CODEWITHSUNDEEP
phphttpposthttpsprotocols
Alvaro
Alvaro

Reputation: 41595

Connect through HTTPS instead of HTTP

I want to use a simple API and i want to do it in the secure way. It is currently using sockets and port 80. As far as I know port 80 is open and it doesn't seem such a secure connection.

As the data to send contains user and password i want to use HTTPS instead of HTTP to make it secure.

I was wondering if it is so simple as just changing this line;

$headers = "POST /api/api.php HTTP/1.0\r\n";

For this other line

$headers = "POST /api/api.php HTTPS/1.0\r\n";

And changing the port to 443

Here is the connect function:

// api connect function
function api_connect($Username, $Password, $ParameterArray)
{
   // Create the URL to send the message.
   // The variables are set using the input from an HTML form

   $err = array();
   $url = "api.text-connect.co.uk";
   $headers = "POST /api/api.php HTTP/1.0\r\n";
   $headers .= "Host: ".$url."\r\n";

   // Create post string
   // Username and Password
   $poststring = "Username=".$Username."&";
   $poststring .= "Password=".$Password;

   // Turn the parameter array into the variables

   while (list($Key, $Value)=@each($ParameterArray))
   {
      $poststring .= "&".$Key."=".urlencode($Value);
   }

   // Finish off the headers
   $headers .= "Content-Length: ".strlen($poststring)."\r\n";
   $headers .= "Content-Type: application/x-www-form-urlencoded\r\n";


   // Open a socket
   $http = fsockopen ($url, 80, $err[0], $err[1]);
   if (!$http)
   {
      echo "Connection to ".$url.":80 failed: ".$err[0]." (".$err[1].")";
      exit();
   }

   // Socket was open successfully, post the data.
   fwrite ($http, $headers."\r\n".$poststring."\r\n");

   // Read the results from the post
   $result = "";
   while (!feof($http))
   {
      $result .= fread($http, 8192);
   }

   // Close the connection
   fclose ($http);

   // Strip the headers from the result
   list($resultheaders, $resultcode)=split("\r\n\r\n", $result, 2);

   return $resultcode;
}
?>

Upvotes: 0

Views: 3601

Answers (3)

symcbean
symcbean

Reputation: 48357

Your code has a huge number of issues regardless if it's using HTTP or HTTPS - implementing an HTTP client (or server) is MUCH more complicated than simply throwing some headers across a socket then sinking the response.

What's particularly bad about this approach is that it will work some of the time - then it will fail and you won't understand why.

Start again using curl.

Doing it this way you only need to change the URL (it also implements a cookie jar, support for header injection, automatic following of redirects, routing via proxies, verification or non-verification of SSL certificates amongst other things).

Upvotes: 2

Angelin Nadar
Angelin Nadar

Reputation: 9300

curl and set CURLOPT_SSL_VERIFYPEER = false

Upvotes: 1

Quentin
Quentin

Reputation: 943142

I was wondering if it is so simple as

No, it isn't. It really, really isn't.

HTTPS is HTTP tunnelled over SSL. So you don't change the content of the HTTP request at all.

You do need to perform all the SSL handshaking before you do the HTTP stuff though.

SSL is crypto, it is therefore hard. Don't try reinventing this wheel. Use a library such as cURL.

Upvotes: 1

Related Questions