Announcement

Collapse
No announcement yet.

TCP Fail

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Modified post #15 to use the correct Jose Roca include file "msxml.inc" and got rid of win32api.inc.
    I believe there is a demo using WinInet by Pierre Bellise (searching.)

    I think it is this: post #13
    https://forum.powerbasic.com/forum/u...-ssl-supported
    How long is an idea? Write it down.

    Comment


    • #22
      More and more site providers are enforcing HTTPS, they probably are redirecting HTTP requests to HTTPS, your TCP code does not handle the HTTPS and all the certificate handshaking. (SSL)

      There is various ways the redirecting is achieved, and it may be out of your control.

      Don't fight it, start doing it the HTTPS way.

      For equivalent code for Post#1

      '
      Code:
      #COMPILE EXE
      #DIM ALL
      
      FUNCTION PBMAIN () AS LONG
      
      ? GetHTTPsfromWEB ("http://www.garybeene.com/files/gbsnippets.ver")
      
      END FUNCTION
      
      
      #INCLUDE ONCE "httprequest.inc"
      #INCLUDE ONCE "ole2utils.inc"
      '-----------------------------------------------
      FUNCTION GetHTTPsfromWEB (sFullURL AS STRING) AS STRING
      '-----------------------------------------------
      ' GetHTTPsfromWEB
      ' Opens an HTTP or HTTPS connection to an HTTP resource
      ' Usage     GetHTTPsfromWEB (sFullURL)
      ' Usage     GetHTTPsfromWEB ("https:/www.mydomain.com/whatever.html)
         LOCAL pWHttp AS IWinHttpRequest
         LOCAL buffer AS STRING
         LOCAL iSucceeded AS INTEGER
      
         ' Creates an instance of the HTTP service
         pWHttp = NEWCOM "WinHttp.WinHttpRequest.5.1"
      
         IF ISNOTHING(pWHttp) THEN EXIT FUNCTION
         TRY
            ' Opens an HTTP or HTTPS connection to an HTTP resource
            pWHttp.Open "GET", sFullURL
            ' Sends an HTTP request to the HTTP server
            pWHttp.Send
            ' Wait for response with a timeout of 5 seconds
            iSucceeded = pWHttp.WaitForResponse(5)
               buffer = pWHttp.Responsetext
         CATCH
            OleShowErrorInfo OBJRESULT
         END TRY
      FUNCTION = buffer
      END FUNCTION
      '-----------------------------------------------
      ' GetHTTPsfromWEB                            End
      '-----------------------------------------------
      '

      Comment


      • #23
        It is still TCP/IP. But PB's OPEN TCP plus the other PB TCP functions by themselves will not work. TCP OPEN does OSI model layers 3 and 4 for you. The security is in addition to that.

        If WinInet will take care of that … then GREAT! It would be the additional something.

        Again I did not say TCP didn't work. TCP/IP is a networking protocol. WinInet or SocketTools use TCP/IP. They do the security protocols between opening a port and sending/receiving data.

        Raymond, does Sockettools open the port so you don't use PB's TCP OPEN?

        Michael Rice, I did say he could roll his own. It would be a HUGE project. Probably not a realistic amount of effort for the job Gary is working on.

        Gary, I still recommend first choice is getting ISP to reenable nonsecure HTTP

        Cheers,
        Dale

        Comment


        • #24
          Good link in post 19
          Dale

          Comment


          • #25
            This works:

            Functions are found in WinInet.inc J. Roca includes.

            UrlDownloadToString has worked for me since OCT 2018.

            Code:
            '_________________________________________________________________
            '
            '   SUB  CheckTheInternet
            '_________________________________________________________________
            
            SUB CheckTheInternet
              LOCAL TS1 AS STRING
              LOCAL URL AS STRING
            
              URL = "https://www.google.com"
              '// invalidate cache, so file is always downloaded from web site
              '// (if not called, the file will be retieved from the cache if
              '// it's already been downloaded.)
              DeleteUrlCacheEntryA(URL + $NUL)
              CALL UrlDownloadToString( URL, TS1 )
              if instr(TS1, "Google") > 0 then
                  ? TS1
                  giInternet = 1
                  EXIT SUB
              else
                  giInternet = 0
                  EXIT SUB
              end if                
            
            END SUB
            From Semen Matusovski 26 NOV 2004 AKA readfilefromhttp found here
            or Steve Bouffe's 8 NOV 2010 extraction found here.

            Code:
            FUNCTION UrlDownloadToString( szurl AS STRING, szbuf AS STRING ) AS LONG
            
                DIM BytesRead        AS LOCAL LONG
                DIM er               AS LOCAL LONG
                DIM hfile            AS LOCAL LONG
                DIM hInternetSession AS LOCAL DWORD
                DIM lbuf             AS LOCAL LONG
                DIM szTmp            AS LOCAL STRING
                DIM szTmpBuf         AS LOCAL STRING
            
                DO
            
                    hInternetSession = InternetOpenA( "pb/win 10.04.0108", %INTERNET_OPEN_TYPE_PRECONFIG, BYVAL 0, BYVAL 0, 0 )
            
                    IF hInternetSession = 0 THEN
                        er = - 1
                        EXIT DO
                    END IF
            
                    szTmp = "pragma: no-cache"
            
                    hfile = InternetOpenUrlA( hInternetSession, BYVAL STRPTR( szurl ), _
                     BYVAL STRPTR( szTmp ), BYVAL LEN( szTmp ), %INTERNET_FLAG_PRAGMA_NOCACHE OR _
                     %INTERNET_FLAG_NO_CACHE_WRITE OR %INTERNET_FLAG_RELOAD, 0 )
            
                    IF hfile = 0 THEN
                        er = - 1
                        EXIT DO
                    END IF
            
                    szbuf = SPACE$( %http_blocksize )
            
                    DO
            
                        IF InternetReadFile( hfile, BYVAL STRPTR( szbuf ), %http_blocksize, BYREF lbuf ) = 0 THEN
                            er = - 1
                            EXIT DO
                        END IF
            
                        IF lbuf = 0 THEN
                            EXIT DO
                        END IF
            
                        IF LEN( szTmpBuf ) <( lbuf + BytesRead ) THEN
            
                            IF LEN( szTmpBuf ) = 0 THEN
                                szTmpBuf = SPACE$( &h100000 )
                            ELSE
                                szTmpBuf = szTmpBuf + szTmpBuf
                            END IF
            
                        END IF
            
                        MID$( szTmpBuf, BytesRead + 1, lbuf ) = LEFT$( szbuf, lbuf )
            
                        BytesRead = BytesRead + lbuf
            
                    LOOP
            
                    EXIT DO
            
                LOOP
            
                IF hfile THEN
                    InternetCloseHandle hfile
                end if
            
                IF hInternetSession THEN
                    InternetCloseHandle hInternetSession
                end if
            
                IF er THEN
                    FUNCTION = er
                    BytesRead = 0
                end if
            
                szbuf = LEFT$( szTmpBuf, BytesRead )
            
            END FUNCTION
            Last edited by Jim Fritts; 1 Jul 2020, 09:42 PM.

            Comment


            • #26
              Gary,

              Glad you have added certificate!
              Also, hopefully you never ever use FTP (password is in plain text.)

              If you absolutely don't want to route http to https can probably be done by modifying a line in your .htaccess file.
              See internet for examples or have isp do it.
              Many links and I am not suggesting to do it. First that popped up on a search: https://www.freecodecamp.org/news/ho...sing-htaccess/

              It will look something like this and some on this site know how to edit it.
              RewriteEngine On

              RewriteCond %{HTTPS} off
              RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


              Tested garybeene.com using IP address on port 80 to see if it was routed.
              Also tested http: https: www. All routed.

              See Jim Fritts, post #25 this is post #26 for more code and links. Nice.
              Noticed they all don't have code to delete the cache (maybe the pragma flag takes care of that.)
              Do any of them support using password protected directories? I'll be checking them out. Thank you.

              Venting:
              I may go back to standard certificate from EV since browsers quit notifiying users with a green address bar.
              I doubt they are any more secure and the process and expense may no longer be of value.
              How long is an idea? Write it down.

              Comment


              • #27
                Code:
                    %INTERNET_FLAG_PRAGMA_NOCACHE 0x00000100
                    Forces the request to be resolved by the origin server, even if a 
                    cached copy exists on the proxy.
                
                    %INTERNET_FLAG_NO_CACHE_WRITE 0x04000000
                    Does not add the returned entity to the cache. 
                
                    %INTERNET_FLAG_RELOAD 0x80000000
                    Forces a download of the requested file, object, or directory listing 
                    from the origin server, not from the cache.

                Comment


                • #28
                  Howdy, Mike!

                  If you absolutely don't want to route http to https can probably be done by modifying a line in your .htaccess file.
                  See internet for examples or have isp do it.
                  I found out that my ISP recently moved my site from one server to another - corresponding to when the TCP failures began. I won't be surprised to find that some changes were made in the htaccess file, so your comment may apply.

                  I'm still unclear on the downside to the HTTP access option for downloading files. The files are there for anyone to see, so what benefit does forcing HTTPS provide?

                  Comment


                  • #29
                    Files could be modified by a man in the middle.
                    Man in the middle could route to there site.
                    Partial list:
                    https://us.norton.com/internetsecuri...le-attack.html
                    How long is an idea? Write it down.

                    Comment


                    • #30
                      Howdy Mike!

                      Thanks! Nice link.

                      Well, pooh! I have the better part of 200 free apps that I've released over the last decade, using the TCP code. As you can guess, I'm not wanting to change all of them!

                      How can I rationalize not forcing HTTPS access at my site? I've not had any reports of middle man attacks, but I'm probably just not a big enough target for potential attackers.

                      Comment


                      • #31
                        Originally posted by Dale Yarker View Post
                        Raymond, does Sockettools open the port so you don't use PB's TCP OPEN?
                        It replaces all the PB functions Dale. Also, I'm not aware that they can be commingled. You can see the HTTP function documentation for a rundown. Look at the Socketwrench for socket communications.

                        Comment


                        • #32
                          Originally posted by Gary Beene View Post
                          I'm still unclear on the downside to the HTTP access option for downloading files. The files are there for anyone to see, so what benefit does forcing HTTPS provide?
                          Basically, there is little or no downside to HTTP unless you are sharing confidential data.

                          The "man in the middle" bogeyman is blown out of all proportion, mainly by those with commercial interests in selling expensive certificates.

                          Comment


                          • #33
                            Thankyou Raymond. I didn't mislead Gary.
                            Dale

                            Comment


                            • #34
                              Gary, I am with you on not having a lot of https on my servers either except when i use a password.
                              On our servers, all I have to do throw a switch and all traffic goes from http to https.

                              On some of my php webpages, i add the following to convert http to https.
                              It is only because of the recent browsers HOLLERING that might the web site is not safe.
                              i really do not like those words the browsers are using to tell somebody my sight is not safe.

                              Code:
                              <?php
                              $redirect= false;
                                  if (!isset($_SERVER['HTTPS'])) {
                                      $redirect= true;
                                  } else {
                                      if ($_SERVER['HTTPS'] != "on")
                                          $redirect= true;
                                  }
                                  if ($redirect) {
                                      $url = "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
                                      header("HTTP/1.1 301 Moved Permanently");
                                      header("Location: ".$url); 
                                      exit();
                                  }
                              ?>
                              p purvis

                              Comment


                              • #35
                                Gary B,
                                I renamed .htaccess to .htaccessbackup using cpanel that comes with godaddy sites.
                                http and www no longer redirect to https.
                                It could be that simple for you.

                                Note: Be sure .htaccess is only used for redirect.
                                I'm assuming you have an Apache server or something using the same method.
                                Just rename .htaccessbackup to .htaccess to route http and www to https

                                If someone wants to download securely they go to https://garybeene.com

                                .htaccess tutorial and cheatsheet https://www.godaddy.com/garage/htacc...d-cheat-sheet/

                                If uncomfortatble with this, please contact isp or you may be blocking me forever.
                                How long is an idea? Write it down.

                                Comment

                                Working...
                                X