFERER => true, // set referrer on redirect
CURLOPT_CONNECTTIMEOUT => 120, // time-out on connect
CURLOPT_TIMEOUT => 120, // time-out on response
CURLOPT_HTTPHEADER => array('Content-type: text/plain', 'Accept: */*')
];
curl_setopt_array($curl, $options);
try {
$output = curl_exec($curl);
} catch (Exception $e)
{
print_r($e);
}
if($output === false){
echo curl_error($curl); //returns "Could not resolve host: example.com; Name or service not known" when accessed from browser
}
else {
print_r($output); //returns expected response when called from cli
}
curl_close($curl);
This problem started somewhat recently, and is hosted on a managed VM. I contacted support for the host, but they did not have much insight. Can anyone point me in the right direction for this?

We had this issue recently on one of our live CentOS boxes on a VM stack.
In our case the issue was caused by a recent OS update to the OpenSSL and glibc shared libraries used by cURL. Restarting the Apache/nginx/PHP-FPM services resolved the issue for us.

PHP - Google Recaptcha - file_get_contents(): SSL operation failed with code 1

I am using the Google ReCaptcha library in my PHP application. It has been working reliably for quite a while now. However, today, I started receiving errors related to the library.
*[05-Apr-2018 09:19:03 America/Chicago] Severity: 2,Message: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed,File: E:\inetpub\wwwroot\vendor\google\recaptcha\src\ReCaptcha\RequestMethod\Post.php,Line: 68
[05-Apr-2018 09:19:04 America/Chicago] Severity: 2,Message: file_get_contents(): Failed to enable crypto,File: E:\inetpub\wwwroot\vendor\google\recaptcha\src\ReCaptcha\RequestMethod\Post.php,Line: 68
[05-Apr-2018 09:19:04 America/Chicago] Severity: 2,Message: file_get_contents(https://www.google.com/recaptcha/api/siteverify): failed to open stream: operation failed,File: E:\inetpub\wwwroot\vendor\google\recaptcha\src\ReCaptcha\RequestMethod\Post.php,Line: 68*
I did not make any changes to my application. The issue just started suddenly and (from my perspective) without logical explanation.
For reference, here is the Post.php from Google's library (not authored by me).
public function submit(RequestParameters $params)
{
/**
* PHP 5.6.0 changed the way you specify the peer name for SSL context options.
* Using "CN_name" will still work, but it will raise deprecated errors.
*/
$peer_key = version_compare(PHP_VERSION, '5.6.0', '<') ? 'CN_name' : 'peer_name';
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => $params->toQueryString(),
// Force the peer to validate (not needed in 5.6.0+, but still works)
'verify_peer' => true,
// Force the peer validation to use www.google.com
$peer_key => 'www.google.com',
),
);
$context = stream_context_create($options);
return file_get_contents(self::SITE_VERIFY_URL, false, $context);
}
The last line is "68". I am using PHP 7.1. with OpenSSL 1.0.2k 26 Jan 2017. I am calling the library as follows:
// validate ReCaptcha
$response = null;
$reCaptcha = new \ReCaptcha\ReCaptcha(RECAPTCHA_SECRET);
if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verify(
$_POST["g-recaptcha-response"], $_SERVER["REMOTE_ADDR"]
);
}
Any advice would be greatly appreciated. The application is hosted on IIS and Windows Server.

Mikail G.'s answer is nearly correct, you do need to access it over CURL. I think something has been changed to actually prevent your current (and mine) from working as I have seen several posts about it all from recent days.
Use this instead:
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => 'https://www.google.com/recaptcha/api/siteverify',
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => [
'secret' => $secretKey,
'response' => $captcha,
'remoteip' => $_SERVER['REMOTE_ADDR']
],
CURLOPT_RETURNTRANSFER => true
]);
$output = curl_exec($ch);
curl_close($ch);
$json = json_decode($output);

<?php
if(isset($_POST['submit']))
{
$stream_opts = [
"ssl" => [
"verify_peer"=>false,
"verify_peer_name"=>false,
]
];
$secret = '6Le__FoUAAXXXXXXXXXXXXXXoQtXhJfdZi92ZPHaAj';
$gRecaptchaResponse = $_POST['g-recaptcha-response'];
$remoteIp = $_SERVER['REMOTE_ADDR'];
$url="https://www.google.com/recaptcha/api/siteverify?secret=$secret&response=$gRecaptchaResponse&remoteip=$remoteIp";
$response=file_get_contents($url,false, stream_context_create($stream_opts));
$result = json_decode($response);
if ($result->success)
{
header("location: index.php");
}
else
echo 'Captcha verification failed.
}
?>
No need to include the autoload.php file. Just include the file below just before closing tag
<script src='https://www.google.com/recaptcha/api.js'></script> and before the submit button add the following code <div class="g-recaptcha" data-sitekey="6Le__FoUAAXXXXXXXXXXXXXXoQtXhJfdZi92ZPHaAj"></div>
Copy and paste all the folders of recaptcha v2 in home directory of your site. This will 100% work in localhost without ssl. Thanks

In order to fix the issue you need to call the google api with "http" , or use a diffrent way to make request such as curl , here the function to do so :
function file_get_contents_curl($url, $data (array)) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
json_encode($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec ($ch);
curl_close ($ch);
return $server_output;
}

Why don't you try Step by Step guide to integrate reCpatcha

PHP stream_socket_client(): unable to connect to https

I've just noticed the new vulnerability discovered in Wordpress and I'm trying to fix it with the following code (but with any success
<?php
$url = 'https://mywebip/wp-login.php?action=lostpassword';
$data = 'user_login=admin&redirect_to=&wp-submit=Get+New+Password';
// use key 'http' even if you send the request to https://...
$options = array(
'http' => array(
'header' => "Host: mailserver\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: ". strlen($data) ."\r\n",
'method' => 'POST',
'content' => $data,
'ssl'=>array('verify_peer'=>true, 'capath'=>'/etc/ssl/certs')
)
);
$context = stream_context_create($options);
//$result = file_get_contents($url, false, $context);
$fp = stream_socket_client($url, $errno, $errstr, 30);
//stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_SSLv23_CLIENT);
$fp = fopen($url, 'r', false, $context);
if ($fp === FALSE) { /* Handle error */ }
var_dump($result);
?>
The error log I got is just like this:
PHP Warning: stream_socket_client(): unable to connect to https://mywebip/wp-login.php?action=lostpassword (Unable to find the socket transport "https" - did you forget to enable it when you configured PHP?) in /home/jorge/Escritorio/joomla.php on line 18
PHP Warning: fopen(): Peer certificate CN=`website` did not match expected CN=`mywebip' in /home/jorge/Escritorio/joomla.php on line 21
PHP Warning: fopen(): Failed to enable crypto in /home/jorge/Escritorio/joomla.php on line 21
PHP Warning: fopen(https://mywebip/wp-login.php?action=lostpassword): failed to open stream: operation failed in /home/jorge/Escritorio/joomla.php on line 21
Where mywebip represents the actual ip that hosts my website and website and mailserver the DNS directions of the services.
Thank you.

Via socket you do not specify a protocol.
http://php.net/stream_socket_client
First parameter:
remote_socket
Address to the socket to connect to.
Adress is only mywebip.
You should use CURL instead.
See http://php.net/manual/en/curl.examples.php
The other problem (with fopen(), which can handle streams with protocols!) is a malformed/wrong certificate issued by your webserver.
Use this service to debug problems with your webservers certificate:
https://www.ssllabs.com/ssltest/

Can't send sms using twilio error occured

I tried to send sms using php with the help of twilio API. But I have occeured fallowing errors when running code.
my code
{require ('./twilio/Services/Twilio.php'); // Loads the library
$accountSid = 'AC****************************';
$authToken = 'ec****************************';
$client = new Services_Twilio($accountSid, $authToken);
$sms = $client->account->sms_messages->create("number", "number", "Jenny please?! I love you <3");
errors
Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in C:\wamp\www\Pizza4U\twilio\Services\Twilio\HttpStream.php on line 62
Warning: file_get_contents(): Failed to enable crypto in C:\wamp\www\Pizza4U\twilio\Services\Twilio\HttpStream.php on line 62
Is there a way to fix this. Thank you

To avoid SSL certificate issues on wampserver localhost whilst testing, make sure that you insert the following line of code:
CURLOPT_SSL_VERIFYPEER => false,
in
twilio/sdk/Twilio/Http/CurlClient.php (from line 113 onwards)
public function options($method, $url, $params = array(), $data = array(),
$headers = array(), $user = null, $password = null,
$timeout = null) {
$timeout = is_null($timeout)
? self::DEFAULT_TIMEOUT
: $timeout;
$options = $this->curlOptions + array(
CURLOPT_URL => $url,
CURLOPT_HEADER => true,
CURLOPT_RETURNTRANSFER => true,
//added here during localhost wampserver testing to avoid SSL issues
//CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_INFILESIZE => Null,
CURLOPT_HTTPHEADER => array(),
CURLOPT_TIMEOUT => $timeout,
);
Remove the line once you are in production mode. The server that you are hosted on will I'm sure have the correct bundle of trusted certificates. At least with this setting set to false, your twilio application on localhost will not be checking your localhost for SSL certificates. This avoids having to download the correct certificates and bypasses the issues completely. See pflammer's comment at https://github.com/twilio/twilio-php/issues/203.

How to use REST services hosted on Apache 2.2 via cURL to send SSL requests?

What is the procedure for sending secure data (login id, password) over https to an Apache 2.2 server with self-signed certificates?
<?php
$uid=$_POST['user'];
$password=$_POST['pass'];
$url = "https://example.com/login";
$cert_file = './certificate.com.pem';
$cert_password = 'xxxxxx';
$ch = curl_init();
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_POSTFIELDS => 'uid:'.$uid.'&password:'.$password,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_VERBOSE => true,
CURLOPT_URL => $url ,
CURLOPT_SSLCERT => $cert_file ,
CURLOPT_SSLCERTPASSWD => $cert_password ,
CURLOPT_POST => true
);
curl_setopt_array($ch , $options);
$output = curl_exec($ch);
if(!$output)
{
echo "Curl Error : " . curl_error($ch);
}
else
{
echo htmlentities($output);
}
?>
the ERROR we are getting is :
curl error:unable to use client certificate (no key found or wrong passphrase ?)

You'd need to think about it this way:
Your local server asks the remote server to validate the login info. — You would need to make an exception for the self-signed certificate and remember it. (It would be a really a bad habit to simply ignore certificate errors.)
Your local server then checks if the data the remote one sent back isn't an error message and is indeed valid JSON data.
Here's some info on how to make curl remember the self-signed certificate and trust it permanently: http://turboflash.wordpress.com/2009/06/23/curl-adding-installing-trusting-new-self-signed-certificate/ — It should work for the command-line utility just as well as the PHP module.
So, let's make a little function for it. — I'm not going to test its functionality, so I can't promise to have it perfectly error free. I'm also using some practices I wouldn't use in production code, don't account for an API key, use GET parameters and I also make the remote server responsible for any serious sort of error checking and sanitation.
<?php
function remote_login($username, $password) {
/*
Initialize the curl object
*/
$login = curl_init();
/*
Some sanitation. This is probably not enough though.
*/
$username = urlencode($username);
$password = urlencode($password);
/*
Set the url we're going to use.
REST services use clean urls, but here we simply use GET parapeters.
*/
$login_url = 'https://example.com/?username='+$username+'&password='+$password;
curl_setopt($login, CURLOPT_URL, $login_url);
/*
Tell curl we would like to use the data returned from the remote server
*/
curl_setopt($login, CURLOPT_RETURNTRANSFER, true);
/*
Set the returned data as a variable
*/
$login_data = curl_exec($login);
$login_json = json_decode($login_data);
/*
We're not going to do anything else if we encounter any sort of error.
*/
if (($login_data == false) || ($login_json == false)) {
return false;
}
/*
Return the login result as a JSON object
*/
return json_decode($login_data);
}
?>
Hope this helps.