Bitcoin Forum

Bitcoin => Project Development => Topic started by: gweedo on August 03, 2012, 11:44:35 PM


Title: JSON-RPC Client PHP converted to cURL instead of fopen
Post by: gweedo on August 03, 2012, 11:44:35 PM
fopen is insecure and not correct when trying to communicating with remote sites. 
I just rewrote the http post part of the code so just in case anyone was wanted it

http://pastebin.com/vREuHVr5

Title: Re: JSON-RPC Client PHP converted to cURL instead of fopen
Post by: onpdm on February 21, 2013, 02:52:31 PM
Don't know why nobody did a reply to your posting, but I just want to say thank you. ;)

I've moved my script to a new server and the connection to bitcoind did not work anymore ... I tried over 1 hour with this shit, after I detected that fopen is disabled by php.ini security configuration. ;( jsonRPC always said only "Unable to connect" in fact of thrown PHP exception, so I did not find out that fopen is the problem. After some help of my friend Google I found your script!

Thank you, great! ;)

Title: Re: JSON-RPC Client PHP converted to cURL instead of fopen
Post by: gweedo on February 21, 2013, 06:54:13 PM
No problem, enjoy!

Title: Re: JSON-RPC Client PHP converted to cURL instead of fopen
Post by: r3wt on January 13, 2014, 02:05:36 AM
+1 for this post Gweedo. helped me eliminate the vulnerability of having
Code:
allow_url_fopen : On
in php.ini

Title: Re: JSON-RPC Client PHP converted to cURL instead of fopen
Post by: r3wt on January 13, 2014, 02:21:57 AM
Quote from: gweedo on January 13, 2014, 02:18:17 AM
Quote from: r3wt on January 13, 2014, 02:05:36 AM
+1 for this post Gweedo. helped me eliminate the vulnerability of having
Code:
allow_url_fopen : On
in php.ini

That is why I am here.

Quote
Status: 0/unconfirmed, has not been successfully broadcast yet
Date: 1/12/2014 20:21
To: 1GweedoZJYb5CNLfSaBgBBYS2y7BMVb2Wo
Debit: -0.01 BTC
Transaction fee: -0.0001 BTC
Net amount: -0.0101 BTC
Transaction ID: 148968123e5ceb0c4f1c80f39e48b4d4e659c62464abbea70766a26d5d95ed8e



Title: Re: JSON-RPC Client PHP converted to cURL instead of fopen
Post by: r3wt on January 13, 2014, 05:43:25 AM
Quote from: gweedo on January 13, 2014, 02:46:53 AM
Quote from: r3wt on January 13, 2014, 02:21:57 AM
Quote from: gweedo on January 13, 2014, 02:18:17 AM
Quote from: r3wt on January 13, 2014, 02:05:36 AM
+1 for this post Gweedo. helped me eliminate the vulnerability of having
Code:
allow_url_fopen : On
in php.ini

That is why I am here.

Quote
Status: 0/unconfirmed, has not been successfully broadcast yet
Date: 1/12/2014 20:21
To: 1GweedoZJYb5CNLfSaBgBBYS2y7BMVb2Wo
Debit: -0.01 BTC
Transaction fee: -0.0001 BTC
Net amount: -0.0101 BTC
Transaction ID: 148968123e5ceb0c4f1c80f39e48b4d4e659c62464abbea70766a26d5d95ed8e



Thank you sir

Thank you as well. If you need a job doing some PDO, you know who to call...

Title: Re: JSON-RPC Client PHP converted to cURL instead of fopen
Post by: Crypto-Maniac on May 17, 2014, 08:22:04 AM
Hello ,
i have tried the script but i couldn't make it work on my install , i have curl enable
it work well with the version fopen but would love to convert to curl for security reason
if someone can update this one

thx you

Title: Re: JSON-RPC Client PHP converted to cURL instead of fopen
Post by: gweedo on May 17, 2014, 08:31:43 AM
Quote from: Crypto-Maniac on May 17, 2014, 08:22:04 AM
Hello ,
i have tried the script but i couldn't make it work on my install , i have curl enable
it work well with the version fopen but would love to convert to curl for security reason
if someone can update this one

thx you

I tested it on php 5.4 and it worked. Can I see your code?

Title: Re: JSON-RPC Client PHP converted to cURL instead of fopen
Post by: Crypto-Maniac on May 17, 2014, 09:37:52 AM
thx gweedo

here is my original file

http://pastebin.com/w6khV4Gp

& i took your code and insert it at HTTP POST
Code:
// performs the HTTP POST
                $ch = curl_init($this->url);
                curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
                curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type: application/json'));
                curl_setopt($ch, CURLOPT_POST, true);
                curl_setopt($ch, CURLOPT_POSTFIELDS, $request);
                $response = json_decode(curl_exec($ch),true);
                curl_close($ch);
http://pastebin.com/R0uc8xKb

Title: Re: JSON-RPC Client PHP converted to cURL instead of fopen
Post by: Crypto-Maniac on May 17, 2014, 09:57:55 AM
im on php 5.5 , i cant downgrade since my script is developed under php 5.5.4

thx you

Title: Re: JSON-RPC Client PHP converted to cURL instead of fopen
Post by: Catastrough on May 17, 2014, 01:46:08 PM
I need a good example of PHP JSON and Ext controls. I return a JSON formatted dataset and then pass it to an Ext control, but the data does not get rendered. WTF.

Title: Re: JSON-RPC Client PHP converted to cURL instead of fopen
Post by: Crypto-Maniac on June 03, 2014, 02:13:45 PM
up please :)

Title: Re: JSON-RPC Client PHP converted to cURL instead of fopen
Post by: r3wt on June 03, 2014, 03:27:22 PM
Here's the original modified ever so slightly to remove errors. if you want it to throw errors so you can use try catch, you'll have to do some searching for gweedo's original version.

Code:
class jsonRPCClient {
	private $debug;
	private $url;
	private $id;
	private $notification = false;
	public function __construct($url,$debug = false) {
		$this->url = $url;
		empty($proxy) ? $this->proxy = '' : $this->proxy = $proxy;
		empty($debug) ? $this->debug = false : $this->debug = true;
		$this->id = 1;
	}
	public function setRPCNotification($notification) {
		empty($notification) ? $this->notification = false : $this->notification = true;
	}
	public function __call($method,$params) {
		if (!is_scalar($method)) { throw new Exception('Method name has no scalar value'); }              
		if (is_array($params)) { $params = array_values($params);}else{ throw new Exception('Params must be given as array'); }
		if ($this->notification) {$currentId = NULL; }else{ $currentId = $this->id;}
		$request = array( 'method' => $method, 'params' => $params, 'id' => $currentId );
		$request = json_encode($request);
		$this->debug && $this->debug.='***** Request *****'."\n".$request."\n".'***** End Of request *****'."\n\n";
		$ch = curl_init($this->url);
		curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
		curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type: application/json'));
		curl_setopt($ch, CURLOPT_POST, true);
		curl_setopt($ch, CURLOPT_POSTFIELDS, $request);
		$response = json_decode(curl_exec($ch),true);
		curl_close($ch);
		if ($this->debug) { echo nl2br($debug); }
		if (!$this->notification) {
				if ($response['id'] != $currentId) { return $response; }
				if (!is_null($response['error'])) { return $response; } 
				return $response['result'];
		}else{
				return true;
		}
	}
}

Here's an experimental version i've been tinkering with. I'm thinking using
Code:
pfsockopen()
would lend to further speed increases because of the ability to reuse a previously used socket. this would be good with ssl.

Code:
class jsonRPCSocket {
	private $host;
	private $port;
	private $user;
	private $pass;
	private $id;
	private $notification = false;
	public function __construct($host,$port,$user,$pass) {
		$this->host = $host;
		$this->port = $port;
		$this->user = $user;
		$this->pass = $pass;
		$this->id = 1;
	}
	public function setRPCNotification($notification) {
		empty($notification) ? $this->notification = false : $this->notification = true;
	}
	public function __call($method,$params) {
		if (!is_scalar($method)) { throw new Exception('Method name has no scalar value'); }              
		if (is_array($params)) { $params = array_values($params);}else{ throw new Exception('Params must be given as array'); }
		if ($this->notification) {$currentId = NULL; }else{ $currentId = $this->id;}
		$request = array( 'method' => $method, 'params' => $params, 'id' => $currentId );
		$request = json_encode($request);
		$this->debug && $this->debug.='***** Request *****'."\n".$request."\n".'***** End Of request *****'."\n\n";
		$fp = fsockopen('tcp://'.$this->user.':'.$this->pass.'@'.$this->host,$this->port,$errno,$errstr, 10);
		if(!$fp){
				throw new Exception("$errno - $errstr");
		}
		$content = "POST $request HTTP/1.1"."\r\n".
					"Host: ". $this-host .""."\r\n".
					"Content-Type: application/application-json"."\r\n".
					"Content-Length:".strlen($request)."\r\n"."\r\n";
		fwrite($fp,$content);
		$response='';
		while(!feof($fp)) {
			$response.= fread($fp,1024);
		}
		fclose($fp);
		$response = json_decode(preg_replace('!^.*(?:\r?\n){2}(.*)$!s','\\1',$response));
		if ($this->debug) { echo nl2br($debug); }
		if (!$this->notification) {
				if ($response['id'] != $currentId) { return $response; }
				if (!is_null($response['error'])) { return $response; } 
				return $response['result'];
		}else{
				return true;
		}
	}
}


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines