Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    318
    Rep Power
    1

    Filter Code Goes On Which Line ?


    Folks,

    Where on Mini Proxy, on which line, would I add the banned words filter code (the code which you see below) so that, when banned words are found on the proxied pages, then the banned words are substituted ?

    Mini Proxy is here:
    https://github.com/josh****/miniProx.../miniProxy.php

    (Replace the 4 asterisks in the link with "d", then "i", then "c" and finally "k", This forum is substituting the letters with asterisks thinking it is a banned word).

    Filter Code:

    PHP Code:
    <?php

    /*
    ERROR HANDLING
    */
    //declare(strict_types=1);
    ini_set('display_errors''1');
    ini_set('display_startup_errors''1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT);

    // 1). Set banned words.
    $banned_words = array("blow""nut""bull****");
    // 2). $curl is going to be data type curl resource.
    $curl curl_init();
    // 3). Set cURL options.
    curl_setopt($curlCURLOPT_URL'https://www.buzzfeed.com/mjs538/the-68-words-you-cant-say-on-tv?utm_term=.xlN0R1Go89#.pbdl8dYm3X');
    curl_setopt($curlCURLOPT_SSL_VERIFYPEERfalse);
    curl_setopt($curlCURLOPT_RETURNTRANSFERtrue );
    // 4). Run cURL (execute http request).
    $result curl_exec($curl);
    if (
    curl_errno($curl)) {
        echo 
    'Error:' curl_error($curl);
    }
    $response curl_getinfo$curl );
    if(
    $response['http_code'] == '200' )
    {
        
    $regex '/\b';     
        
    $regex .= implode('\b|\b'$banned_words);   
        
    $regex .= '\b/i'
        
    $substitute '****';
        
    $cleanresult preg_replace($regex$substitute$result);
        echo 
    $cleanresult;
    }
    curl_close($curl);
    ?>
    Last edited by UniqueIdeaMan; October 20th, 2017 at 08:25 AM.
  2. #2
  3. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,814
    Rep Power
    4536
    Oh look, your link doesn't work because of a bad word filter. This is a stupid idea.
    -- Cigars, whiskey and wild, wild women. --
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2016
    Posts
    103
    Rep Power
    65
    Filter Code Goes On Which Line ?
    We are not here to tell you where and how to put code together to accomplish something you want. If you need this level of support, go take a programming class at your local community collage, hire a tutor, or pay someone to write the code for you.
  6. #4
  7. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,814
    Rep Power
    4536
    Let's play this game, then. Line 315, after the response body is retrieved.

    Your turn.
    -- Cigars, whiskey and wild, wild women. --
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    318
    Rep Power
    1

    Question


    Originally Posted by Sepodati
    Let's play this game, then. Line 315, after the response body is retrieved.

    Your turn.
    Thanks man!
    I added this filter code:
    PHP Code:
    //SET THE BANNED WORDS.
    $banned_words = array("prick",****","bull****");

    //SUBSTITUTE THE BANNED WORDS ON PROXIED PAGE (CONTENT FILTERING).
    if(
    $responseInfo['http_code'] == '200' )
        {
         
            
    $regex = '/\b';      // The beginning of the regex string syntax
            
    $regex .= implode('\b|\b', $banned_words);      // joins all the banned words to the string with correct regex syntax
            
    $regex .= '\b/i';    // Adds ending to regex syntax. Final i makes it case insensitive
            
    $substitute = '****';
            
    $cleanresponse = preg_replace($regex$substitute$response);
            echo 
    $cleanresponse;
        } 
    After this as you suggested:

    $response = makeRequest($url);
    $rawResponseHeaders = $response["headers"];
    $responseBody = $response["body"];


    But, I get error:

    Notice: Undefined variable: responseInfo in C:\xampp\htdocs\proxy\browser_experimenting.php on line 304

    Never should have got that, as the variable is defined in line 169. (Maybe, it's within a condition. Hard to see as the original programmer made it messy).
    And so, I lowered my filter code another line. Below these:
    $response = makeRequest($url);
    $rawResponseHeaders = $response["headers"];
    $responseBody = $response["body"];
    $responseInfo = $response["responseInfo"];


    That way, my filter code is underneath the $responseInfo.
    However, this time more errors:

    Warning: preg_replace(): Compilation failed: nothing to repeat at offset 21 in C:\xampp\htdocs\proxy\\browser_experimenting.php on line 311

    Warning: preg_replace(): Compilation failed: nothing to repeat at offset 21 in C:\xampp\htdocs\proxy\\browser_experimenting.php on line 311

    Notice: Array to string conversion in C:\xampp\htdocs\proxy\\browser_experimenting.php on line 311

    Warning: preg_replace(): Compilation failed: nothing to repeat at offset 21 in C:\xampp\htdocs\proxy\\browser_experimenting.php on line 311

    Notice: Array to string conversion in C:\xampp\htdocs\proxy\browser_experimenting.php on line 312
    Array


    I do not understand hy the preg_replace is failing this time when it did not before.

    Anyway, earlier on, I placed my filter code on line 170 but no luck:
    //Set the request URL.
    curl_setopt($ch, CURLOPT_URL, $url);
    //Make the request.
    $response = curl_exec($ch);
    $responseInfo = curl_getinfo($ch);


    On many of my 3hrs experiments, I have been shifting the filter code on many lines and even changing the variable name but no luck.
    Changing this:

    PHP Code:
    //SET THE BANNED WORDS.
    $banned_words = array("Prick","****","***");

    //SUBSTITUTE THE BANNED WORDS ON PROXIED PAGE (CONTENT FILTERING).
    if($responseInfo['http_code'] == '200' )
        {
         
            
    $regex '/\b';      // The beginning of the regex string syntax
            
    $regex .= implode('\b|\b'$banned_words);      // joins all the banned words to the string with correct regex syntax
            
    $regex .= '\b/i';    // Adds ending to regex syntax. Final i makes it case insensitive
            
    $substitute '****';
            [
    B]$cleanresponse [/B]= preg_replace($regex$substitute$response);
            [
    B]echo $cleanresponse;[/B]
        } 
    to this:

    PHP Code:
    //SET THE BANNED WORDS.
    $banned_words = array("Prick","****","***");

    //SUBSTITUTE THE BANNED WORDS ON PROXIED PAGE (CONTENT FILTERING).
    if($responseInfo['http_code'] == '200' )
        {
         
            
    $regex '/\b';      // The beginning of the regex string syntax
            
    $regex .= implode('\b|\b'$banned_words);      // joins all the banned words to the string with correct regex syntax
            
    $regex .= '\b/i';    // Adds ending to regex syntax. Final i makes it case insensitive
            
    $substitute '****';
            [
    B]$url[/B] = preg_replace($regex$substitute$response);
            [
    B]echo $url;[/B]
        } 
    Sometimes, even removed the echoes when I saw the proxy showing duplicate of the page where when the top version was proxied with no content filtering and the bottom version unproxied with content filtering. And vice versa.

    PHP Code:
            [B]echo $cleanresponse;[/B
    PHP Code:
            [B]echo $url;[/B
    I reckon the answer lies in the filter code. I'm not doing it right. Any idea on how the filter should be coded ? Let's play this game. I tried a filter code. Now, it is your turn.
    Last edited by UniqueIdeaMan; October 20th, 2017 at 09:25 AM.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    318
    Rep Power
    1

    Question


    Here is my full modified code of the original Mini Proxy script:

    PHP Code:
    <?php

    /*
    miniProxy - A simple PHP web proxy. <https://github.com/josh****/
    miniProxy>
    Written and maintained by Joshua **** <http://josh****.net>.
    miniProxy is licensed under the GNU GPL v3 <http://www.gnu.org/licenses/gpl.html>.
    */
    /****************************** START CONFIGURATION ******************************/
    //To allow proxying any URL, set $whitelistPatterns to an empty array (the default).
    //To only allow proxying of specific URLs (whitelist), add corresponding regular expressions
    //to the $whitelistPatterns array. Enter the most specific patterns possible, to prevent possible abuse.
    //You can optionally use the "getHostnamePattern()" helper function to build a regular expression that
    //matches all URLs for a given hostname.
    $whitelistPatterns = array(
      
    //Usage example: To support any URL at example.net, including sub-domains, uncomment the
      //line below (which is equivalent to [ @^https?://([a-z0-9-]+\.)*example\.net@i ]):
      //getHostnamePattern("example.net")
    );
    //To enable CORS (cross-origin resource sharing) for proxied sites, set $forceCORS to true.
    $forceCORS false;
    //Set to false to report the client machine's IP address to proxied sites via the HTTP `x-forwarded-for` header.
    //Setting to false may improve compatibility with some sites, but also exposes more information about end users to proxied sites.
    $anonymize true;
    //Start/default URL that that will be proxied when miniProxy is first loaded in a browser/accessed directly with no URL to proxy.
    //If empty, miniProxy will show its own landing page.
    $startURL "";
    //When no $startURL is configured above, miniProxy will show its own landing page with a URL form field
    //and the configured example URL. The example URL appears in the instructional text on the miniProxy landing page,
    //and is proxied when pressing the 'Proxy It!' button on the landing page if its URL form is left blank.
    $landingExampleURL "https://example.net";
    /****************************** END CONFIGURATION ******************************/
    ob_start("ob_gzhandler");
    if (
    version_compare(PHP_VERSION"5.4.7""<")) {
        die(
    "miniProxy requires PHP version 5.4.7 or later.");
    }

    include 
    'config.php';
     
    // check if user is already logged in
    if (is_logged() === false
    {
        
    //Redirect user to homepage page after 2 seconds.
        
    header("refresh:2;url=login.php");
        exit;
    }
    else 
    {
        
    $user $_SESSION["user"];
    }

    if (!
    function_exists("curl_init")) die("miniProxy requires PHP's cURL extension. Please install/enable it on your server and try again.");
    //Helper function for use inside $whitelistPatterns.
    //Returns a regex that matches all HTTP[S] URLs for a given hostname.
    function getHostnamePattern($hostname) {
      
    $escapedHostname str_replace(".""\."$hostname);
      return 
    "@^https?://([a-z0-9-]+\.)*" $escapedHostname "@i";
    }
    //Helper function used to removes/unset keys from an associative array using case insensitive matching
    function removeKeys(&$assoc$keys2remove) {
      
    $keys array_keys($assoc);
      
    $map = array();
      
    $removedKeys = array();
      foreach (
    $keys as $key) {
        
    $map[strtolower($key)] = $key;
      }
      foreach (
    $keys2remove as $key) {
        
    $key strtolower($key);
        if (isset(
    $map[$key])) {
          unset(
    $assoc[$map[$key]]);
          
    $removedKeys[] = $map[$key];
        }
      }
      return 
    $removedKeys;
    }
    if (!
    function_exists("getallheaders")) {
      
    //Adapted from http://www.php.net/manual/en/function.getallheaders.php#99814
      
    function getallheaders() {
        
    $result = array();
        foreach(
    $_SERVER as $key => $value) {
          if (
    substr($key05) == "HTTP_") {
            
    $key str_replace(" ""-"ucwords(strtolower(str_replace("_"" "substr($key5)))));
            
    $result[$key] = $value;
          }
        }
        return 
    $result;
      }
    }
    $usingDefaultPort =  (!isset($_SERVER["HTTPS"]) && $_SERVER["SERVER_PORT"] === 80) || (isset($_SERVER["HTTPS"]) && $_SERVER["SERVER_PORT"] === 443);
    $prefixPort $usingDefaultPort "" ":" $_SERVER["SERVER_PORT"];
    //Use HTTP_HOST to support client-configured DNS (instead of SERVER_NAME), but remove the port if one is present
    $prefixHost $_SERVER["HTTP_HOST"];
    $prefixHost strpos($prefixHost":") ? implode(":"explode(":"$_SERVER["HTTP_HOST"], -1)) : $prefixHost;
    define("PROXY_PREFIX""http" . (isset($_SERVER["HTTPS"]) ? "s" "") . "://" $prefixHost $prefixPort $_SERVER["SCRIPT_NAME"] . "?");
    //Makes an HTTP request via cURL, using request data that was passed directly to this script.
    function makeRequest($url) {
      global 
    $anonymize;
      
    //Tell cURL to make the request using the brower's user-agent if there is one, or a fallback user-agent otherwise.
      
    $user_agent $_SERVER["HTTP_USER_AGENT"];
      if (empty(
    $user_agent)) {
        
    $user_agent "Mozilla/5.0 (compatible; miniProxy)";
      }
      
    $ch curl_init();
      
    //ADDED FAKE REFERRER AFTER curl_init().
      
    curl_setopt($chCURLOPT_REFERER'http://www.example.com/1');
      
    //FOLLOWING 2 LINES ARE ADDED TO ENABLE THE HTTPS PAGES TO BE PROXIED.
      
    curl_setopt($chCURLOPT_SSL_VERIFYPEER0);
      
    curl_setopt($chCURLOPT_SSL_VERIFYHOST0);
      
      
    curl_setopt($chCURLOPT_USERAGENT$user_agent);
      
    //Get ready to proxy the browser's request headers...
      
    $browserRequestHeaders getallheaders();
      
    //...but let cURL set some headers on its own.
      
    $removedHeaders removeKeys($browserRequestHeaders, array(
        
    "Accept-Encoding"//Throw away the browser's Accept-Encoding header if any and let cURL make the request using gzip if possible.
        
    "Content-Length",
        
    "Host",
        
    "Origin"
      
    ));
      
    array_change_key_case($removedHeadersCASE_LOWER);
      
    curl_setopt($chCURLOPT_ENCODING"");
      
    //Transform the associative array from getallheaders() into an
      //indexed array of header strings to be passed to cURL.
      
    $curlRequestHeaders = array();
      foreach (
    $browserRequestHeaders as $name => $value) {
        
    $curlRequestHeaders[] = $name ": " $value;
      }
      if (!
    $anonymize) {
        
    $curlRequestHeaders[] = "X-Forwarded-For: " $_SERVER["REMOTE_ADDR"];
      }
      
    //Any `origin` header sent by the browser will refer to the proxy itself.
      //If an `origin` header is present in the request, rewrite it to point to the correct origin.
      
    if (array_key_exists('origin'$removedHeaders)) {
        
    $urlParts parse_url($url);
        
    $port $urlParts['port'];
        
    $curlRequestHeaders[] = "Origin: " $urlParts['scheme'] . "://" $urlParts['host'] . (empty($port) ? "" ":" $port);
      };
      
    curl_setopt($chCURLOPT_HTTPHEADER$curlRequestHeaders);
          
      
    //Proxy any received GET/POST/PUT data.
      
    switch ($_SERVER["REQUEST_METHOD"]) {
        case 
    "POST":
          
    curl_setopt($chCURLOPT_POSTtrue);
          
    //For some reason, $HTTP_RAW_POST_DATA isn't working as documented at
          //http://php.net/manual/en/reserved.variables.httprawpostdata.php
          //but the php://input method works. This is likely to be flaky
          //across different server environments.
          //More info here: http://stackoverflow.com/questions/8899239/http-raw-post-data-not-being-populated-after-upgrade-to-php-5-3
          //If the miniProxyFormAction field appears in the POST data, remove it so the destination server doesn't receive it.
          
    $postData = Array();
          
    parse_str(file_get_contents("php://input"), $postData);
          if (isset(
    $postData["miniProxyFormAction"])) {
            unset(
    $postData["miniProxyFormAction"]);
          }
          
    curl_setopt($chCURLOPT_POSTFIELDShttp_build_query($postData));
        break;
        case 
    "PUT":
          
    curl_setopt($chCURLOPT_PUTtrue);
          
    curl_setopt($chCURLOPT_INFILEfopen("php://input""r"));
        break;
      }
      
    //Other cURL options.
      
    curl_setopt($chCURLOPT_HEADERtrue);
      
    curl_setopt($chCURLOPT_FOLLOWLOCATIONtrue);
      
    curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
      
    //Set the request URL.
      
    curl_setopt($chCURLOPT_URL$url);
      
    //Make the request.
      
    $response curl_exec($ch);
      
    $responseInfo curl_getinfo($ch);      
      
    $headerSize curl_getinfo($chCURLINFO_HEADER_SIZE);
      
    curl_close($ch);
      
    //Setting CURLOPT_HEADER to true above forces the response headers and body
      //to be output together--separate them.
      
    $responseHeaders substr($response0$headerSize);
      
    $responseBody substr($response$headerSize);
      return array(
    "headers" => $responseHeaders"body" => $responseBody"responseInfo" => $responseInfo);
    }
    //Converts relative URLs to absolute ones, given a base URL.
    //Modified version of code found at http://nashruddin.com/PHP_Script_for_Converting_Relative_to_Absolute_URL
    function rel2abs($rel$base) {
      if (empty(
    $rel)) $rel ".";
      if (
    parse_url($relPHP_URL_SCHEME) != "" || strpos($rel"//") === 0) return $rel//Return if already an absolute URL
      
    if ($rel[0] == "#" || $rel[0] == "?") return $base.$rel//Queries and anchors
      
    extract(parse_url($base)); //Parse base URL and convert to local variables: $scheme, $host, $path
      
    $path = isset($path) ? preg_replace("#/[^/]*$#"""$path) : "/"//Remove non-directory element from path
      
    if ($rel[0] == "/"$path ""//Destroy path if relative url points to root
      
    $port = isset($port) && $port != 80 ":" $port "";
      
    $auth "";
      if (isset(
    $user)) {
        
    $auth $user;
        if (isset(
    $pass)) {
          
    $auth .= ":" $pass;
        }
        
    $auth .= "@";
      }
      
    $abs "$auth$host$port$path/$rel"//Dirty absolute URL
      
    for ($n 1$n 0$abs preg_replace(array("#(/\.?/)#""#/(?!\.\.)[^/]+/\.\./#"), "/"$abs, -1$n)) {} //Replace '//' or '/./' or '/foo/../' with '/'
      
    return $scheme "://" $abs//Absolute URL is ready.
    }
    //Proxify contents of url() references in blocks of CSS text.
    function proxifyCSS($css$baseURL) {
      
    // Add a "url()" wrapper to any CSS @import rules that only specify a URL without the wrapper,
      // so that they're proxified when searching for "url()" wrappers below.
      
    $sourceLines explode("\n"$css);
      
    $normalizedLines = [];
      foreach (
    $sourceLines as $line) {
        if (
    preg_match("/@import\s+url/i"$line)) {
          
    $normalizedLines[] = $line;
        } else {
          
    $normalizedLines[] = preg_replace_callback(
            
    "/(@import\s+)([^;\s]+)([\s;])/i",
            function(
    $matches) use ($baseURL) {
              return 
    $matches[1] . "url(" $matches[2] . ")" $matches[3];
            },
            
    $line);
        }
      }
      
    $normalizedCSS implode("\n"$normalizedLines);
      return 
    preg_replace_callback(
        
    "/url\((.*?)\)/i",
        function(
    $matches) use ($baseURL) {
            
    $url $matches[1];
            
    //Remove any surrounding single or double quotes from the URL so it can be passed to rel2abs - the quotes are optional in CSS
            //Assume that if there is a leading quote then there should be a trailing quote, so just use trim() to remove them
            
    if (strpos($url"'") === 0) {
              
    $url trim($url"'");
            }
            if (
    strpos($url"\"") === 0) {
              
    $url trim($url"\"");
            }
            if (
    stripos($url"data:") === 0) return "url(" $url ")"//The URL isn't an HTTP URL but is actual binary data. Don't proxify it.
            
    return "url(" PROXY_PREFIX rel2abs($url$baseURL) . ")";
        },
        
    $normalizedCSS);
    }
    //Proxify "srcset" attributes (normally associated with <img> tags.)
    function proxifySrcset($srcset$baseURL) {
      
    $sources array_map("trim"explode(","$srcset)); //Split all contents by comma and trim each value
      
    $proxifiedSources array_map(function($source) use ($baseURL) {
        
    $components array_map("trim"str_split($sourcestrrpos($source" "))); //Split by last space and trim
        
    $components[0] = PROXY_PREFIX rel2abs(ltrim($components[0], "/"), $baseURL); //First component of the split source string should be an image URL; proxify it
        
    return implode($components" "); //Recombine the components into a single source
      
    }, $sources);
      
    $proxifiedSrcset implode(", "$proxifiedSources); //Recombine the sources into a single "srcset"
      
    return $proxifiedSrcset;
    }
    //Extract and sanitize the requested URL, handling cases where forms have been rewritten to point to the proxy.
    if (isset($_POST["miniProxyFormAction"])) {
      
    $url $_POST["miniProxyFormAction"];
      unset(
    $_POST["miniProxyFormAction"]);
    } else {
      
    $queryParams = Array();
      
    parse_str($_SERVER["QUERY_STRING"], $queryParams);
      
    //If the miniProxyFormAction field appears in the query string, make $url start with its value, and rebuild the the query string without it.
      
    if (isset($queryParams["miniProxyFormAction"])) {
        
    $formAction $queryParams["miniProxyFormAction"];
        unset(
    $queryParams["miniProxyFormAction"]);
        
    $url $formAction "?" http_build_query($queryParams);
      } else {
        
    $url substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]) + 1);
      }
    }
    if (empty(
    $url)) {
        if (empty(
    $startURL)) {
          die(
    "<html><head><title>miniProxy</title></head><body><h1>Welcome to miniProxy!</h1>miniProxy can be directly invoked like this: <a href=\"" PROXY_PREFIX $landingExampleURL "\">" PROXY_PREFIX $landingExampleURL "</a><br /><br />Or, you can simply enter a URL below:<br /><br /><form onsubmit=\"if (document.getElementById('site').value) { window.location.href='" PROXY_PREFIX "' + document.getElementById('site').value; return false; } else { window.location.href='" PROXY_PREFIX $landingExampleURL "'; return false; }\" autocomplete=\"off\"><input id=\"site\" type=\"text\" size=\"50\" /><input type=\"submit\" value=\"Proxy It!\" /></form></body></html>");
        } else {
          
    $url $startURL;
        }
    } else if (
    strpos($url":/") !== strpos($url"://")) {
        
    //Work around the fact that some web servers (e.g. IIS 8.5) change double slashes appearing in the URL to a single slash.
        //See https://github.com/josh****/miniProxy/pull/14
        
    $pos strpos($url":/");
        
    $url substr_replace($url"://"$posstrlen(":/"));
    }
    $scheme parse_url($urlPHP_URL_SCHEME);
    if (empty(
    $scheme)) {
      
    //Assume that any supplied URLs starting with // are HTTP URLs.
      
    if (strpos($url"//") === 0) {
        
    $url "http:" $url;
      }
    } else if (!
    preg_match("/^https?$/i"$scheme)) {
        die(
    'Error: Detected a "' $scheme '" URL. miniProxy exclusively supports http[s] URLs.');
    }
    //Validate the requested URL against the whitelist.
    $urlIsValid count($whitelistPatterns) === 0;
    foreach (
    $whitelistPatterns as $pattern) {
      if (
    preg_match($pattern$url)) {
        
    $urlIsValid true;
        break;
      }
    }
    if (!
    $urlIsValid) {
      die(
    "Error: The requested URL was disallowed by the server administrator.");
    }
    $response makeRequest($url);
    $rawResponseHeaders $response["headers"];
    $responseBody $response["body"];
    $responseInfo $response["responseInfo"];

    //SET THE BANNED WORDS.
    $banned_words = array("Prick","****","***");

    //SUBSTITUTE THE BANNED WORDS ON PROXIED PAGE (CONTENT FILTERING).
    if($responseInfo['http_code'] == '200' )
        {
         
            
    $regex '/\b';      // The beginning of the regex string syntax
            
    $regex .= implode('\b|\b'$banned_words);      // joins all the banned words to the string with correct regex syntax
            
    $regex .= '\b/i';    // Adds ending to regex syntax. Final i makes it case insensitive
            
    $substitute '****';
            
    $cleanresponse preg_replace($regex$substitute$response);
            echo 
    $cleanresponse;
        }
        
    //If CURLOPT_FOLLOWLOCATION landed the proxy at a diferent URL than
    //what was requested, explicitly redirect the proxy there.
    $responseURL $responseInfo["url"];
    if (
    $responseURL !== $url) {
      
    header("Location: " PROXY_PREFIX $responseURLtrue);
      exit(
    0);
    }
    //A regex that indicates which server response headers should be stripped out of the proxified response.
    $header_blacklist_pattern "/^Content-Length|^Transfer-Encoding|^Content-Encoding.*gzip/i";
    //cURL can make multiple requests internally (for example, if CURLOPT_FOLLOWLOCATION is enabled), and reports
    //headers for every request it makes. Only proxy the last set of received response headers,
    //corresponding to the final request made by cURL for any given call to makeRequest().
    $responseHeaderBlocks array_filter(explode("\r\n\r\n"$rawResponseHeaders));
    $lastHeaderBlock end($responseHeaderBlocks);
    $headerLines explode("\r\n"$lastHeaderBlock);
    foreach (
    $headerLines as $header) {
      
    $header trim($header);
      if (!
    preg_match($header_blacklist_pattern$header)) {
        
    header($headerfalse);
      }
    }
    //Prevent robots from indexing proxified pages
    header("X-Robots-Tag: noindex, nofollow"true);
    if (
    $forceCORS) {
      
    //This logic is based on code found at: http://stackoverflow.com/a/9866124/278810
      //CORS headers sent below may conflict with CORS headers from the original response,
      //so these headers are sent after the original response headers to ensure their values
      //are the ones that actually end up getting sent to the browser.
      //Explicit [ $replace = true ] is used for these headers even though this is PHP's default behavior.
      //Allow access from any origin.
      
    header("Access-Control-Allow-Origin: *"true);
      
    header("Access-Control-Allow-Credentials: true"true);
      
    //Handle CORS headers received during OPTIONS requests.
      
    if ($_SERVER["REQUEST_METHOD"] == "OPTIONS") {
        if (isset(
    $_SERVER["HTTP_ACCESS_CONTROL_REQUEST_METHOD"])) {
          
    header("Access-Control-Allow-Methods: GET, POST, OPTIONS"true);
        }
        if (isset(
    $_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"])) {
          
    header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}"true);
        }
        
    //No further action is needed for OPTIONS requests.
        
    exit(0);
      }
    }
    $contentType "";
    if (isset(
    $responseInfo["content_type"])) $contentType $responseInfo["content_type"];
    //This is presumably a web page, so attempt to proxify the DOM.
    if (stripos($contentType"text/html") !== false) {     
        
    //LOG THE PROXIED PAGE. DUMP THE CURRENT PAGE'S URL ONTO MYSQL DB.
    $conn mysqli_connect("localhost""root""""proxy");
    if (!
    $conn) {
    // message to use in development to see errors
    die("Database error : " mysqli_error($conn));
    // user friendly message
    // die("Database error.");
    exit();
    }

    $stmt mysqli_prepare($conn"INSERT INTO browsing_histories(ids,usernames,urls) VALUES (?, ?, ?)");
    mysqli_stmt_bind_param($stmt'iss'$id$user$url);
    mysqli_stmt_execute($stmt);
    if(
    $stmt)
    {
        echo 
    "Logging $url to db a success!";
    }
    else    
    {
        echo 
    "Logging $url to db a failure!";
    }

      
    //Attempt to normalize character encoding.
      
    $detectedEncoding mb_detect_encoding($responseBody"UTF-8, ISO-8859-1");
      if (
    $detectedEncoding) {
        
    $responseBody mb_convert_encoding($responseBody"HTML-ENTITIES"$detectedEncoding);
      }
      
    //Parse the DOM.
      
    $doc = new DomDocument();
      @
    $doc->loadHTML($responseBody);
      
    $xpath = new DOMXPath($doc);
      
    //Rewrite forms so that their actions point back to the proxy.
      
    foreach($xpath->query("//form") as $form) {
        
    $method $form->getAttribute("method");
        
    $action $form->getAttribute("action");
        
    //If the form doesn't have an action, the action is the page itself.
        //Otherwise, change an existing action to an absolute version.
        
    $action = empty($action) ? $url rel2abs($action$url);
        
    //Rewrite the form action to point back at the proxy.
        
    $form->setAttribute("action"rtrim(PROXY_PREFIX"?"));
        
    //Add a hidden form field that the proxy can later use to retreive the original form action.
        
    $actionInput $doc->createDocumentFragment();
        
    $actionInput->appendXML('<input type="hidden" name="miniProxyFormAction" value="' htmlspecialchars($action) . '" />');
        
    $form->appendChild($actionInput);
      }
      
    //Proxify <meta> tags with an 'http-equiv="refresh"' attribute.
      
    foreach ($xpath->query("//meta[@http-equiv]") as $element) {
        if (
    strcasecmp($element->getAttribute("http-equiv"), "refresh") === 0) {
          
    $content $element->getAttribute("content");
          if (!empty(
    $content)) {
            
    $splitContent preg_split("/=/"$content);
            if (isset(
    $splitContent[1])) {
              
    $element->setAttribute("content"$splitContent[0] . "=" PROXY_PREFIX rel2abs($splitContent[1], $url));
            }
          }
        }
      }
      
    //Profixy <style> tags.
      
    foreach($xpath->query("//style") as $style) {
        
    $style->nodeValue proxifyCSS($style->nodeValue$url);
      }
      
    //Proxify tags with a "style" attribute.
      
    foreach ($xpath->query("//*[@style]") as $element) {
        
    $element->setAttribute("style"proxifyCSS($element->getAttribute("style"), $url));
      }
      
    //Proxify "srcset" attributes in <img> tags.
      
    foreach ($xpath->query("//img[@srcset]") as $element) {
        
    $element->setAttribute("srcset"proxifySrcset($element->getAttribute("srcset"), $url));
      }
      
    //Proxify any of these attributes appearing in any tag.
      
    $proxifyAttributes = array("href""src");
      foreach(
    $proxifyAttributes as $attrName) {
        foreach(
    $xpath->query("//*[@" $attrName "]") as $element) { //For every element with the given attribute...
          
    $attrContent $element->getAttribute($attrName);
          if (
    $attrName == "href" && preg_match("/^(about|javascript|magnet|mailto):/i"$attrContent)) continue;
          
    $attrContent rel2abs($attrContent$url);
          
    $attrContent PROXY_PREFIX $attrContent;
          
    $element->setAttribute($attrName$attrContent);
        }
      }
      
    //Attempt to force AJAX requests to be made through the proxy by
      //wrapping window.XMLHttpRequest.prototype.open in order to make
      //all request URLs absolute and point back to the proxy.
      //The rel2abs() JavaScript function serves the same purpose as the server-side one in this file,
      //but is used in the browser to ensure all AJAX request URLs are absolute and not relative.
      //Uses code from these sources:
      //http://stackoverflow.com/questions/7775767/javascript-overriding-xmlhttprequest-open
      //https://gist.github.com/1088850
      //TODO: This is obviously only useful for browsers that use XMLHttpRequest but
      //it's better than nothing.
      
    $head $xpath->query("//head")->item(0);
      
    $body $xpath->query("//body")->item(0);
      
    $prependElem $head != NULL $head $body;
      
    //Only bother trying to apply this hack if the DOM has a <head> or <body> element;
      //insert some JavaScript at the top of whichever is available first.
      //Protects against cases where the server sends a Content-Type of "text/html" when
      //what's coming back is most likely not actually HTML.
      //TODO: Do this check before attempting to do any sort of DOM parsing?
      
    if ($prependElem != NULL) {
        
    $scriptElem $doc->createElement("script",
          
    '(function() {
            if (window.XMLHttpRequest) {
              function parseURI(url) {
                var m = String(url).replace(/^\s+|\s+$/g, "").match(/^([^:\/?#]+:)?(\/\/(?:[^:@]*(?::[^:@]*)?@)?(([^:\/?#]*)(?::(\d*))?))?([^?#]*)(\?[^#]*)?(#[\s\S]*)?/);
                // authority = "//" + user + ":" + pass "@" + hostname + ":" port
                return (m ? {
                  href : m[0] || "",
                  protocol : m[1] || "",
                  authority: m[2] || "",
                  host : m[3] || "",
                  hostname : m[4] || "",
                  port : m[5] || "",
                  pathname : m[6] || "",
                  search : m[7] || "",
                  hash : m[8] || ""
                } : null);
              }
              function rel2abs(base, href) { // RFC 3986
                function removeDotSegments(input) {
                  var output = [];
                  input.replace(/^(\.\.?(\/|$))+/, "")
                    .replace(/\/(\.(\/|$))+/g, "/")
                    .replace(/\/\.\.$/, "/../")
                    .replace(/\/?[^\/]*/g, function (p) {
                      if (p === "/..") {
                        output.pop();
                      } else {
                        output.push(p);
                      }
                    });
                  return output.join("").replace(/^\//, input.charAt(0) === "/" ? "/" : "");
                }
                href = parseURI(href || "");
                base = parseURI(base || "");
                return !href || !base ? null : (href.protocol || base.protocol) +
                (href.protocol || href.authority ? href.authority : base.authority) +
                removeDotSegments(href.protocol || href.authority || href.pathname.charAt(0) === "/" ? href.pathname : (href.pathname ? ((base.authority && !base.pathname ? "/" : "") + base.pathname.slice(0, base.pathname.lastIndexOf("/") + 1) + href.pathname) : base.pathname)) +
                (href.protocol || href.authority || href.pathname ? href.search : (href.search || base.search)) +
                href.hash;
              }
              var proxied = window.XMLHttpRequest.prototype.open;
              window.XMLHttpRequest.prototype.open = function() {
                  if (arguments[1] !== null && arguments[1] !== undefined) {
                    var url = arguments[1];
                    url = rel2abs("' 
    $url '", url);
                    url = "' 
    PROXY_PREFIX '" + url;
                    arguments[1] = url;
                  }
                  return proxied.apply(this, [].slice.call(arguments));
              };
            }
          })();'
        
    );
        
    $scriptElem->setAttribute("type""text/javascript");
        
    $prependElem->insertBefore($scriptElem$prependElem->firstChild);
      }
      echo 
    "<!-- Proxified page constructed by miniProxy -->\n" $doc->saveHTML();
    } else if (
    stripos($contentType"text/css") !== false) { //This is CSS, so proxify url() references.
      
    echo proxifyCSS($responseBody$url);
    } else { 
    //This isn't a web page or CSS, so serve unmodified through the proxy with the correct headers (images, JavaScript, etc.)
      
    header("Content-Length: " strlen($responseBody), true);
      echo 
    $responseBody;
    }
    My own comments are in CAPITALS. The codes immediately following the UPPER CASED comments are mine. Added a $url logger so the proxied page's url gets logged onto my db.
    Now need to add the content filter. After that, my 8 mnths project is complete. Took that long to finish it as I had to learn php as much as I can while I fiddled with this project to add User account, User activity logging and Content Filter onto this existing web proxy. On another project, I tried building my own very tiny winy web proxy. Have put it on hold to finish this one first. I started on one project after another before completing the eariler ones. Hence, it is taking me that long to complete this project.
    You can find the original one here. Note, if you see 4 asterisks in the link then this forum is substituting asterisks for the banned word that is spelt "d" and "i" and "c" and "k". That is the kind of filtering I am trying to add on this Mini Proxy.
    https://github.com/josh****/miniProx...Proxy.php#L311
    Last edited by UniqueIdeaMan; October 20th, 2017 at 08:56 AM.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    318
    Rep Power
    1
    You guys are welcome to show code samples of how the filter should be coded and placed in which line in the Mini Proxy:
    https://github.com/josh****/miniProx.../miniProxy.php
    Note, if you see 4 asterisks in the link then this forum is substituting asterisks for the banned word that is spelt "d" and "i" and "c" and "k". That is the kind of filtering I am trying to add on this Mini Proxy.
    Last edited by UniqueIdeaMan; October 20th, 2017 at 09:00 AM.
  14. #8
  15. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,814
    Rep Power
    4536
    lol.... You have no ****ing clue what to do.

    Still your turn.
    -- Cigars, whiskey and wild, wild women. --
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    318
    Rep Power
    1
    Originally Posted by Sepodati
    Oh look, your link doesn't work because of a bad word filter. This is a stupid idea.
    I don't understand your comment on the bold part.
    No. I'm trying to add this filter onto a web proxy that I will make public.
    Yes, when a banned word is found on a page, that page's url can be saved to a tbl (banned urls) in the db and when a user requests a page, the proxy can check the banned urls list and prevent the page from loading if the url is black listed. I can program it like that to save bandwidth and time.
    I don't want to create a white list of urls nor a black list because sometimes the white page get updated with banned words and vice versa. Hence, on every page load, the filter should get to work to check for banned words.

    Imagine, you are viewing a page with no adult material. That page would be logged under your Username. Now, imagine a popup loads with adult material. Now, if that page gets loaded & logged and publicised, then your followers would get the wrong end of the stick thinking your viewing XXX. Imagine, your spouse or kids following you online. What would they think ? Or, imagine the page had a link pointing to a porn page and the contextual link mentioned it to be a different kind of page (malicious linking or link bait).
    Yes, my proxy will be unique because you can have team sessions where your group can browse the net and each of you can see what page the other is viewing.
    For example, imagine you and your family members are in different places and you all suddenly started searching a suitable wedding gift for your niece who's wedding you're gonna attend next week. You don't want to be emailing back & forth to each other all the links of the pages where each of you found something suitable. Instead you can just start the search and others can follow you to the same pages and likewise you can follow them to get an idea what they're viewing, etc.
    Now, in order for all this to be possible, each of you must have accounts and your page views must be logged. I already finished those 2 depts. Once this filter dept. is complete then my proxy is set to go. There are other features that are being added but I won't bother you with them. They are money making features. The followee earns money when the followers follow and view the same links as the followee.
    The followee earns money when the followers see what keywords the followee is searching. ETC. I won't say any more. My service would be free. You are welcome to signup and browse & kw search and have the public follow you so you earn from their following.
    And no. My ideas are not stupid. Problem with you programmers is that you have great knowledge but you don't have great website or public service ideas that will go viral. And you spend your days working for others, who have such ideas. People like me.
    And the people with the great ideas, never learn programming. They hire folks like you. They make use of your knowledge to grow rich or earn a living every single day while you get a lousy one off payment from them. I, however am different. I have great ideas. I never hire. I learn myself. That way, I make ZERO INVESTMENT but MAXIMUM RETURN.
    I build them (my ideas), then test & see which idea works and which not. And when an idea works, I then make the idea into a public service so that others (like you) can copy the idea and provide a likewise service to the public and earn yourself and them money so you all can be free from your 9-5 jobs that you dont like. Also programmers like you can benefit from my ideas just like a commoner public and make a 2nd living out of it. More than what you are making now from your main income. If my ideas earn you money then I'll be happy that a fellow programmer got something on the side.
    I won't insult a programmer like you saying: "You had the php knowledge but you did not have a ****ing clue on how to build a unique public service out of it and earm $$$$$$ from it thus free yourself from your 9-5 wage slavery".
    I won't keep on saying over and over again: "You did not have a ****ing clue!" (like you keep saying to me regarding php).
    I'm the socialist type. Not capitalist.
    Last edited by UniqueIdeaMan; October 20th, 2017 at 08:22 AM.
  18. #10
  19. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,814
    Rep Power
    4536
    I learn myself
    I disagree. Fix those errors yet?
    -- Cigars, whiskey and wild, wild women. --
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    318
    Rep Power
    1
    Originally Posted by Sepodati
    I disagree. Fix those errors yet?
    Look at your hand. Not all 5 fingers are the same length even though they're all fingers. My self learning knowledge and your's are not the same.
    I get this error only. The rest mentioned earlier are gone:

    Notice: Array to string conversion in C:\xampp\htdocs\php\browser_experimenting.php on line 311
    Notice: Array to string conversion in C:\xampp\htdocs\php\browser_experimenting.php on line 312


    Line 311 & 312 looks like this:
    PHP Code:
    //SUBSTITUTE THE BANNED WORDS ON PROXIED PAGE (CONTENT FILTERING).
    if($responseInfo['http_code'] == '200' )
        {
         
            
    $regex '/\b';      // The beginning of the regex string syntax
            
    $regex .= implode('\b|\b'$banned_words);      // joins all the banned words to the string with correct regex syntax
            
    $regex .= '\b/i';    // Adds ending to regex syntax. Final i makes it case insensitive
            
    $substitute '****';
    [
    B]        $cleanresponse preg_replace($regex$substitute$response);
            echo 
    $cleanresponse;[/B]
        } 
    Last edited by UniqueIdeaMan; October 20th, 2017 at 09:23 AM.
  22. #12
  23. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,814
    Rep Power
    4536
    Why do you think you are getting that notice?
    -- Cigars, whiskey and wild, wild women. --
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    318
    Rep Power
    1
    Originally Posted by Sepodati
    Why do you think you are getting that notice?
    This is the regex and it's on line 311:

    $cleanresponse = preg_replace($regex, $substitute, $response);

    I think the error is saying that the 3rd parameter needs to be a string. And so, just TypeCasted it:

    $cleanresponse = preg_replace($regex, $substitute, (string)$response);

    But, I'm unable to test it. As the page takes too long to fetch now and times out. I wonder why the fetch delay. Another problem out of the blue!
    So, did I guess things correct ?
  26. #14
  27. Code Monkey V. 0.9
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2005
    Location
    A Land Down Under
    Posts
    2,327
    Rep Power
    2063
    Originally Posted by UniqueIdeaMan
    So, did I guess things correct ?
    No. For so many reasons, no.

    You need to go back to the basics and learn about data structures, programming flow, proper use of functions, and all of the really boring generic stuff that we all have to learn at the start. Without that base you will never be able to write your own code properly (as evidenced here by your lack of understanding even simple concepts).

    As an example, you can't just cast an array as a string. That's just crazy, and will most likely end up with giving you wrong results because you don't know what you're actually passing in to that function.

    Before you say anything, this is not meant as an attack on you. This is meant as guidance. Don't start off over your head, which is what you are doing. It's great that you have all of these ideas, but unless you spend the time learning how to code properly from the ground up you'll never be able to do anything yourself.

    Comments on this post

    • UniqueIdeaMan agrees
  28. #15
  29. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,814
    Rep Power
    4536
    So, did I guess things correct ?
    lol, no. Not even close. PHP gave you a notice that it was converting an array to a string and your code didn't work. So you decide to cast your array to a string, thus recreating the exact same condition that didn't work before.

    At least you admin to guessing because you don't have a ****ing clue what to do.

    What's the manual say for the parameters?

    Comments on this post

    • UniqueIdeaMan agrees
    -- Cigars, whiskey and wild, wild women. --
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo