PHP Data Transfer via FTPS with Libcurl
FTPS (FTP Secure or FTP-SSL) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols. FTPS includes full support for the TLS and SSL cryptographic protocols, including the use of server-side public key authentication certificates and client-side authorization certificates. It also supports compatible ciphers, including AES, RC4, RC2, Triple DES and DES, and hash functions SHA, MD5, MD4 and MD2.
In this section we will improve the above ftp.php script, by adding some security to it, by setting some of the predefined constants : CURLOPT_SSL_VERIFYHOST, CURLOPT_FTP_SSL, CURLOPT_USERPWD, CURLOPT_SSLVERSION:
<?php
if (isset($_POST['Submit'])) {
if (!empty($_FILES['upload']['name'])) {
$ch = curl_init();
$localfile = $_FILES['upload']['tmp_name'];
$fp = fopen($localfile, 'r');
curl_setopt($ch, CURLOPT_URL, 'ftp://florinsteaua:[email protected]/'.$_FILES['upload']['name']);
curl_setopt($ch, CURLOPT_UPLOAD, 1);
curl_setopt($ch, CURLOPT_INFILE, $fp);
//SSL settings
//To stop cURL from verifying the peer's certificate use the value 0 or False.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
//1 to check the existence of a common name in the SSL peer certificate.
//2 to check the existence of a common name and also verify that it matches the hostname provided. 2 is the default value.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
//The FTP authentication method : CURLFTPAUTH_SSL (try SSL first), CURLFTPAUTH_TLS (try TLS first), or CURLFTPAUTH_DEFAULT (let cURL decide).
curl_setopt($ch, CURLOPT_FTP_SSL, CURLOPT_FTPSSLAUTH);
//Try using SSL, proceed as normal otherwise.
curl_setopt($ch, CURLOPT_FTP_SSL, CURLFTPSSL_TRY);
//Sets the username and password to use for the connection.
curl_setopt($ch, CURLOPT_USERPWD, 'florinsteaua:florinsteaua');
//Sets the SSL version
curl_setopt($ch, CURLOPT_SSLVERSION, 3);
//end SSL
curl_setopt($ch, CURLOPT_INFILESIZE, filesize($localfile));
curl_exec ($ch);
$error_no = curl_errno($ch);
$error_msg = curl_error($ch);
if ($error_no == 0) {
$error = 'File uploaded succesfully.';
} else {
$error = 'File upload error.';
}
}
echo $error;
curl_close ($ch);
}
?>
The output is the same as the for above application, in the Figure 5.
PHP Data Transfer via FILE with Libcurl
URL (Uniform Resource Locator) File Protocol is the browser-standard scheme used for accessing files on a local computer. The URL should start with “file://” followed either by the host name of the local computer, “localhost” or void. In the next application you will see a simple example of using the FILE protocol:
<?php
// Initialize session and set URL.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'file:///D:/Apache2.2/htdocs/php/cURL_protocols/FILE.txt');
// Set so curl_exec returns the result instead of outputting it.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Get the response and close the channel.
$response = curl_exec($ch);
echo $response;
curl_close($ch);
?>
The output is:
Click here for larger image
Figure6. Using the FILE protocol
PHP Data Transfer via HTTP with Libcurl
The Hypertext Transfer Protocol (HTTP) represents the foundation of data communication for the World Wide Web and a networking protocol for distributed, collaborative, hypermedia information systems. An HTTP session represents a sequence of network request-response transactions, most used to access information on the Internet. The HTTP protocol is a text one and is the implicit protocol for the World Wide Web (WWW). An HTTP client initiates a request, it establishes a Transmission Control Protocol (TCP) connection to a particular port on a host (typically port 80; see List of TCP and UDP port numbers). An HTTP server listening on that port waits for a client’s request message. Upon receiving the request, the server sends back a status line, such as “HTTP/1.1 200 OK”, and a message of its own, the body of which is perhaps the requested resource, an error message, or some other information.
Next, is a simple application uses basic cURL option set to handle an HTTP session:
<?php
//Initializes a new session and return a cURL handle for use with the curl_setopt(), curl_exec() and curl_close() functions
$curl = curl_init();
//Sets an option on the given cURL session handle like url, timeout, return transfer
curl_setopt($curl, CURLOPT_URL, 'http://www.google.ro');
curl_setopt($curl, CURLOPT_TIMEOUT, 30);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
// Execute the given cURL session (get the content of the url and put it into the output variable)
$output = curl_exec($curl);
// Outputs the result
echo $output;
// Print the curl info like http response code, content type etc.
// print_r (curl_getinfo($curl));
// close the curl handle to free system resources
curl_close($curl);
?>
The output for the listing is:
Click here for larger image
Figure 7. Outputting a simple HTTP session using cURL
PHP Data Transfer via HTTPS with Libcurl
Hypertext Transfer Protocol Secure (HTTPS) represents a combination of the Hypertext Transfer Protocol (HTTP) with SSL/TLS protocol that provides encrypted communication and secure identification of a network web server.
The below PHP script try to initialize an HTTPS session using two methods. One that doesn’t verify the peer’s certificate, and obviously not a safe one, by setting the false value (
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
) and one that checks the peer certificate, verify the host and then checks the certificate used to verify the peer. This certificate can be obtain from the restricted page like this: in the Tools menu of the browser (Mozilla Firefox in this case), choose the option Page Info -> Security Tab -> Details Tab -> View Certificate and select the certificate at the top of the hierarchy and then Export it into your corresponding folder to your application. I choose to put it together with my https.php script, also listed next:
Click here for larger image
Figure 8. The folder containing the certificate and the https.php
script
Listing https.php:
<?php
// Initialize session and set URL.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://encrypted.google.com/');
curl_setopt($ch, CURLOPT_TIMEOUT, 80);
// Set so curl_exec returns the result instead of outputting it.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Stops cURL from verifying the peer's certificate
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
//Sets the cURL to verify the peer's certificate
//curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
// 1 to check the existence of a common name in the SSL peer certificate.
//2 to check the existence of a common name and also verify that it matches the hostname provided.
//2 is the default value
//curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
//The name of a file holding one or more certificates to verify the peer with. This only makes sense when used in combination with CURLOPT_SSL_VERIFYPEER.
//curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "GTECyberTrustGlobalRoot.crt");
// Get the response and close the channel.
$response = curl_exec($ch);
echo $response;
print_r (curl_getinfo($ch));
curl_close($ch);
?>
The output is:
Click here for larger image
Figure 9. Using the HTTPS protocol to and also display the page info using the curl_getinfo
function
Conclusion
Over the article you have seen how to transfer data using various protocols, like FTP, FTPS, HTTP, HTTPS, FILE, and cURL.
About the Author
Octavia Andreea Anghel is a senior PHP developer currently working as a primary trainer for programming teams that participate at national and international software-development contests. She consults on developing educational projects at a national level. She is a coauthor of the book “XML Technologies: XML in Java” (Albastra, ISBN 978-973-650-210-1), for which she wrote the XML portions. In addition to PHP and XML, she’s interested in software architecture, web services, UML, and high-performance unit tests. to e-mail her.