Player avatars broken again?
Not running hlstatsx myself, but from what I've seen, Steam is now using https for the xml profile data. The function "fetchpage" in file "playerinfo_general.php" needs to be changed accordingly to retrieve the Steam avatar URL and online status.
Original "playerinfo_general.php": https://bitbucket.org/Maverick_of_UC...e-view-default Using curl: https://stackoverflow.com/questions/...-https-content Using fsockopen and fgets: http://php.net/manual/function.fsockopen.php#34887 http://php.net/manual/openssl.installation.php |
Re: Player avatars broken again?
Does anyone have a drop-in fix for this?
|
Re: Player avatars broken again?
Quote:
So you can use this, but it's probably better to continue using fsockopen instead, just with SSL as described in the docu linked above. As mentioned, I'm not running hlstatsx myself atm, so can't do any testing. You can comment out the original function using /* and */ . PHP Code:
|
Re: Player avatars broken again?
Quote:
|
Re: Player avatars broken again?
Simply changing this line inside the "fetchpage" function:
Code:
$fsock=fsockopen($domain, 80, $errno, $errstr,2); Code:
$fsock=fsockopen("ssl://".$domain, 443, $errno, $errstr,2); |
Re: Player avatars broken again?
Quote:
Quote:
CURL will verify the SSL certificate is valid and trusted, etc. fsockopen WILL NOT validate anything in relation to the certificate at all. Using fsockopen is literally the same as blindly accepting all certificate and server configuration errors, like the one you see if you open last-time-i-checked-this-certificate-expired.darkserv.net, - without any hesitation. Since the certificate validation is gone, someone can very easily hijack steamcommunity.com and point your network/servers towards a fake steamcommunity.com, that provides incorrect information to your HLstatsX.. You'll never know if you wake up some day, and see your HLstatsX installation is presenting pictures advertising someone else's gaming community, adult material, or anything else... Doing things the right way takes so little effort, but is often forgotten, when people have the chance to cut corners by adding/changing ~6 characters rather than adding/modifying a few lines... |
Re: Player avatars broken again?
I made a quick test with the page you mentioned and fsock:
Code:
php.exe ssl_test.php I'm not an expert at all. I just was curious. Maybe someone could explain that in more detail so that we can use the one-line fix without having to worry. Thanks in advance. Al |
Re: Player avatars broken again?
From http://php.net/manual/en/function.fsockopen.php#115405:
Quote:
|
Re: Player avatars broken again?
Quote:
Quote:
Code:
$ php ssl-fsockopen.php Code:
$ php ssl-fsockopen.php IF you have PHP 5.6 or higher, fsockopen will validate the certificates, and you can actually do the easy fix with no issues. Since fsockopen didn't do it in the past (e.g. below 5.6), I wasn't using fsockopen unless really necessary, "for security reasons". Seems like there is one good change here, that I actually missed among all the updates of PHP... |
Re: Player avatars broken again?
Thank you for the fix @pizzahut and @Phorce_Phed
|
All times are GMT -4. The time now is 22:15. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.