-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathproxy.php
More file actions
83 lines (70 loc) · 2.88 KB
/
proxy.php
File metadata and controls
83 lines (70 loc) · 2.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?php
// ====================================================
// SPERO BROWSER - Proxy Handler (proxy.php)
// Note: Most external sites (YouTube, Google, etc.)
// block iframe loading due to X-Frame-Options.
// This proxy handles internal/simple sites.
// External sites are redirected via spero_blank.php.
// ====================================================
$url = isset($_GET['url']) ? filter_var($_GET['url'], FILTER_SANITIZE_URL) : '';
if (!$url) {
header('Location: home.php');
exit;
}
if (!filter_var($url, FILTER_VALIDATE_URL)) {
header('Location: home.php');
exit;
}
// Sites that block iframes - redirect to opener page
$blockedDomains = [
'youtube.com', 'youtu.be',
'google.com', 'google.co.in',
'instagram.com', 'facebook.com',
'twitter.com', 'x.com',
'linkedin.com', 'netflix.com',
'amazon.com', 'amazon.in',
'flipkart.com', 'whatsapp.com',
'chatgpt.com', 'openai.com',
'github.com', 'reddit.com',
];
$parsed = parse_url($url);
$host = $parsed['host'] ?? '';
$host = preg_replace('/^www\./', '', $host);
foreach ($blockedDomains as $blocked) {
if (str_contains($host, $blocked) || $host === $blocked) {
// Redirect to our opener page which opens in new tab
header('Location: spero_blank.php?url=' . urlencode($url));
exit;
}
}
// For Wikipedia and other embeddable sites, try to fetch
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_TIMEOUT => 15,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
CURLOPT_HTTPHEADER => ['Accept: text/html', 'Accept-Language: en-US,en;q=0.9'],
]);
$content = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$contentType = curl_getinfo($ch, CURLINFO_CONTENT_TYPE);
curl_close($ch);
if ($httpCode !== 200 || empty($content)) {
header('Location: spero_blank.php?url=' . urlencode($url));
exit;
}
// Fix relative URLs
$baseUrl = $parsed['scheme'] . '://' . $parsed['host'];
$content = preg_replace('/(href|src|action)="\/([^"]*)"/', '$1="' . $baseUrl . '/$2"', $content);
// Inject Spero controls
// $speroBar = '<div style="position:fixed;bottom:0;left:0;width:100%;height:50px;background:rgba(233,30,140,0.9);display:flex;align-items:center;justify-between;padding:0 20px;z-index:999999;font-family:sans-serif;">
// <span style="color:white;font-weight:800;font-size:14px;">SPERO</span>
// <span style="color:rgba(255,255,255,0.8);font-size:12px;">Viewing: ' . htmlspecialchars($host) . '</span>
// <button onclick="history.back()" style="background:white;color:#e91e8c;border:none;border-radius:10px;padding:6px 14px;font-weight:700;cursor:pointer;">← Back</button>
// </div>';
$content = str_replace('</body>', $speroBar . '</body>', $content);
header('Content-Type: text/html; charset=UTF-8');
echo $content;
?>