JSON-RPC password

[Gavin Andresen]

I found what appears to be a bug: with a long enough username and password combination, the base64 encoder in bitcoind ... inserts a newline every 64 characters

Great catch!  Simpler fix is to specify the BIO_FLAGS_BASE64_NO_NL in the rpc.cpp/EncodeBase64 function:

Code:

diff --git a/rpc.cpp b/rpc.cpp
index 72bdc50..703b757 100644
--- a/rpc.cpp
+++ b/rpc.cpp
@@ -765,13 +765,14 @@ string EncodeBase64(string s)
     BUF_MEM *bptr;
 
     b64 = BIO_new(BIO_f_base64());
+    BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
     bmem = BIO_new(BIO_s_mem());
     b64 = BIO_push(b64, bmem);
     BIO_write(b64, s.c_str(), s.size());
     BIO_flush(b64);
     BIO_get_mem_ptr(b64, &bptr);
 
-    string result(bptr->data, bptr->length-1);
+    string result(bptr->data, bptr->length);
     BIO_free_all(b64);
 
     return result;

[satoshi]

i got some problems here too trying to get this run on PHP.
so far i had no luck, neither the wiki-sample (jsonRPCClient trying to fopen(http://username:password@localhost:8332/)), nor my curl-sample (using setopt CURLOPT_HTTPAUTH, CURLAUTH_BASIC) seem to work.

That's strange, didn't someone just say that was supposed to work?  (what library was he using?)  Post if you figure out what wrong.

I hope it's not going to put up this much of a fight for all PHP users.

Looks like we've got the Fortran scenario already.

[satoshi]

Great catch!  Simpler fix is to specify the BIO_FLAGS_BASE64_NO_NL in the rpc.cpp/EncodeBase64 function

SVN rev 111

[lachesis]

That's strange, didn't someone just say that was supposed to work?  (what library was he using?)  Post if you figure out what wrong.

That was me; I'm using the library at http://jsonrpcphp.org/ (download at http://jsonrpcphp.org/download.php?file=tgz&package=light), and I can confirm that this works:

Code:

<?php
require_once 'jsonRPCClient.php';
$bitcoin = new jsonRPCClient('http://username:password@localhost:8332/');
echo $bitcoin->getblockcount();
?>

Thanks to gavinandresen and satoshi for fixing that bug so fast.

[BitLex]

That's strange, didn't someone just say that was supposed to work?  (what library was he using?)  Post if you figure out what wrong.

That was me; I'm using the library at http://jsonrpcphp.org/ (download at http://jsonrpcphp.org/download.php?file=tgz&package=light), and I can confirm that this works:

Code:

<?php
require_once 'jsonRPCClient.php';
$bitcoin = new jsonRPCClient('http://username:password@localhost:8332/');
echo $bitcoin->getblockcount();
?>

not for me, that's what i tried first, cuz it's on the wiki.
this is all i get from jsonRPCClient:
Warning: fopen(http://...@localhost:8332/) [function.fopen]: failed to open stream: HTTP request failed! HTTP/1.0 401 Authorization Required in ...\jsonRPCClient.php on line 132


also couldn't get curl to authorize yet, all i get is
..curl_error():transfer closed with 15 bytes remaining to read..
which results in a "bad json-syntax" of course

testing on php5.3.0 curl7.19.4.
and open for ideas.

[lachesis]

First of all, does "bitcoind getinfo" work?

Second, try to grab the attempt that jsonrpcclient.php makes with netcat (might have to install it first):

1) Stop bitcoind
2) netcat -l 8332
3) Run your client code with a modified (insecure) username and password
4) Ctrl-C netcat and post the output

[BitLex]

I'm on XP here, not sure if theres a netcat-clone available.

commandline works fine and does what it's supposed to

this works fine using <=0.3.2

Code:

require_once 'jsonRPCClient.php';
$bitcoin = new jsonRPCClient('http://localhost:8332/');
echo $bitcoin->getblockcount();

but this doesnt work using 0.3.3

Code:

require_once 'jsonRPCClient.php';
$bitcoin = new jsonRPCClient('http://username:password@localhost:8332/');
echo $bitcoin->getblockcount();

[BitLex]

Ok, i found it. 

wiki says, create a bitcoin.conf like this:

Code:

rpcuser=anything; does not have to be a 'real' user
rpcpassword=anything

but that won't work (at least for some people, maybe windows?)

removing the ; did the job,
using # as seperator/commentor works fine.

[lachesis]

Ah alright. In that case, your username was actually "anything; does not have to be a 'real' user". That's why using the Bitcoin command line client worked - it used the full field for a username. I updated the wiki to remove the "; does not have to be a 'real' user" comment.

[theymos]

When I upgraded from a version with switch-based passwords to the latest SVN, I ran into a problem: Bitcoin looks for the configuration file in the default "~/.bitcoin/bitcoin.conf" unless I point to any non-existent file. Example:

Code:

$ ls /home/theymos/bitcoin
addr.dat      blkindex.dat  debug.log          status.sh
bitcoin.conf  command.sh    debug.log.old.bz2  stop.sh
bitcoind      database      makefile           transfer.sh
blk0001.dat   db.log        start.sh           wallet.dat

$ ./bitcoind -datadir=/home/theymos/bitcoin -conf=/home/theymos/bitcoin/bitcoin.conf && ./bitcoind getinfo
error: You must set rpcpassword=<password> in the configuration file:
/home/theymos/.bitcoin/bitcoin.conf
If the file does not exist, create it with owner-readable-only file permissions.

$ killall bitcoind

$ ./bitcoind -datadir=/home/theymos/bitcoin -conf=/home/theymos/bitcoin/asdf.conf && ./bitcoind getinfo
bitcoin server starting
error: You must set rpcpassword=<password> in the configuration file:
/home/theymos/.bitcoin/bitcoin.conf
If the file does not exist, create it with owner-readable-only file permissions.

Warning: To use bitcoind, you must set rpcpassword=<password>
in the configuration file: /home/theymos/bitcoin/asdf.conf
If the file does not exist, create it with owner-readable-only file permissions.

Bitcoin is using the correct datadir. Hardcoding the path in util.cpp just gives me "error:getinfo" (though maybe I'm not doing it correctly). Removing the "pathConfig.is_complete()" if statement does the same thing.

I'm on Linux with glibc 2.10.1. I'm using all of the recommended dependency versions. The only dependency I changed during the upgrade was Boost, which I had to recompile to get the additional libraries that Bitcoin now uses.

[Gavin Andresen]

$ ./bitcoind -datadir=/home/theymos/bitcoin -conf=/home/theymos/bitcoin/bitcoin.conf && ./bitcoind getinfo
error: You must set rpcpassword=<password> in the configuration file:

That second ./bitcoind getinfo has to be:

Code:

 ./bitcoind -datadir=/home/theymos/bitcoin -conf=/home/theymos/bitcoin/bitcoin.conf getinfo

... otherwise it will use the default config file and datadir.

[fetokun]

I'm getting the same error that was posted here about 1 year ago:

Warning: fopen(http://...@localhost:8332/): failed to open stream: HTTP request failed! HTTP/1.0 401 Authorization Required in /var/www/meubitcoin/src/classes/jsonRPCClient.php...

the php code:

Code:

  $bitcoind = new jsonRPCClient("http://fetokun:rcpass123@localhost:8332/", true); 
  echo($bitcoind->listaccounts()); 

Does it mean that I'm using an outdated version of bitcoind? ( I installed from this package: http://packages.debian.org/sid/i386/bitcoind/download )

I'm starting bitcoind this way:

Code:

bitcoind -server -testnet -rpcport=8332 -rcpuser=fetokun -rcppassword=rcpass123

when I run getinfo, bitcoind returns me this:

Code:

{
    "version" : 32002,
    "balance" : 0.00000000,
    "blocks" : 13312,
    "connections" : 8,
    "proxy" : "",
    "generate" : false,
    "genproclimit" : -1,
    "difficulty" : 17.09748611,
    "hashespersec" : 0,
    "testnet" : true,
    "keypoololdest" : 1302337673,
    "paytxfee" : 0.00000000,
    "errors" : ""
}

First of all, does "bitcoind getinfo" work?

Second, try to grab the attempt that jsonrpcclient.php makes with netcat (might have to install it first):

1) Stop bitcoind
2) netcat -l 8332
3) Run your client code with a modified (insecure) username and password
4) Ctrl-C netcat and post the output

when I do what lachesis mentioned above, netcat shows me:

Code:

{"method":"listaccounts","params":[],"id":1}

Its probably something very simple that I'm forgetting about... does anyone know what?

[fetokun]

found the problem

All I had to do was RTFM properly =D

[fetokun]

Alright, this thing I'm having a problem with:

Code:

        $result1 = $rpc->getbalance($fromAccount);
    $result2 = $rpc->sendfrom($fromAccount, $toAccount, $amount);

The first line works fine and gets me:

Code:

1***** Request *****
{"method":"getbalance","params":["fetokun"],"id":1}
***** End Of request *****

***** Server response *****
{"result":3639.00000000,"error":null,"id":1}
***** End of server response *****

But the second line gets me:

Code:

Warning: fopen(http://...@localhost:8332/): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error in /var/www/meubitcoin/src/classes/jsonRPCClient.php on line 132 Fatal error: Uncaught exception 'Exception' with message 'Unable to connect...

Anybody knows why?

my bitcoin.conf:

Code:

rcpallowip=127.0.0.1
rpcuser=fetokun
rpcpassword=rcpass123
rpcport=8332
server=1
testnet=1

[NghtRppr]

Code:

$result2 = $rpc->sendfrom($fromAccount, $toAccount, (float) $amount);

See if this works.

[fetokun]

I'll arrive home in a few hours then I'll check if that's the problem

Thanx a lot dude

[fetokun]

Code:

$result2 = $rpc->sendfrom($fromAccount, $toAccount, (float) $amount);

See if this works.

Now it worked! Thanx!

[NghtRppr]

Code:

$result2 = $rpc->sendfrom($fromAccount, $toAccount, (float) $amount);

See if this works.

Now it worked! Thanx!

You're welcome. The problem was that you were trying to pass $amount as a string.