I am trying to create a secure login program by using sockets. Here's the code I wrote:
<?php
$myusername=$_POST["username"];
$mypassword=$_POST["password"];
$host="localhost";
$port=80;
$timeout=60;
$target="/admin_area.php";
if($myusername=="admin" && $mypassword=="passwd")
{
if (!$sock=fsockopen("ssl://".$host,$port,$errnum,$errstr,$timeout))
{
die ("Could not open socket: [$errnum] $errstr");
}
else
{
$posted_vars=array("username"=>$myusername,
"password"=>$mypassword);
$body="";
foreach ($posted_vars as $parameter=>$value)
{
$body.="&".$parameter."=".$value;
}
$headers="POST ".$target." HTTP/1.0 \r\n";
$headers.="Content-Type: application/x-www-form-urlencoded \r\n";
$headers.="Content-Length: ".strlen($body)." \r\n";
$headers.="Connection: Keep-Alive \r\n";
$headers.="Authorization: Basic ".base64_encode($myusername.":".$mypassword)." \r\n\r\n";
fputs ($sock,$headers.$body);
$data="";
while (!feof ($sock))
{
$data.=fgets($sock,3000);
}
list($res_head,$res_body)=explode("\r\n\r\n",$data);
echo $res_body;
}
}
else
{
echo "Login not happened successfully";
}
?>
When I run it, the following warnings are returned:
Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol in C:\wamp\www\log_in.php on line 12
Warning: fsockopen(): Failed to enable crypto in C:\wamp\www\log_in.php on line 12
Warning: fsockopen(): unable to connect to ssl://localhost:80 (Unknown error) in C:\wamp\www\log_in.php on line 12
Could not open socket: [0]
The issue is that this code works correctly if I remove the instruction for using the SSL protocol in the fsockopen()
function, but I would need to implement a secure HTTP connection.
I would be very grateful to anybody who can tell me where I am wrong. Thanks!
I would suggest making some changes here to specify exactly what you need.
if (!$sock=fsockopen("ssl://".$host,$port,$errnum,$errstr,$timeout))
SSL Does not use port 80 which will be the default, so specify the $port as 443.
It has been known to cause problems on some systems where the version of SSL in use is not specified, and relies on php to try to detect it. I would suggest trying either
if (!$sock=fsockopen("sslv2://".$host,443,$errnum,$errstr,$timeout))
or
if (!$sock=fsockopen("sslv3://".$host,443,$errnum,$errstr,$timeout))
Depending if your server is using SSLv2 or SSLv3.
This removes any ambiguity and clearly instructs the server how to proceed
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With