Rev 180 | Blame | Compare with Previous | Last modification | View Log | RSS feed
<?phperror_reporting(-1);/*** AJAX Cross Domain (PHP) Proxy 0.8* Copyright (C) 2016 Iacovos Constantinou (https://github.com/softius)** This program is free software: you can redistribute it and/or modify* it under the terms of the GNU General Public License as published by* the Free Software Foundation, either version 3 of the License, or* (at your option) any later version.* This program is distributed in the hope that it will be useful,* but WITHOUT ANY WARRANTY; without even the implied warranty of* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the* GNU General Public License for more details.* You should have received a copy of the GNU General Public License* along with this program. If not, see <http://www.gnu.org/licenses/>.*//*** Enables or disables filtering for cross domain requests.* Recommended value: true*/define('CSAJAX_FILTERS', true);/*** If set to true, $valid_requests should hold only domains i.e. a.example.com, b.example.com, usethisdomain.com* If set to false, $valid_requests should hold the whole URL ( without the parameters ) i.e. http://example.com/this/is/long/url/* Recommended value: false (for security reasons - do not forget that anyone can access your proxy)*/define('CSAJAX_FILTER_DOMAIN', true);/*** Enables or disables Expect: 100-continue header. Some webservers don't* handle this header correctly.* Recommended value: false*/define('CSAJAX_SUPPRESS_EXPECT', false);/*** Set debugging to true to receive additional messages - really helpful on development*/define('CSAJAX_DEBUG', false);/*** A set of valid cross domain requests*/$valid_requests = array('api.ebay.com','open.api.ebay.com','secure.shippingapis.com','muna-trading.myshopify.com','svcs.ebay.com','api.discogs.com','onlinetools.ups.com');/*** Set extra multiple options for cURL* Could be used to define CURLOPT_SSL_VERIFYPEER & CURLOPT_SSL_VERIFYHOST for HTTPS* Also to overwrite any other options without changing the code* See http://php.net/manual/en/function.curl-setopt-array.php*/$curl_options = array(// CURLOPT_SSL_VERIFYPEER => false,// CURLOPT_SSL_VERIFYHOST => 2,CURLOPT_CONNECTTIMEOUT => 10,CURLOPT_TIMEOUT => 45);/*** Decode POST parameters after building the http array. Send Header X-DECODE-PARAMS*/$decodeFlag = false;/*** Do not decode X-Proxy-Url. Send Header X-LEAVE-ENCODED*/$leaveEncodedFlag = false;/* * * STOP EDITING HERE UNLESS YOU KNOW WHAT YOU ARE DOING * * */// identify request headers$request_headers = array( );foreach ($_SERVER as $key => $value) {if (strpos($key, 'HTTP_') === 0 || strpos($key, 'CONTENT_') === 0) {$headername = str_replace('_', ' ', str_replace('HTTP_', '', $key));$headername = str_replace(' ', '-', ucwords(strtolower($headername)));if (!in_array($headername, array( 'Host', 'X-Proxy-Url' ))) {if ($headername == "X-Authorization") {$headername = "Authorization";} else if ($headername == "X-Decode-Params") {$decodeFlag = true;continue;} else if ($headername == "X-Leave-Encoded") {$leaveEncodedFlag = true;continue;}$value = authReplace($value);$request_headers[] = "$headername: $value";}}}// identify request method, url and params$request_method = $_SERVER['REQUEST_METHOD'];if ('GET' == $request_method) {$request_params = $_GET;} elseif ('POST' == $request_method) {$request_params = $_POST;if (empty($request_params)) {$data = file_get_contents('php://input');if (!empty($data)) {$request_params = $data;}}} elseif ('PUT' == $request_method || 'DELETE' == $request_method) {$request_params = file_get_contents('php://input');} else {$request_params = null;}// Get URL from `csurl` in GET or POST data, before falling back to X-Proxy-URL header.if (isset($_REQUEST['csurl'])) {$request_url = urldecode($_REQUEST['csurl']);} elseif (isset($_SERVER['HTTP_X_PROXY_URL'])) {if ($leaveEncodedFlag) {$request_url = $_SERVER['HTTP_X_PROXY_URL'];} else {$request_url = urldecode($_SERVER['HTTP_X_PROXY_URL']);}} else {header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');header('Status: 404 Not Found');$_SERVER['REDIRECT_STATUS'] = 404;exit;}$request_url = authReplace($request_url);$p_request_url = parse_url($request_url);// csurl may exist in GET request methodsif (is_array($request_params) && array_key_exists('csurl', $request_params)) {unset($request_params['csurl']);}// ignore requests for proxy :)if (preg_match('!' . $_SERVER['SCRIPT_NAME'] . '!', $request_url) || empty($request_url) || count($p_request_url) == 1) {csajax_debug_message('Invalid request - make sure that csurl variable is not empty');exit;}// check against valid requestsif (CSAJAX_FILTERS) {$parsed = $p_request_url;if (CSAJAX_FILTER_DOMAIN) {if (!in_array($parsed['host'], $valid_requests)) {csajax_debug_message('Invalid domain - ' . $parsed['host'] . ' is not included in valid requests');exit;}} else {$check_url = isset($parsed['scheme']) ? $parsed['scheme'] . '://' : '';$check_url .= isset($parsed['user']) ? $parsed['user'] . ($parsed['pass'] ? ':' . $parsed['pass'] : '') . '@' : '';$check_url .= isset($parsed['host']) ? $parsed['host'] : '';$check_url .= isset($parsed['port']) ? ':' . $parsed['port'] : '';$check_url .= isset($parsed['path']) ? $parsed['path'] : '';if (!in_array($check_url, $valid_requests)) {csajax_debug_message('Invalid url - ' . $request_url . ' does not included in valid requests');exit;}}}// append query string for GET requestsif ($request_method == 'GET' && count($request_params) > 0 && (!array_key_exists('query', $p_request_url) || empty($p_request_url['query']))) {$request_url .= '?' . http_build_query($request_params);}// let the request begin$ch = curl_init($request_url);// Suppress Expect headerif (CSAJAX_SUPPRESS_EXPECT) {array_push($request_headers, 'Expect:');}curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers); // (re-)send headerscurl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // return responsecurl_setopt($ch, CURLOPT_HEADER, true); // enabled response headers// add data for POST, PUT or DELETE requestsif ('POST' == $request_method) {$post_data = is_array($request_params) ? http_build_query($request_params) : $request_params;$post_data = authReplace($post_data);curl_setopt($ch, CURLOPT_POST, true);if ($decodeFlag) {curl_setopt($ch, CURLOPT_POSTFIELDS, urldecode($post_data));} else {curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);}} elseif ('PUT' == $request_method || 'DELETE' == $request_method) {curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $request_method);curl_setopt($ch, CURLOPT_POSTFIELDS, $request_params);}// Set multiple options for curl according to configurationif (is_array($curl_options) && 0 <= count($curl_options)) {curl_setopt_array($ch, $curl_options);}// retrieve response (headers and content)$response = curl_exec($ch);if (curl_errno($ch)) {error_log("Curl error: " . curl_error($ch) . " (" . curl_errno($ch) . ")");header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');header('Status: 404 Not Found');$_SERVER['REDIRECT_STATUS'] = 404;exit;}curl_close($ch);// delete 100 Continue headers$delimiter = "\r\n\r\n"; // HTTP header delimiter// check if the 100 Continue header existswhile ( preg_match('#^HTTP/[0-9\\.]+\s+100\s+Continue#i',$response) ) {$tmp = explode($delimiter,$response,2); // grab the 100 Continue header$response = $tmp[1]; // update the response, purging the most recent 100 Continue header}// split response to header and contentlist($response_headers, $response_content) = array_pad(preg_split('/(\r\n){2}/', $response, 2), 2, "");// (re-)send the headers$response_headers = preg_split('/(\r\n){1}/', $response_headers);foreach ($response_headers as $key => $response_header) {// Rewrite the `Location` header, so clients will also use the proxy for redirects.if (preg_match('/^Location:/', $response_header)) {list($header, $value) = preg_split('/: /', $response_header, 2);$response_header = 'Location: ' . $_SERVER['REQUEST_URI'] . '?csurl=' . $value;}if (!preg_match('/^(Transfer-Encoding):/i', $response_header)) {header($response_header, false);}}// Debug File proxy.logif (true == CSAJAX_DEBUG) {$h = fopen("proxy.log", "a");fwrite($h, "Request URL: " . $request_url . "\n");fwrite($h, "Request Headers: " . print_r($request_headers, true));fwrite($h, "Request Method: " . $request_method . "\n");if ('POST' == $request_method) {fwrite($h, "Post Params: " . $post_data . "\n");} elseif ('PUT' == $request_method || 'DELETE' == $request_method) {fwrite($h, "Request Params: " . print_r($request_params, true) . "\n");}fwrite($h, "Return: " . $response . "\n");fwrite($h, "Response Headers: " . print_r($response_headers, true));fwrite($h, "Response Content: " . $response_content . "\n");fwrite($h, "\n");fclose($h);}// finally, output the contentecho $response_content;// insert authorizationfunction authReplace($str) {$str = str_replace('XxXRuNamexxxxxxxxxxxxxxxxxxxxxxx', 'Uwe_Jacobs-UweJacob-MUNATr-jwkrg', $str);$str = str_replace('XxXAppid', 'UweJacob-MUNATrad-PRD-d132041a0-85284729', $str);$str = str_replace('XxXDevid', '00fd6fda-3751-4095-b733-3899b20431ad', $str);$str = str_replace('XxXCertid', 'PRD-132041a078aa-1ee6-4300-9454-6c5b', $str);$str = str_replace('XxXDiscogsToken', 'zFvVdCdHTtQnDHCxEFTJiBhalyHFUsjdyFPCjbqP', $str);$str = str_replace('XxXUSPSUserId', '275MUNAT7574', $str);$str = str_replace('XxXShopifyApiKey', '41f0d3bf0e8e114496b198938996d9d8', $str);$str = str_replace('XxXShopifyPassword', 'f169694c488f45ccf187c92676765889', $str);$str = str_replace('XxXUPSAccessKey', 'DD53C5F37DF74D28', $str);$str = str_replace('XxXUPSUsername', 'muna_trading', $str);$str = str_replace('XxXUPSPassword', 'ZX83tbf!w7', $str);$str = str_replace('XxXAuthorization', base64_encode('UweJacob-MUNATrad-PRD-d132041a0-85284729' . ':' . 'PRD-132041a078aa-1ee6-4300-9454-6c5b'), $str);return($str);}function csajax_debug_message($message){if (true == CSAJAX_DEBUG) {print $message . PHP_EOL;}}