I'm looking to send an encrypted variable from a website on a HTTP page to another website on a HTTPS page, the code I'm using to accomplish this is:
$VARIABLE = 'myvariable';
function do_post_request($url, $data, $optional_headers = null)
{
$params = array('http' => array(
'method' => 'POST',
'content' => $data
));
if ($optional_headers !== null) {
$params['http']['header'] = $optional_headers;
}
$ctx = stream_context_create($params);
$fp = @fopen($url, 'rb', false, $ctx);
if (!$fp) {
throw new Exception("Problem with $url, $php_errormsg");
}
$response = @stream_get_contents($fp);
if ($response === false) {
throw new Exception("Problem reading data from $url, $php_errormsg");
}
return $response;
}
do_post_request('https://localhost/myphpfile.php', $VARIABLE);
This works perfect with HTTP but not HTTPS however I think that's only because I'm on a local server running WAMP which causes the connection to be refused.
Anyway my question is what do I need in 'myphpfile' to get the data being passed to it?
Thanks in advance!
UPDATE: Wow, thanks for all the quick replies guys! Like many of you suggested I've just taken a quick look at cURL and found this lying around in Google:
$url = 'https://localhost/myphpfile.php';
// Initialize session and set URL.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
// Set so curl_exec returns the result instead of outputting it.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
// Get the response and close the channel.
$response = curl_exec($ch);
curl_close($ch);
I know the VERIFYHOST parameter is causing it not checking for a valid certificate but I think I'll just wait until I move off the testing server then I'll get one, however could you please let me know how I can get the data being sent to 'myphpfile'?
stream_get_contents() instead of making a simple cURL call. Also, does just browsing to your https://localhost/myphpfile.php work? Because if it doesn't work in your browser, it's not going to work in your code - Crontab 2012-04-04 19:36
Building on your cURL code, you'd really just need to add the following lines before your curl_exec() call:
// number of POST variables you're passing - your number will likely be different
curl_setopt($ch,CURLOPT_POST,3);
// the post variables themselves - make sure the above number matches the number
// of fields here
curl_setopt($ch,CURLOPT_POSTFIELDS,"field1=foo&field2=bar&field3=baz");
$_POST["field1"] to retrieve the POST var "field1" and, in the case of my example, get the value "foo" - Crontab 2012-04-05 12:57
Is WAMP (Windows?!?) listening for SSL connections on port 443? If it is, and you have your web server configuration set to properly serve scripts in a manner analogous to your HTTP site, then it should just work.
You need to also jump through hoops to make sure that PHP is validating the server's certificate. If you don't, you are basically enabling a man-in-the-middle attack, defeating the entire point of using SSL. cURL can help with this.
You need to configure an SSL-based virtual server in your appache httpd.conf file to listen on port 443. You also need to create an SSL certificate for your server to use.
There are lot's of tutorials online for crerating the SSL certificate and configuring the Apache SSL based virtual server
mod_ssleven loaded - Khôi 2012-04-04 19:35