dspector
asked on
Cannot read CPanel login page (401 Access Denied Still Working)
The following code attempts to read the CPanel login page on my own server. The code fails even though the login page can be read manually in any browser. The failure message is as follows:
Warning: file_get_contents(http://64.131.68.211:2082/): failed to open stream: HTTP request failed! HTTP/1.1 401 Access Denied Still Working in C:\Web\TestHTTPS-EE.php on line 5
I am using PHP 5.1.6 and openssl is enabled. I am using Apache 2.2.3 on Windows running on my local computer as localhost.
The problem also occurs if I move this PHP file to a remote server. It also occurs if I add the username and password to the URL.
Note that other websites, even secure ones, can be read without a problem by similar coding. For example, $url="https://65.200.16.78/"; works.
I have searched the Web but cannot find a solution.
Warning: file_get_contents(http://64.131.68.211:2082/): failed to open stream: HTTP request failed! HTTP/1.1 401 Access Denied Still Working in C:\Web\TestHTTPS-EE.php on line 5
I am using PHP 5.1.6 and openssl is enabled. I am using Apache 2.2.3 on Windows running on my local computer as localhost.
The problem also occurs if I move this PHP file to a remote server. It also occurs if I add the username and password to the URL.
Note that other websites, even secure ones, can be read without a problem by similar coding. For example, $url="https://65.200.16.78/"; works.
I have searched the Web but cannot find a solution.
<?php
// Read and display CPanel login page
$url="http://64.131.68.211:2082/"; // Fails ("401 Access Denied Still Working")
$C=file_get_contents($url);
echo $C;
?>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've implemented the solution using cURL, and it works fine if you set the parameters CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER to false, causing security certificates to be ignored. Of course, the application can query the user before doing this, so at least the lower security is made obvious.
But surely a page with a self-signed or untrusted certificate can be opened with fsockopen? Surely someone out there can figure out how to do this without requiring the entire cURL Library?
Someone? Anyone?
But surely a page with a self-signed or untrusted certificate can be opened with fsockopen? Surely someone out there can figure out how to do this without requiring the entire cURL Library?
Someone? Anyone?
ASKER
This question has been open for awhile, but there is as yet no good answer.
If no one knows the answer, I will delete or close this question so it doesn't remain open. EE doesn't like questions that are open for too long.
David
If no one knows the answer, I will delete or close this question so it doesn't remain open. EE doesn't like questions that are open for too long.
David
Unfortunately I don't think your going to be able to accomplish what you want using just standard PHP. That's why I suggested that you use cURL to do it because most providers have cURL compiled into PHP or if not they can surely add it for you.
I wish I could help you more.
-Jeff
I wish I could help you more.
-Jeff
ASKER
I can't imagine what cURL could do that PHP cannot do, since I believe that PHP gives full access to socket control.
Jeff, since you were the only person who even bothered answering, I'll give you the "answer", but like many questions I've asked here and elsewhere I'm not really satisfied with the answer. Our computer environment is great when we are doing something ordinary, but when we try to do something unique its limitations get revealed pretty fast.
David
Jeff, since you were the only person who even bothered answering, I'll give you the "answer", but like many questions I've asked here and elsewhere I'm not really satisfied with the answer. Our computer environment is great when we are doing something ordinary, but when we try to do something unique its limitations get revealed pretty fast.
David
ASKER
Thanks for taking the time to help!
ASKER
Since this bug affects other people, a solution will also benefit others. If this is a bug in file_get_contents or wrappers, that would be good to know, so I can report it to The PHP Group.
Perhaps someone else out there can find a way to make this work without using cURL?
Additional hint: what makes CPanel different from other sites is that it frequently uses a self-signed (untrusted) security certificate, as it does in this case. Browsers complain, too, the first time they try to read the page. Then they succeed when the user clicks a button or two.