SSL验证问题

时间:2018-09-21 16:14:41

标签: php

根据昨天帮助我的某人的要求,我将其放在新帖子中。我遇到的问题是,主机站点已使用SSL,现在我的代码将不再从站点中提取所需的数据,因此我需要使SSL正常工作(出于某种原因无法对其进行验证)或禁用SSL验证。我的原始代码在这里:

<?php

require_once("/home4/ahevent2/public_html/jumi_src/event_logs/admin_functions.php");
require_once("/home4/ahevent2/public_html/jumi_src/event_logs/cURL.php");

if (isset($_POST["username"]) && !empty($_POST["password"]) && !isset($_POST["event_type"]))
{
$username = $_POST["username"];
$password  = $_POST["password"];
  $url = "https://bbs.hitechcreations.com/cms/cmlogs.php";
  $f1 = 'loginid'; // Name of field1(ON THE WEBSITE YOU'RE TRYING TO LOGIN ON!)
  $f2 = 'password'; // Name of field2(ON THE WEBSITE YOU'RE TRYING TO LOGIN ON!)
  $v1 = $username; // Value of field1(FROM THE WEBSITE YOU'RE TRYING TO LOGIN FROM!)
  $v2 = $password; // Value of field2(FROM THE WEBSITE YOU'RE TRYING TO LOGIN FROM!)
  //$find = 'Welcome to your account'; // String to search for in the page you've logged in on
  $postchars = http_build_query( array($f1 => $v1, $f2 => $v2) );

  $stream = stream_context_create( array('http' => array('method' => 'POST', 'header'  => 'Content-Type: application/x-www-form-urlencoded', 'content' =>  htmlspecialchars_decode( $postchars ) ) ) ); // Creates an array of the sourcecode, and inputs the values of the field1 and field2

$fh = file_get_contents($url, false, $stream);  //for troubleshooting.

var_dump($fh);
//REALLY NEEDS A HANDLER FOR WHEN $FH DOESN"T COME BACK FOR SOME REASON.


//printf("Login wasn't completed. No file was retreived. Please check your password at the htc CM login page to verify that it's good. If it is there is a systme issue. Please let Nefarious know.");


 //FOR TROUBLESHOOTING
//  printf("<textarea rows='100' cols='100'>");
//  printf($fh);
//  printf("</textarea>");



//getting the dropdown box returned from THC to select a scenario to upload
        $a = strpos($fh, "<select name"); 
        $b = strpos($fh, "</SELECT>");     
        $c = strlen($fh) - $b;  
        $e = substr($fh, $a, -$c); 




//  printf("<textarea rows='100' cols='100'>");
//  printf($e);
//  printf("</textarea>");

                //THE CM SELECTION FORM
                //------------------------------------------
                printf("<center><p class = 'redtitle'>Aces High Events Headquarters Admin: Upload Logs</p></center>");
                printf("<td>Which log to use? </td>");
                printf("<form method='POST' action='' name='form'>");
                printf($e);
                printf("</SELECT>");
                printf("<hr size='2' width='80%'>");
                                printf("<input type='hidden' name='MAX_FILE_SIZE' value='2000000'>");
                printf("<table cellpadding='3' cellspacing='0' border='0'>");
                printf("<tr>");

一个用户(maio290)正在帮助我,并向我提供了以下cURL代码:

<?PHP
function POST($url,$data,$headers, $type)
{
    $ch = curl_init ($url);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
    curl_setopt($ch, CURLOPT_VERBOSE, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
    curl_setopt ($ch, CURLOPT_POST, 1);

    if($type === 1)
    {
        curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query($data));
    }
    else
    {
        curl_setopt($ch,CURLOPT_POSTFIELDS, $data);
    }

    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLINFO_HEADER_OUT, true);
    $output = curl_exec ($ch);
    $posturl = curl_getinfo($ch,CURLINFO_EFFECTIVE_URL);
    $httpCode = curl_getinfo($ch,CURLINFO_HTTP_CODE);
    $cURLinfo = curl_getinfo($ch);
    curl_close($ch);
    return array(
        "output" => $output,
        "posturl" => $posturl,
        "httpcode" => $httpCode,
        "diagnostics" => $cURLinfo
    );
}
?>

如果我使用此代码,他将为我提供脚本的顶部:

require_once("/home4/ahevent2/public_html/jumi_src/event_logs/admin_functions.php");
require_once("/home4/ahevent2/public_html/jumi_src/event_logs/cURL.php");

if (isset($_POST["username"]) && !empty($_POST["password"]) && !isset($_POST["event_type"]))
{
    $username = $_POST["username"];
    $password  = $_POST["password"];
    $url = "https://bbs.hitechcreations.com/cms/cmlogs.php";  
    $postchars = array(
            "loginid" => $username,
            "password" => $password
        );
    $headers = array("Content-Type:application/x-www-form-urlencoded");
    $postResponse = POST($url,$postchars ,$headers,1);
    $fh = $postResponse['output'];

//getting the dropdown box returned from THC to select a scenario to upload
        $a = strpos($fh, "<select name"); 
        $b = strpos($fh, "</SELECT>");     
        $c = strlen($fh) - $b;  
        $e = substr($fh, $a, -$c);

现在,此代码生成此页面:https://i.imgur.com/N0JcSJB.png 这是进步,因为它允许我需要在我的网站上显示下拉列表。问题是,代码将拉动整个宿主站点,而不仅仅是我需要的下拉列表(这是宿主站点的图像:https://i.imgur.com/3xrVcMq.png)。用户从下拉菜单中选择内容并填写其余字段并单击“上传”后,其余的原始代码将设置为解析信息并将其上传到我们的MYSQL数据库。该下拉菜单应该显示在“要使用哪个日志?”旁边(请参见此图片:https://i.imgur.com/dbxvQOP.png

我的问题是,仅需拉动下拉菜单或正确拉动下拉菜单,将需要进行哪些更改?原始代码已设置为执行此操作,但是由于SSL验证问题,由于某些原因不会将其提取。我没有问题可以禁用验证,因为它不是敏感数据,但是我为禁用它所做的每一次尝试都没有成功。

1 个答案:

答案 0 :(得分:0)

在POST方法中添加以下选项

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST , 2);
相关问题
最新问题