Secure Login with socket

Question

I am trying to create a secure login program by using sockets. Here's the code I wrote:

<?php

$myusername=$_POST["username"];
$mypassword=$_POST["password"];
$host="localhost";
$port=80;
$timeout=60;
$target="/admin_area.php";
if($myusername=="admin" && $mypassword=="passwd")

{
  if (!$sock=fsockopen("ssl://".$host,$port,$errnum,$errstr,$timeout))

  {
    die ("Could not open socket: [$errnum] $errstr");
  }

  else
  {
    $posted_vars=array("username"=>$myusername,
                       "password"=>$mypassword);
    $body="";
    foreach ($posted_vars as $parameter=>$value)

    {
      $body.="&".$parameter."=".$value;
    }
    $headers="POST ".$target." HTTP/1.0 \r\n";
    $headers.="Content-Type: application/x-www-form-urlencoded \r\n";
    $headers.="Content-Length: ".strlen($body)." \r\n";
    $headers.="Connection: Keep-Alive \r\n";
    $headers.="Authorization: Basic ".base64_encode($myusername.":".$mypassword)." \r\n\r\n";
    fputs ($sock,$headers.$body);
    $data="";
    while (!feof ($sock))

    {
      $data.=fgets($sock,3000);
    }
    list($res_head,$res_body)=explode("\r\n\r\n",$data);
    echo $res_body;
  }
}

else
  
{
  echo "Login not happened successfully";
}

?>

When I run it, the following warnings are returned:

Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol in C:\wamp\www\log_in.php on line 12

Warning: fsockopen(): Failed to enable crypto in C:\wamp\www\log_in.php on line 12

Warning: fsockopen(): unable to connect to ssl://localhost:80 (Unknown error) in C:\wamp\www\log_in.php on line 12

Could not open socket: [0]

The issue is that this code works correctly if I remove the instruction for using the SSL protocol in the fsockopen() function, but I would need to implement a secure HTTP connection.

I would be very grateful to anybody who can tell me where I am wrong. Thanks!

Answer 1

I would suggest making some changes here to specify exactly what you need.

if (!$sock=fsockopen("ssl://".$host,$port,$errnum,$errstr,$timeout))

SSL Does not use port 80 which will be the default, so specify the $port as 443.

It has been known to cause problems on some systems where the version of SSL in use is not specified, and relies on php to try to detect it. I would suggest trying either

if (!$sock=fsockopen("sslv2://".$host,443,$errnum,$errstr,$timeout))

or

if (!$sock=fsockopen("sslv3://".$host,443,$errnum,$errstr,$timeout))

Depending if your server is using SSLv2 or SSLv3.

This removes any ambiguity and clearly instructs the server how to proceed