时间戳

首页 > 解决方案 > SSL 验证问题

php - SSL 验证问题

问题描述

应昨天有人帮助我的要求,我已将其放入新帖子中。我遇到的问题是一个主机站点使用了 SSL,现在我的代码将不再从站点中提取它需要的数据,所以我要么需要让 SSL 工作(由于某种原因它没有验证),要么禁用SSL 验证。我的原始代码在这里:

<?php

require_once("/home4/ahevent2/public_html/jumi_src/event_logs/admin_functions.php");
require_once("/home4/ahevent2/public_html/jumi_src/event_logs/cURL.php");

if (isset($_POST["username"]) && !empty($_POST["password"]) && !isset($_POST["event_type"]))
{
$username = $_POST["username"];
$password  = $_POST["password"];
  $url = "https://bbs.hitechcreations.com/cms/cmlogs.php";
  $f1 = 'loginid'; // Name of field1(ON THE WEBSITE YOU'RE TRYING TO LOGIN ON!)
  $f2 = 'password'; // Name of field2(ON THE WEBSITE YOU'RE TRYING TO LOGIN ON!)
  $v1 = $username; // Value of field1(FROM THE WEBSITE YOU'RE TRYING TO LOGIN FROM!)
  $v2 = $password; // Value of field2(FROM THE WEBSITE YOU'RE TRYING TO LOGIN FROM!)
  //$find = 'Welcome to your account'; // String to search for in the page you've logged in on
  $postchars = http_build_query( array($f1 => $v1, $f2 => $v2) );

  $stream = stream_context_create( array('http' => array('method' => 'POST', 'header'  => 'Content-Type: application/x-www-form-urlencoded', 'content' =>  htmlspecialchars_decode( $postchars ) ) ) ); // Creates an array of the sourcecode, and inputs the values of the field1 and field2

$fh = file_get_contents($url, false, $stream);  //for troubleshooting.

var_dump($fh);
//REALLY NEEDS A HANDLER FOR WHEN $FH DOESN"T COME BACK FOR SOME REASON.


//printf("Login wasn't completed. No file was retreived. Please check your password at the htc CM login page to verify that it's good. If it is there is a systme issue. Please let Nefarious know.");


 //FOR TROUBLESHOOTING
//  printf("<textarea rows='100' cols='100'>");
//  printf($fh);
//  printf("</textarea>");



//getting the dropdown box returned from THC to select a scenario to upload
        $a = strpos($fh, "<select name"); 
        $b = strpos($fh, "</SELECT>");     
        $c = strlen($fh) - $b;  
        $e = substr($fh, $a, -$c); 




//  printf("<textarea rows='100' cols='100'>");
//  printf($e);
//  printf("</textarea>");

                //THE CM SELECTION FORM
                //------------------------------------------
                printf("<center><p class = 'redtitle'>Aces High Events Headquarters Admin: Upload Logs</p></center>");
                printf("<td>Which log to use? </td>");
                printf("<form method='POST' action='' name='form'>");
                printf($e);
                printf("</SELECT>");
                printf("<hr size='2' width='80%'>");
                                printf("<input type='hidden' name='MAX_FILE_SIZE' value='2000000'>");
                printf("<table cellpadding='3' cellspacing='0' border='0'>");
                printf("<tr>");

一位用户 (maio290) 正在帮助我,并为我提供了以下 cURL 代码:

<?PHP
function POST($url,$data,$headers, $type)
{
    $ch = curl_init ($url);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
    curl_setopt($ch, CURLOPT_VERBOSE, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
    curl_setopt ($ch, CURLOPT_POST, 1);

    if($type === 1)
    {
        curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query($data));
    }
    else
    {
        curl_setopt($ch,CURLOPT_POSTFIELDS, $data);
    }

    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLINFO_HEADER_OUT, true);
    $output = curl_exec ($ch);
    $posturl = curl_getinfo($ch,CURLINFO_EFFECTIVE_URL);
    $httpCode = curl_getinfo($ch,CURLINFO_HTTP_CODE);
    $cURLinfo = curl_getinfo($ch);
    curl_close($ch);
    return array(
        "output" => $output,
        "posturl" => $posturl,
        "httpcode" => $httpCode,
        "diagnostics" => $cURLinfo
    );
}
?>

如果我使用此代码,他为我的脚本的顶部提供了我:

require_once("/home4/ahevent2/public_html/jumi_src/event_logs/admin_functions.php");
require_once("/home4/ahevent2/public_html/jumi_src/event_logs/cURL.php");

if (isset($_POST["username"]) && !empty($_POST["password"]) && !isset($_POST["event_type"]))
{
    $username = $_POST["username"];
    $password  = $_POST["password"];
    $url = "https://bbs.hitechcreations.com/cms/cmlogs.php";  
    $postchars = array(
            "loginid" => $username,
            "password" => $password
        );
    $headers = array("Content-Type:application/x-www-form-urlencoded");
    $postResponse = POST($url,$postchars ,$headers,1);
    $fh = $postResponse['output'];

//getting the dropdown box returned from THC to select a scenario to upload
        $a = strpos($fh, "<select name"); 
        $b = strpos($fh, "</SELECT>");     
        $c = strlen($fh) - $b;  
        $e = substr($fh, $a, -$c);

现在,这段代码生成了这个页面:https ://i.imgur.com/N0JcSJB.png 这是一个进步,因为它允许我需要出现在我的网站上的下拉列表。问题是,代码正在拉动整个主机站点,而不仅仅是我需要的下拉列表(这是主机站点的图像:https ://i.imgur.com/3xrVcMq.png )。一旦用户从下拉列表中选择了某些内容并填写了其余字段并单击上传,原始代码的其余部分将被设置为解析信息并将其上传到我们的 MYSQL 数据库。下拉菜单应该出现在“使用哪个日志?”旁边。(见这张图片:https ://i.imgur.com/dbxvQOP.png )

我的问题是,仅拉该下拉菜单或正确拉该下拉菜单需要进行哪些更改?原代码是这样设置的,但由于SSL验证问题,由于某种原因不会拉取它。我禁用验证没有问题,因为这不是敏感数据,但我为禁用它所做的每一次尝试都没有奏效。

标签: php

解决方案

将以下选项添加到 POST 方法

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST , 2);

推荐阅读