Connect to secure server.

Kold

Hi.

I need to POST data to a secure ([url]https://[/url]) server from another webserver.

So far I know that [url]https://[/url] defaults to port 443. I have this code:

<?PHP

// Prepare header
$header  = "POST http_s://www_.google.com/adsense HTTP/1.0\r\n";
$header .= "Host: www_.google.com\r\n";
$header .= "Content-Length: 0\r\n";
$header .= "\r\n";


//Post back to PayPal validate
$fp = fsockopen ("www.google.com", 443, $errno, $errstr, 5);

echo "Connection Result: $errno, $errstr<p>";


if (!$fp) {
  // HTTP ERROR
  echo "Error: $errno, $errstr";

} else {
  fputs ($fp, $header);

  $res = "";
  while (!feof($fp)) {
    $res .= fgets ($fp, 1024);
  }

}



echo $res;


?>

When I change the port to 80, it connects, but it sends back data saying that the page has been moved (to https://www.google.com/adsense).

I looked at what a 'normal' browser does in a packet sniffer, but I didnt get a lot out of it. I assume the browser takes part in securing the data, i.e. encryption?

All I need to do is send a single variable to a server, and read the responce.

Please advise.
Thank you!
K.

[EDIT]
Ignore the underscores in the header section, that just stops HTML link code being displayed.

MarkR

What you need to do, is use fopen(), but create a context object for the stream first.

This is the proper PHP 4+ way of opening URLs. Don't use sockets, don't use curl (although that would work), instead use the fopen wrappers to open a https stream:

// $urlencoded = some URL encoded POST data;

$context_options = array(
                        'http'=>array(
                        'method'=>"POST",
                        'header'=>"Accept-language: en\r\n" .
                                "Content-length: " . strlen($urlencoded) . "\r\n" .
                                "Content-type:application/x-www-form-urlencoded\r\n"
,
                        'content'=> $urlencoded)
                );
                // Make sure the HTTPS options are the same as HTTP
                $context_options['https'] = $context_options['http'];
                $context = stream_context_create($context_options);
      $fp = fopen($url, 'r', false, $context);
 // Then read the stream $fp normally using fread etc.

Kold

Thanks.

It took a long time, but I got there eventually.

Before I call you an absolute genious, would you mind helping me out with the next problem:

I decided to upgrade PHP as i couldnt get your code to work. The upgrade failed miserably, I couldnt be bothered to sort the mess, so i installed Linux and started fresh. (First time I have ever used it, lol).

After a few minutes of tinkering the code (basically changing back the past 3 hours trial & error!) it ran like a dream.

The PHP version i have at the moment is 4.3.9, and the version on my webserver is 4.3.10. The script doesnt work on my webserver (fopen produces: failed to open stream: Invalid argument in). I looked at the phpinfo(); for each, and the biggest difference is that my Linux'ed PHP has all of the extensions enabled, and everything compiled with it, but the thing that stood out was the https is in the 'Registered Streams' section.

How can a registered stream be created? I am guessing I just need to add the https stream and all will be fine?? Luckily my webhost can make changes to PHP. They would rather not go to PHP5 though if they can help it 😉

Thank you for your help!!
K.

drew010

if you want to be able to have ssl as a registered protocol php needs to be compiled with ssl support. you can see exact instructions and documentation here

Kold

Thanks.

I have openSSL on my windows test server, which I have just got working again. The webserver the script will run on is Windows too.

I installed OpenSSL & enabled the extension. Does this means compiling "--with-openssl" applies to windows too? I wasnt aware of that 🙁

My phpinfo() shows OpenSSL support enabled, but the extra https is not shown. What other effects will compiling have? Also, what files will it effect? I.E. if i get it compiled, will it be as simple as copying across the new exe?

Thanks for your time.