我正在整理我以前的帖子,希望能提供一些有用的信息。
因此,我有一段代码可以使用POST从受保护的网站中提取。我已经与运行该主机站点的人进行了交谈,他说他们的CA证书不涵盖子域。因此,据他说,我的网站无法解析证书的原因是它正在寻找bbs.hitechcreations.com,而证书仅涵盖hitechcreations.com。
因此,我被迫禁用SSL验证(这不是问题,没有敏感数据正在传递)。但是,无论我尝试什么,我似乎都无法使其禁用。
PHP错误报告会取消以下内容:
Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /home4/ahevent2/public_html/components/com_jumi/views/application/view.html.php(85) : eval()'d code on line 39
Warning: file_get_contents(): Failed to enable crypto in /home4/ahevent2/public_html/components/com_jumi/views/application/view.html.php(85) : eval()'d code on line 39
Warning: file_get_contents(https://bbs.hitechcreations.com/cms/cmlogs.php): failed to open stream: operation failed in /home4/ahevent2/public_html/components/com_jumi/views/application/view.html.php(85) : eval()'d code on line 39
bool(false)
下面是我当前的代码部分
<?php
require_once("/home4/ahevent2/public_html/jumi_src/event_logs/admin_functions.php");
if (isset($_POST["username"]) && !empty($_POST["password"]) && !isset($_POST["event_type"]))
{
$username = $_POST["username"];
$password = $_POST["password"];
$url = "https://bbs.hitechcreations.com/cms/cmlogs.php";
$f1 = 'loginid'; // Name of field1(ON THE WEBSITE YOU'RE TRYING TO LOGIN ON!)
$f2 = 'password'; // Name of field2(ON THE WEBSITE YOU'RE TRYING TO LOGIN ON!)
$v1 = $username; // Value of field1(FROM THE WEBSITE YOU'RE TRYING TO LOGIN FROM!)
$v2 = $password; // Value of field2(FROM THE WEBSITE YOU'RE TRYING TO LOGIN FROM!)
//$find = 'Welcome to your account'; // String to search for in the page you've logged in on
$postchars = http_build_query( array($f1 => $v1, $f2 => $v2) );
$stream = stream_context_create( array('http' => array('method' => 'POST', 'header' => 'Content-Type: application/x-www-form-urlencoded', 'content' => htmlspecialchars_decode( $postchars ) ) ) ); // Creates an array of the sourcecode, and inputs the values of the field1 and field2
$arrContextOptions=array(
"ssl"=>array(
"verify_peer"=>false,
"verify_peer_name"=>false,
),
);
$fh = file_get_contents($url, false, $stream); //for troubleshooting.
var_dump($fh);
//REALLY NEEDS A HANDLER FOR WHEN $FH DOESN"T COME BACK FOR SOME REASON.
//printf("Login wasn't completed. No file was retreived. Please check your password at the htc CM login page to verify that it's good. If it is there is a systme issue. Please let Nefarious know.");
//FOR TROUBLESHOOTING
// printf("<textarea rows='100' cols='100'>");
// printf($fh);
// printf("</textarea>");
//getting the dropdown box returned from THC to select a scenario to upload
$a = strpos($fh, "<select name");
$b = strpos($fh, "</SELECT>");
$c = strlen($fh) - $b;
$e = substr($fh, $a, -$c);
在php.ini文件的底部也有以下内容:
extension=php_openssl.dll
allow_url_fopen = On
CURLOPT_SSL_VERIFYPEER=FALSE
要关闭证书验证,我还有其他需要做或更改的事情吗?到目前为止,我没有做过的任何事情。
答案 0 :(得分:0)
这就是我使用curl的方法:
文件名:cURL.php
<?PHP
function POST($url,$data,$headers, $type)
{
$ch = curl_init ($url);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
if($type === 1)
{
curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query($data));
}
else
{
curl_setopt($ch,CURLOPT_POSTFIELDS, $data);
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
$output = curl_exec ($ch);
$posturl = curl_getinfo($ch,CURLINFO_EFFECTIVE_URL);
$httpCode = curl_getinfo($ch,CURLINFO_HTTP_CODE);
$cURLinfo = curl_getinfo($ch);
curl_close($ch);
return array(
"output" => $output,
"posturl" => $posturl,
"httpcode" => $httpCode,
"diagnostics" => $cURLinfo
);
}
?>
文件名:test.php(或:如何使用它)
<?PHP
require_once("cURL.php");
$url = "https://bbs.hitechcreations.com/cms/cmlogs.php";
$content = array(
"loginid" => "test",
"password" => "test"
);
$headers = array("Content-Type:application/x-www-form-urlencoded");
var_dump(POST($url,$content,$headers,1));
?>
您可以访问
之类的输出$postResponse = POST($url,$content,$headers,1)
$postResponse['output']
但是,这种方法确实存储了有关请求的一些其他信息,例如将curl信息存储到诊断键中,等等,这是我曾经编写的一个小型请求测试器的摘录,希望您可以充分利用它:)
因此在您的代码中的正确用法是:
require_once("/home4/ahevent2/public_html/jumi_src/event_logs/admin_functions.php");
require_once("cURL.php");
if (isset($_POST["username"]) && !empty($_POST["password"]) && !isset($_POST["event_type"]))
{
$username = $_POST["username"];
$password = $_POST["password"];
$url = "https://bbs.hitechcreations.com/cms/cmlogs.php";
$postchars = array(
"loginid" => $username,
"password" => $password
);
$headers = array("Content-Type:application/x-www-form-urlencoded");
$postResponse = POST($url,$postchars ,$headers,1);
$fh = $postResponse['output'];
//getting the dropdown box returned from THC to select a scenario to upload
$a = strpos($fh, "<select name");
$b = strpos($fh, "</SELECT>");
$c = strlen($fh) - $b;
$e = substr($fh, $a, -$c);