View Single Post
arne1288
Veteran Member
Join Date: Apr 2012
Old 04-23-2018 , 12:23   Re: Player avatars broken again?
Reply With Quote #6

Quote:
Originally Posted by pizzahut View Post
This quick fix by Master works, though I later found out that https is possible using fsockopen as well. Also, there is no error checking done in the quick fix.

So you can use this, but it's probably better to continue using fsockopen instead, just with SSL as described in the docu linked above.
Quote:
Originally Posted by Phorce_Phed View Post
Simply changing this line inside the "fetchpage" function:
Code:
$fsock=fsockopen($domain, 80, $errno, $errstr,2);
To this:
Code:
$fsock=fsockopen("ssl://".$domain, 443, $errno, $errstr,2);
Seemed to work, for me.
DO NOT simply do fsockopen on SSL!

CURL will verify the SSL certificate is valid and trusted, etc. fsockopen WILL NOT validate anything in relation to the certificate at all.

Using fsockopen is literally the same as blindly accepting all certificate and server configuration errors, like the one you see if you open last-time-i-checked-this-certificate-expired.darkserv.net, - without any hesitation.

Since the certificate validation is gone, someone can very easily hijack steamcommunity.com and point your network/servers towards a fake steamcommunity.com, that provides incorrect information to your HLstatsX.. You'll never know if you wake up some day, and see your HLstatsX installation is presenting pictures advertising someone else's gaming community, adult material, or anything else...

Doing things the right way takes so little effort, but is often forgotten, when people have the chance to cut corners by adding/changing ~6 characters rather than adding/modifying a few lines...
__________________
Mostly known as "DarkDeviL".

Dropbox FastDL: Public folder will no longer work after March 15, 2017!
For more info, see the [SRCDS Thread], or the [HLDS Thread]
arne1288 is offline