file_get_contents() and Curl

2019-08-09 05:42发布

站内文章 / PHP
53 0 0

问题:

I am using file_get_contents() php function in my laravel 4.2 code to get profile photo after login through facebook .

it worked correctly when I use this 

$arrContextOptions=array(
    "ssl"=>array(
        "verify_peer"=> false,
        "verify_peer_name"=> false,
    ),
);
$content = file_get_contents($myurl, false, stream_context_create($arrContextOptions));

but it makes a security hole in the system as mentioned before in another question for the same issue , if I dont use this security hole method , error blows up in my face which I cannot handle

ErrorException (E_WARNING) HELP file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"

then I tried Curl method 

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$myURL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);
$content = curl_exec($ch);
curl_close($ch);
file_put_contents($path, $content);

it didnot make any error and it did not work neither "no photo returned" ! so how can I get the profile photo in a secure clean way and save it using php (laravel 4.2) ?! I am testing it on my localhost using XAmpp

回答1:

working code:

    $user_id = PUT_USER_ID_HERE;
    $url = 'http://graph.facebook.com/' . $user_id . '/picture?type=large';

    $finalUrl = get_final_url($url);


    $path = 'img/pic_facebook.jpg';
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL,$finalUrl);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
    $content = curl_exec($ch);
    curl_close($ch);
    file_put_contents($path, $content);


function get_final_url( $url, $timeout = 5 )
{
    $url = str_replace( "&", "&", urldecode(trim($url)) );

    $cookie = tempnam ("/tmp", "CURLCOOKIE");
    $ch = curl_init();
    curl_setopt( $ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1" );
    curl_setopt( $ch, CURLOPT_URL, $url );
    curl_setopt( $ch, CURLOPT_COOKIEJAR, $cookie );
    curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
    curl_setopt( $ch, CURLOPT_ENCODING, "" );
    curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
    curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
    curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, $timeout );
    curl_setopt( $ch, CURLOPT_TIMEOUT, $timeout );
    curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
    $content = curl_exec( $ch );
    $response = curl_getinfo( $ch );
    curl_close ( $ch );

    if ($response['http_code'] == 301 || $response['http_code'] == 302)
    {
        ini_set("user_agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1");
        $headers = get_headers($response['url']);

        $location = "";
        foreach( $headers as $value )
        {
            if ( substr( strtolower($value), 0, 9 ) == "location:" )
                return get_final_url( trim( substr( $value, 9, strlen($value) ) ) );
        }
    }

    if (    preg_match("/window\.location\.replace\('(.*)'\)/i", $content, $value) ||
            preg_match("/window\.location\=\"(.*)\"/i", $content, $value)
    )
    {
        return get_final_url ( $value[1] );
    }
    else
    {
        return $response['url'];
    }
}

function taken from here: PHP Curl following redirects



标签: php security ssl curl
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~