Bitcoin Forum
November 06, 2024, 05:07:06 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: jsonRPC.php verifymessage method throws 500 error when supplying bad signature  (Read 1366 times)
coinminers (OP)
Full Member
***
Offline Offline

Activity: 147
Merit: 100



View Profile WWW
November 26, 2013, 06:52:36 PM
 #1

I have been trying to add the ability for people to change their shortname's address on my site http://bit.co.in

So what I'm trying to do is to access bitcoind via the jsonRPC.php library like so:

if ($bitcoin->verifymessage($oldAddress, $signature, $message) == 1) $addressOwnershipValidated = true;

When I supply a valid signature it works fine, but when I supply an invalid one just to test, it breaks with an error like this:

Server 500 Error: fopen(http://...127.0.0.1:8332) Can't open file

I even tried suppressing the error via @$bitcoin->verifymessage(...) and also tried a try ... catch, but it always throws that same error.

Any idea what I'm doing wrong?

http://bit.co.in - Shorten your address and make/receive payments on the go! Decentralized!!

http://www.coinjabber.com - Submit, review, discuss, and promote Bitcoin & virtual currency websites!
coinminers (OP)
Full Member
***
Offline Offline

Activity: 147
Merit: 100



View Profile WWW
November 27, 2013, 06:43:01 AM
 #2

To be more precise the error is:

fopen(http://.../): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error

http://bit.co.in - Shorten your address and make/receive payments on the go! Decentralized!!

http://www.coinjabber.com - Submit, review, discuss, and promote Bitcoin & virtual currency websites!
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1011

Reverse engineer from time to time


View Profile
November 27, 2013, 07:21:16 AM
 #3

To be more precise the error is:

fopen(http://.../): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error
Can you provide a link to this jsonRPC library? Also, look, it's trying to fopen something and is failing.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
coinminers (OP)
Full Member
***
Offline Offline

Activity: 147
Merit: 100



View Profile WWW
November 28, 2013, 05:54:40 PM
 #4

To be more precise the error is:

fopen(http://.../): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error
Can you provide a link to this jsonRPC library? Also, look, it's trying to fopen something and is failing.

Thanks much for the reply.

http://jsonrpcphp.org/code.php?file=jsonRPCClient

If it was unable to fopen the rpc http connection then it would throw that message everytime I try to connect, but it only does when the signature supplied is invalid, in which case I'd expect it to return a FALSE or a 0 or something like that.

I put a hack into the jsonRPCClient for now where I suppress the fopen error and return a FALSE instead of a exception. This seems to have patched it for now:

if ($fp = @fopen($this->url, 'r', false, $context)) { // <<SUPPRESS ERROR HERE
         $response = '';
         while($row = fgets($fp)) {
            $response.= trim($row)."\n";
         }
         $this->debug && $this->debug.='***** Server response *****'."\n".$response.'***** End of server response *****'."\n";
         $response = json_decode($response,true);
      } else {
         //throw new Exception('Unable to connect to '.$this->url); // << COMMENTED OUT
         return false; // << RETURN FALSE INSTEAD
      }

http://bit.co.in - Shorten your address and make/receive payments on the go! Decentralized!!

http://www.coinjabber.com - Submit, review, discuss, and promote Bitcoin & virtual currency websites!
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1026



View Profile
November 30, 2013, 05:09:37 AM
 #5

That particular RPC client always claims that it can't access the RPC when it has an error.  It is essentially the only error it knows.

You should be calling it from a try/catch block so that you can handle the exception yourself.

P.S.  Change your RPC password.  If you just noticed this now, it is in your logs dozens or hundreds of times.

P.P.S.  It is trivial to patch the bitcoind verifymessage RPC call to return the pubkey of the signature rather than true/false.  This patch will never be accepted into the main client because it is unsafe for human use, but it works great for a machine comparison/lookup to identify a user.

P.P.P.S.  And by trivial, I mean I posted it here in the forums a while back.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
elbandi
Hero Member
*****
Offline Offline

Activity: 525
Merit: 531


View Profile
November 30, 2013, 12:03:03 PM
 #6

Try to use this file: https://gitorious.org/elbandi/minifaucet/source/0581e2540518071cee37de0854ae8641e784dcab:jsonRPCClient.php

This is a same jsonrpc.php, but i changed to use curl instead of fopen.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!