Forum und email

HTTP and HTTPS

PHP 3, PHP 4, PHP 5. https:// since PHP 4.3.0

  • https://example.com
  • https://example.com/file.php?var1=val1&var2=val2
  • https://user:[email protected]
  • https://example.com
  • https://example.com/file.php?var1=val1&var2=val2
  • https://user:[email protected]

Allows read-only access to files/resources via HTTP 1.0, using the HTTP GET method. A Host: header is sent with the request to handle name-based virtual hosts. If you have configured a user_agent string using your ini file or the stream context, it will also be included in the request.

Warning

When using SSL, Microsoft IIS will violate the protocol by closing the connection without sending a close_notify indicator. PHP will report this as "SSL: Fatal Protocol Error" when you reach the end of the data. To workaround this, you should lower your error_reporting level not to include warnings. PHP 4.3.7 and higher can detect buggy IIS server software when you open the stream using the https:// wrapper and will suppress the warning for you. If you are using fsockopen() to create an ssl:// socket, you are responsible for detecting and suppressing the warning yourself.

Redirects have been supported since PHP 4.0.5; if you are using an earlier version you will need to include trailing slashes in your URLs. If it's important to know the URL of the resource where your document came from (after all redirects have been processed), you'll need to process the series of response headers returned by the stream.

<?php
$url 
'https://www.example.com/redirecting_page.php';

$fp fopen($url'r');

/* Prior to PHP 4.3.0 use $http_response_header 
   instead of stream_get_meta_data() */
$meta_data stream_get_meta_data($fp);
foreach(
$meta_data['wrapper_data'] as $response) {

  
/* Were we redirected? */
  
if (substr(strtolower($response), 010) == 'location: ') {
    
/* update $url with where we were redirected to */
    
$url substr($response18);
  }

}

?>

Example#1 Fetch a page and send POST data

<?php

$postdata 
http_build_query(
    array(
        
'var1' => 'some content',
        
'var2' => 'doh'
    
)
);

$opts = array('http' =>
    array(
        
'method'  => 'POST',
        
'header'  => 'Content-type: application/x-www-form-urlencoded',
        
'content' => $postdata
    
)
);

$context  stream_context_create($opts);

$result file_get_contents('https://example.com/submit.php'false$context);

?>

The stream allows access to the body of the resource; the headers are stored in the $http_response_header variable. Since PHP 4.3.0, the headers are available using stream_get_meta_data().

HTTP connections are read-only; you cannot write data or copy files to an HTTP resource.

Note: HTTPS is supported starting from PHP 4.3.0, if you have compiled in support for OpenSSL.

Wrapper Summary
Attribute Supported
Restricted by allow_url_fopen Yes
Allows Reading Yes
Allows Writing No
Allows Appending No
Allows Simultaneous Reading and Writing N/A
Supports stat() No
Supports unlink() No
Supports rename() No
Supports mkdir() No
Supports rmdir() No

Context options
Name Usage Default
method GET, POST, or any other HTTP method supported by the remote server. GET
header Additional headers to be sent during request. Values in this option will override other values (such as User-agent:, Host:, and Authentication:).  
user_agent Value to send with User-Agent: header. This value will only be used if user-agent is not specified in the header context option above. php.ini setting: user_agent
content Additional data to be sent after the headers. Typically used with POST or PUT requests.  
proxy URI specifying address of proxy server. (e.g. tcp://proxy.example.com:5100). HTTPS proxying (through HTTP proxies) only works in PHP 5.1.0 or greater.  
request_fulluri When set to TRUE, the entire URI will be used when constructing the request. (i.e. GET https://www.example.com/path/to/file.html HTTP/1.0). While this is a non-standard request format, some proxy servers require it. FALSE
max_redirects The max number of redirects to follow. Value 1 or less means that no redirects are followed. Added in PHP 5.1.0. 20
protocol_version HTTP protocol version. Added in PHP 5.1.0. 1.0
timeout Read timeout in seconds, specified by a float (e.g. 10.5). Added in PHP 5.2.1. default_socket_timeout

Note: Underlying socket stream context options Additional context options may be supported by the underlying transport For https:// streams, refer to context options for the tcp:// transport. For https:// streams, refer to context options for the ssl:// transport.

Custom headers may be sent with an HTTP request prior to version 5 by taking advantage of a side-effect in the handling of the user_agent INI setting. Set user_agent to any valid string (such as the default PHP/version setting) followed by a carriage-return/line-feed pair and any additional headers. This method works in PHP 4 and all later versions.

Example#2 Sending custom headers with an HTTP request

<?php
ini_set
('user_agent'"PHP\r\nX-MyCustomHeader: Foo");

$fp fopen('https://www.example.com/index.php''r');
?>

Results in the following request being sent:

GET /index.php HTTP/1.0
Host: www.example.com
User-Agent: PHP
X-MyCustomHeader: Foo