Quote:
Originally Posted by pizzahut
This quick fix by Master works, though I later found out that https is possible using fsockopen as well. Also, there is no error checking done in the quick fix.
So you can use this, but it's probably better to continue using fsockopen instead, just with SSL as described in the docu linked above.
|
Quote:
Originally Posted by Phorce_Phed
Simply changing this line inside the "fetchpage" function:
Code:
$fsock=fsockopen($domain, 80, $errno, $errstr,2);
To this:
Code:
$fsock=fsockopen("ssl://".$domain, 443, $errno, $errstr,2);
Seemed to work, for me.
|
DO NOT simply do fsockopen on SSL!
CURL will verify the SSL certificate is valid and trusted, etc. fsockopen WILL NOT validate anything in relation to the certificate at all.
Using fsockopen is literally the same as blindly accepting all certificate and server configuration errors, like the one you see if you open
last-time-i-checked-this-certificate-expired.darkserv.net, - without any hesitation.
Since the certificate validation is gone, someone can very easily hijack steamcommunity.com and point your network/servers towards a fake steamcommunity.com, that provides incorrect information to your HLstatsX.. You'll never know if you wake up some day, and see your HLstatsX installation is presenting pictures advertising someone else's gaming community, adult material, or anything else...
Doing things the right way takes so little effort, but is often forgotten, when people have the chance to cut corners by adding/changing ~6 characters rather than adding/modifying a few lines...
__________________