0

I have PHP Laravel5 project. I use file_get_contents() in a controller's action like the following:

$production = json_decode(file_get_contents(url('/operation/get-production/'.$job->id)))->production;

The above route is excluded from authentication and authorization and the above line of code works well from the localhost. However, when a remote user from the Internet uses that code, it generates the following error:

enter image description here

I'm not using IIS, the server is Apache on Ubuntu linux. I don't know why SSL is appeared in this case? I'm pretty sure that the URL supplied to the function is http://... not https://...

SaidbakR
  • 13,303
  • 20
  • 101
  • 195
  • 1
    Stop being _“pretty sure”_, and _actually verify_. Also check whether the remote server might have redirected your HTTP request to HTTPS. – CBroe Nov 23 '17 at 15:39
  • @CBroe I have updated the screen shot of the error. Please checkout it again. – SaidbakR Nov 23 '17 at 15:46

3 Answers3

2

Your production URL may be forced to use https (and it's a good thing).

file_get_contents() isn't the perfect choice to get data over https but if php_openssl extension is activated and allow_url_fopen to set to "on" you can get content from https.

As you seems to don't have a valid SSL certificate : use PHP Curl must be a better idea ( http://php.net/manual/fr/book.curl.php ), as you can disabled SSL error with this :

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

(if you trust the URL : you could do this, never do this with an external website)

Bacteries
  • 593
  • 4
  • 13
  • I have updated the screen shot in the question, please checkout it. – SaidbakR Nov 23 '17 at 15:49
  • When you manualy go to you URL (in http) are you redirected to https ? I see that you have a 307 response code (that mean it's a temporary redirect) in your stacktrace. So it's normal, you ask for HTTP, the server redirect your to https and it failed because the SSL certificate isn't valid (maybe a self signed certificate). In all case : use curl instead of file_get_content and put the flag to avoid SSL error. – Bacteries Nov 24 '17 at 08:20
  • Ordinary accessing directly from http is not redirected. – SaidbakR Nov 24 '17 at 11:16
0

It sounds like the certificate verification is failing because it doesn't have a reference file of root certificates to check it with. See this Stack Overflow answer.

starbeamrainbowlabs
  • 5,692
  • 8
  • 42
  • 73
  • I wonder, what's the relation between the certificate verification and accessing the server without `https`?! – SaidbakR Nov 23 '17 at 15:37
  • It doesn't look like you're specifying a particular protocol. The function `url` might default to https, or the remote url may redirect to https. Without more information, there's no way to tell. Either way, https is involved somewhere - that I'm positive about. – starbeamrainbowlabs Nov 23 '17 at 15:40
0

You have 2 possible situations:

Possible Answer #1, if you are using apache, check your conf and see if your domain is not forcing all calls to use SSL

  • OR -

Possible Answer #2 you need to create a flow for your GET url and send headers to the other server:

<?php //Create a flow 
$opt = array(
'http'=>array(
'method'=>'GET',
'user_agent' => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3',
'header'=>'Accept-language: en\r\n' .
                 'Cookie: foo=bar\r\n’ ) ); 
$context = stream_context_create($opt); 
//Get external url response
$file = file_get_contents('http://www.example.com/some_file', false, $context); ?>
Crythephoenix
  • 59
  • 6