I have been looking closely at this code, which was not created by me, it stopped working as soon as you call it from a secure SSL path and use a secure path throughout. I added in a few lines to hopefully solve the SSL issues, but have not been successful. The original person that created this can not be contacted, thus I hopefully I'm just missing something that I do not understand.
I do not work with PHP, so I hope to learn more about why this does not work when calling this via a SSL path. I did look around for the answer and did not find one that worked for this issue.
The file does run with ZERO issues using a non SSL path i.e http://www.example.com/sub/filename.php, but all I get back is a False when I run the file by calling it by this url https://www.example.com/sub/filename.php.
The php logs shows this.
[16-Aug-2019 15:05:35 UTC] PHP Deprecated: Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0
[16-Aug-2019 15:05:35 UTC] PHP Deprecated: Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0
[16-Aug-2019 15:05:35 UTC] PHP Deprecated: Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0
[16-Aug-2019 15:05:35 UTC] PHP Deprecated: Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0
Thanks in advance for any help.
<?php
error_reporting(0);
ini_set("display_errors", 0);
$DEBUG = false;
if($DEBUG) { echo "<h1>From Data File {$_GET['s']}</h1>"; }
$info = file_get_contents($_SERVER['DOCUMENT_ROOT']."/_tempfiles/_ses/{$_GET['s']}");
list($url,$vars,$header) = explode("||^||",$info);
unlink($_SERVER['DOCUMENT_ROOT']."/_tempfiles/_ses/{$_GET['s']}");
if(preg_match("|\r\n|",$header)) {
$theaders = explode("\r\n",$header);
}
else {
$theaders = explode("\n",$header);
}
foreach($theaders as $t) {
if(trim($t) != '') {
list($field,$value) = explode(':',$t);
if(trim($field) != 'Host') {
$headers[] = trim($t);
}
}
}
if($DEBUG) {
echo "<H1>URL</H1>{$url}";
echo "<H1>Headers Array (w/Host removed)</H1>";
var_dump($headers);
echo "<H1>Vars</H1>{$vars}";
echo "<H1>Content Length Validation</H1>".strlen($vars);
echo "<h1>Output From Remote URL below line:</h1>";
echo "<HR>";
}
$ch = curl_init();
// Configure curl for website
curl_setopt($ch, CURLOPT_URL,$url);
// Turn on SSL certificate verfication
curl_setopt($curl, CURLOPT_CAPATH, "/home/domain/unc/cacert.pem");
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$vars);
if(isset($headers) && is_array($headers) && count($headers) > 0) {
//curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
}
// 1 second for a connection timeout with curl
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5);
// Try using this instead of the php set_time_limit function call
curl_setopt($curl, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$server_output = curl_exec ($ch);
curl_close ($ch);
echo $server_output;
?>
It would seem the code I provided is working correctly. I just need to check the return path that this software is passing the var string too. So with that, thanks for the help, hope this helps others with the same issues.