Subversion Repositories munaweb

<?php

error_reporting(-1);

/**

 * AJAX Cross Domain (PHP) Proxy 0.8

 * Copyright (C) 2016 Iacovos Constantinou (https://github.com/softius)

 *

 * This program is free software: you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation, either version 3 of the License, or

 * (at your option) any later version.

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

 * GNU General Public License for more details.

 * You should have received a copy of the GNU General Public License

 * along with this program. If not, see <http://www.gnu.org/licenses/>.

 */

/**

 * Enables or disables filtering for cross domain requests.

 * Recommended value: true

 */

define('CSAJAX_FILTERS', true);

/**

 * If set to true, $valid_requests should hold only domains i.e. a.example.com, b.example.com, usethisdomain.com

 * If set to false, $valid_requests should hold the whole URL ( without the parameters ) i.e. http://example.com/this/is/long/url/

 * Recommended value: false (for security reasons - do not forget that anyone can access your proxy)

 */

define('CSAJAX_FILTER_DOMAIN', true);

/**

 * Enables or disables Expect: 100-continue header. Some webservers don't

 * handle this header correctly.

 * Recommended value: false

 */

define('CSAJAX_SUPPRESS_EXPECT', false);

/**

 * Set debugging to true to receive additional messages - really helpful on development

 */

define('CSAJAX_DEBUG', false);

/**

 * A set of valid cross domain requests

 */

$valid_requests = array(

		'api.ebay.com',

		'open.api.ebay.com',

		'secure.shippingapis.com',

		'muna-trading.myshopify.com',

		'svcs.ebay.com',

		'api.discogs.com',

		'onlinetools.ups.com'

);

/**

 * Set extra multiple options for cURL

 * Could be used to define CURLOPT_SSL_VERIFYPEER & CURLOPT_SSL_VERIFYHOST for HTTPS

 * Also to overwrite any other options without changing the code

 * See http://php.net/manual/en/function.curl-setopt-array.php

 */

$curl_options = array(

    // CURLOPT_SSL_VERIFYPEER => false,

    // CURLOPT_SSL_VERIFYHOST => 2,

	CURLOPT_CONNECTTIMEOUT => 5,

	CURLOPT_TIMEOUT => 30

);

/**

 * Decode POST parameters after building the http array. Send Header X-DECODE-PARAMS

 */

$decodeFlag = false;

/**

 * Do not decode X-Proxy-Url. Send Header X-LEAVE-ENCODED

 */

$leaveEncodedFlag = false;

/* * * STOP EDITING HERE UNLESS YOU KNOW WHAT YOU ARE DOING * * */

// identify request headers

$request_headers = array( );

foreach ($_SERVER as $key => $value) {

    if (strpos($key, 'HTTP_') === 0  ||  strpos($key, 'CONTENT_') === 0) {

        $headername = str_replace('_', ' ', str_replace('HTTP_', '', $key));

        $headername = str_replace(' ', '-', ucwords(strtolower($headername)));

        if (!in_array($headername, array( 'Host', 'X-Proxy-Url' ))) {

        	if ($headername == "X-Authorization") {

        		$headername = "Authorization";

        	} else if ($headername == "X-Decode-Params") {

                $decodeFlag = true;

                continue;

        	} else if ($headername == "X-Leave-Encoded") {

                $leaveEncodedFlag = true;

                continue;

        	}

            $value = authReplace($value);

            $request_headers[] = "$headername: $value";

        }

    }

}

// identify request method, url and params

$request_method = $_SERVER['REQUEST_METHOD'];

if ('GET' == $request_method) {

    $request_params = $_GET;

} elseif ('POST' == $request_method) {

    $request_params = $_POST;

    if (empty($request_params)) {

        $data = file_get_contents('php://input');

        if (!empty($data)) {

            $request_params = $data;

        }

    }

} elseif ('PUT' == $request_method || 'DELETE' == $request_method) {

    $request_params = file_get_contents('php://input');

} else {

    $request_params = null;

}

// Get URL from `csurl` in GET or POST data, before falling back to X-Proxy-URL header.

if (isset($_REQUEST['csurl'])) {

    $request_url = urldecode($_REQUEST['csurl']);

} elseif (isset($_SERVER['HTTP_X_PROXY_URL'])) {

    if ($leaveEncodedFlag) {

        $request_url = $_SERVER['HTTP_X_PROXY_URL'];

    } else {

        $request_url = urldecode($_SERVER['HTTP_X_PROXY_URL']);

    }

} else {

    header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');

    header('Status: 404 Not Found');

    $_SERVER['REDIRECT_STATUS'] = 404;

    exit;

}

$request_url = authReplace($request_url);

$p_request_url = parse_url($request_url);

// csurl may exist in GET request methods

if (is_array($request_params) && array_key_exists('csurl', $request_params)) {

    unset($request_params['csurl']);

}

// ignore requests for proxy :)

if (preg_match('!' . $_SERVER['SCRIPT_NAME'] . '!', $request_url) || empty($request_url) || count($p_request_url) == 1) {

    csajax_debug_message('Invalid request - make sure that csurl variable is not empty');

    exit;

}

// check against valid requests

if (CSAJAX_FILTERS) {

    $parsed = $p_request_url;

    if (CSAJAX_FILTER_DOMAIN) {

        if (!in_array($parsed['host'], $valid_requests)) {

            csajax_debug_message('Invalid domain - ' . $parsed['host'] . ' is not included in valid requests');

            exit;

        }

    } else {

        $check_url = isset($parsed['scheme']) ? $parsed['scheme'] . '://' : '';

        $check_url .= isset($parsed['user']) ? $parsed['user'] . ($parsed['pass'] ? ':' . $parsed['pass'] : '') . '@' : '';

        $check_url .= isset($parsed['host']) ? $parsed['host'] : '';

        $check_url .= isset($parsed['port']) ? ':' . $parsed['port'] : '';

        $check_url .= isset($parsed['path']) ? $parsed['path'] : '';

        if (!in_array($check_url, $valid_requests)) {

            csajax_debug_message('Invalid url - ' . $request_url . ' does not included in valid requests');

            exit;

        }

    }

}

// append query string for GET requests

if ($request_method == 'GET' && count($request_params) > 0 && (!array_key_exists('query', $p_request_url) || empty($p_request_url['query']))) {

    $request_url .= '?' . http_build_query($request_params);

}

// let the request begin

$ch = curl_init($request_url);

// Suppress Expect header

if (CSAJAX_SUPPRESS_EXPECT) {

    array_push($request_headers, 'Expect:');

}

curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers);   // (re-)send headers

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);     // return response

curl_setopt($ch, CURLOPT_HEADER, true);       // enabled response headers

// add data for POST, PUT or DELETE requests

if ('POST' == $request_method) {

    $post_data = is_array($request_params) ? http_build_query($request_params) : $request_params;

    $post_data = authReplace($post_data);

    curl_setopt($ch, CURLOPT_POST, true);

    if ($decodeFlag) {

      curl_setopt($ch, CURLOPT_POSTFIELDS, urldecode($post_data));

    } else {

      curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);

    }

} elseif ('PUT' == $request_method || 'DELETE' == $request_method) {

    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $request_method);

    curl_setopt($ch, CURLOPT_POSTFIELDS, $request_params);

}

// Set multiple options for curl according to configuration

if (is_array($curl_options) && 0 <= count($curl_options)) {

    curl_setopt_array($ch, $curl_options);

}

// retrieve response (headers and content)

$response = curl_exec($ch);

if (curl_errno($ch)) {

    error_log("Curl error: " . curl_error($ch) . " (" . curl_error($ch) . ")");

    header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');

    header('Status: 404 Not Found');

    $_SERVER['REDIRECT_STATUS'] = 404;

    exit;

}

curl_close($ch);

// delete 100 Continue headers

$delimiter = "\r\n\r\n"; // HTTP header delimiter

// check if the 100 Continue header exists

while ( preg_match('#^HTTP/[0-9\\.]+\s+100\s+Continue#i',$response) ) {

    $tmp = explode($delimiter,$response,2); // grab the 100 Continue header

    $response = $tmp[1]; // update the response, purging the most recent 100 Continue header

}

// split response to header and content

list($response_headers, $response_content) = array_pad(preg_split('/(\r\n){2}/', $response, 2), 2, "");

// (re-)send the headers

$response_headers = preg_split('/(\r\n){1}/', $response_headers);

foreach ($response_headers as $key => $response_header) {

    // Rewrite the `Location` header, so clients will also use the proxy for redirects.

    if (preg_match('/^Location:/', $response_header)) {

        list($header, $value) = preg_split('/: /', $response_header, 2);

        $response_header = 'Location: ' . $_SERVER['REQUEST_URI'] . '?csurl=' . $value;

    }

    if (!preg_match('/^(Transfer-Encoding):/i', $response_header)) {

        header($response_header, false);

    }

}

// Debug File proxy.log

if (true == CSAJAX_DEBUG) {

  $h = fopen("proxy.log", "a");

  fwrite($h, "Request URL: " . $request_url . "\n");

  fwrite($h, "Request Headers: " . print_r($request_headers, true));

  fwrite($h, "Request Method: " . $request_method . "\n");

  if ('POST' == $request_method) {

    fwrite($h, "Post Params: " . $post_data . "\n");

  } elseif ('PUT' == $request_method || 'DELETE' == $request_method) {

    fwrite($h, "Request Params: " . print_r($request_params, true) . "\n");

  }

  fwrite($h, "Return: " . $response . "\n");

  fwrite($h, "Response Headers: " . print_r($response_headers, true));

  fwrite($h, "Response Content: " . $response_content . "\n");

  fwrite($h, "\n");

  fclose($h);

}

// finally, output the content

echo $response_content;

// insert authorization

function authReplace($str) {

    $str = str_replace('XxXRuNamexxxxxxxxxxxxxxxxxxxxxxx', 'Uwe_Jacobs-UweJacob-MUNATr-jwkrg', $str);

    $str = str_replace('XxXAppid', 'UweJacob-MUNATrad-PRD-d132041a0-85284729', $str);

    $str = str_replace('XxXDevid', '00fd6fda-3751-4095-b733-3899b20431ad', $str);

    $str = str_replace('XxXCertid', 'PRD-132041a078aa-1ee6-4300-9454-6c5b', $str);

    $str = str_replace('XxXDiscogsToken', 'zFvVdCdHTtQnDHCxEFTJiBhalyHFUsjdyFPCjbqP', $str);

    $str = str_replace('XxXUSPSUserId', '275MUNAT7574', $str);

    $str = str_replace('XxXShopifyApiKey', '41f0d3bf0e8e114496b198938996d9d8', $str);

    $str = str_replace('XxXShopifyPassword', 'f169694c488f45ccf187c92676765889', $str);

    $str = str_replace('XxXUPSAccessKey', 'DD53C5F37DF74D28', $str);

    $str = str_replace('XxXUPSUsername', 'muna_trading', $str);

    $str = str_replace('XxXUPSPassword', 'ZX83tbf!w7', $str);

    $str = str_replace('XxXAuthorization', base64_encode('UweJacob-MUNATrad-PRD-d132041a0-85284729' . ':' . 'PRD-132041a078aa-1ee6-4300-9454-6c5b'), $str);

    return($str);

}

function csajax_debug_message($message)

{

    if (true == CSAJAX_DEBUG) {

        print $message . PHP_EOL;

    }

}