<?php /* The MIT License (MIT) Copyright (c) 2014 Oliver Mo

1. <?php
2. /*
3. The MIT License (MIT)
4.  
5. Copyright (c) 2014 Oliver Moran
6.  
7. Permission is hereby granted, free of charge, to any person obtaining a copy of
8. this software and associated documentation files (the "Software"), to deal in
9. the Software without restriction, including without limitation the rights to
10. use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
11. of the Software, and to permit persons to whom the Software is furnished to do
12. so, subject to the following conditions:
13.  
14. The above copyright notice and this permission notice shall be included in all
15. copies or substantial portions of the Software.
16.  
17. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21. LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23. SOFTWARE.
24. */
25.  
26. // Used to enable cross-domain AJAX calls.
27. // Example: index.php?url=http://www.example.org/resource.json
28.  
29. $url = $_REQUEST["url"];
30.  
31. if (substr ($url, 0, 7) != "http://"
32. && substr ($url, 0, 8) != "https://"
33. && substr ($url, 0, 6) != "ftp://") {
34. // NB: only absolute URLs are allowed -
35. // otherwise the script could be used to access local-to-file system files
36. die("ERROR: The argument 'url' must be an absolute URL beginning with 'http://', 'https://', or 'ftp://'.");
37. }
38.  
39. // temporarily override CURLs user agent with the user's own
40. ini_set("user_agent", $_SERVER['HTTP_USER_AGENT']);
41.  
42. // enable access from all domains
43. enable_cors();
44.  
45. switch ($_SERVER["REQUEST_METHOD"]) {
46. case "GET":
47. get($url);
48. break;
49. default:
50. post($url);
51. break;
52. }
53.  
54.  
55. // get the contents of the URL and echo the results
56. function get($url) {
57. if (substr ($url, 0, 8) == "https://") {
58. echo getSSL($url);
59. } else {
60. echo file_get_contents($url);
61. }
62. }
63.  
64. // gets over HTTPS
65. function getSSL($url) {
66. $ch = curl_init();
67. curl_setopt($ch, CURLOPT_HEADER, false);
68. curl_setopt($ch, CURLOPT_URL, $url);
69. curl_setopt($ch, CURLOPT_SSLVERSION,3);
70. $result = curl_exec($ch);
71. curl_close($ch);
72. return $result[0];
73. }
74.  
75. // post (or put or delete?) the encoded form to the URL and echo the results
76. function post($url) {
77. $postdata = http_build_query(
78. array()
79. );
80.  
81. $opts = array('http' =>
82. array(
83. 'method' => $_SERVER['REQUEST_METHOD'],
84. 'header' => 'Content-type: application/x-www-form-urlencoded',
85. 'content' => $postdata
86. )
87. );
88.  
89. $context = stream_context_create($opts);
90.  
91. // get the contents of the external URL and echo it
92. echo file_get_contents($url, false, $context);
93. }
94.  
95. /**
96. * An example CORS-compliant method. It will allow any GET, POST, or OPTIONS requests from any
97. * origin.
98. *
99. * In a production environment, you probably want to be more restrictive, but this gives you
100. * the general idea of what is involved. For the nitty-gritty low-down, read:
101. *
102. * - https://developer.mozilla.org/en/HTTP_access_control
103. * - http://www.w3.org/TR/cors/
104. *
105. */
106. function enable_cors() {
107. // Allow from any origin
108. if (isset($_SERVER['HTTP_ORIGIN'])) {
109. header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
110. header('Access-Control-Allow-Credentials: true');;
111. header('Access-Control-Max-Age: 86400'); // cache for 1 day
112. } else {
113. header("Access-Control-Allow-Origin: *");
114. header('Access-Control-Allow-Credentials: true');;
115. header('Access-Control-Max-Age: 86400'); // cache for 1 day
116. }
117.  
118. // Access-Control headers are received during OPTIONS requests
119. if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
120.  
121. if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
122. header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
123.  
124. if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
125. header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
126.  
127. exit(0);
128. }
129. }
130. ?>
131.  
132. <!DOCTYPE html>
133. <html>
134.  
135. <head>
136.  
137. <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
138.  
139. <script>
140. $(document).ready(function(){
141. $( "#result" ).load( "http://mywebsite.com/proxy.php?url=https://externalwebsite.com/index.php" );
142. });
143. </script>
144.  
145. </head>
146.  
147. <body>
148.  
149. <h1> Test Page Index </h1>
150.  
151. <div id="result"></div>
152.  
153. </body>
154.  
155. </html>
156.  
157. $username = myusername;
158. $password = mypassword;
159. curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
160.  
161. <!DOCTYPE html>
162. <html>
163.  
164. <head>
165.  
166. <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
167.  
168. <script>
169. $(document).ready(function(){
170. $( "#result" ).load( "http://mywebsite.com/corsproxy.php?url=http://google.com" );
171. });
172. </script>
173.  
174. </head>
175.  
176. <body>
177.  
178. <h1> Test Page Index </h1>
179.  
180. <div id="result"></div>
181.  
182. </body>
183.  
184. </html>