Posted By

bcmoney on 12/10/10


Tagged

http php proxy


Versions (?)

Who likes this?

3 people have marked this snippet as a favorite

fabiobruna
wirenaught
mmcachran


proxy.php


 / Published in: PHP
 

URL: http://bcmoney-mobiletv.com/blog/2009/05/01/the-server-side-proxy/

Source to get me started on a PHP proxy using CURL: http://developer.yahoo.com/javascript/howto-proxy.html

Nice tutorial on using PHP proxy for cross-server JSON without JSONp: http://benalman.com/projects/php-simple-proxy/

SalesForce.com's full-blown CORS and CRUD supporting REST toolkit proxy: https://github.com/developerforce/Force.com-JavaScript-REST-Toolkit/blob/master/proxy.php

  1. <?php
  2. /**
  3.  * proxy.php
  4.  * Acts as a server-side requestor for data on behalf of the client-side, in order to get around the "same-origin" problem
  5.  * (NOTE: there could be a small security risk by doing a naiive REQUEST to pass the proxy URL without POST + SSL and more thorough validation. Only if an attacker knew the location of this script, would there be a chance they can use it as a proxy for attacks to other servers, or this server. For our purposes, it probably is negligible, but for more on how to solve potential issues, see: http://php.net/manual/en/function.fopen.php or: http://www.virtualforge.de/vmovie/xss_selling_platform_v1.0.php)
  6.  */
  7.  
  8. $url = $_REQUEST['url']; //URL to grab (again, see NOTE on security above)
  9. if (empty($url)) { $url = "http://dd.weatheroffice.ec.gc.ca/citypage_weather/xml/NB/s0000687_e.xml"; } //make sure we always get some data (default to a Weather feed)
  10.  
  11. /**
  12.  * getAddress
  13.  * @get the full url of the current page (protocol + host + request URI including parameters)
  14.  * @return string
  15.  */
  16. function getAddress() {
  17. $protocol = "";
  18. /*** check for https ***/
  19. if (array_key_exists('HTTPS', $_SERVER) && isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) {
  20. $protocol = "https";
  21. } else {
  22. $protocol = "http";
  23. }
  24. return $protocol.'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; /*** return the full address ***/
  25. }
  26.  
  27. //parse the passed in URL using parameterized query object (could add validation here, see: http://www.scriptol.com/how-to/parsing-url.php )
  28. $arr = parse_url(getAddress()); //use PHP convenience function for full address
  29. $parameters = $arr["query"];
  30. parse_str($parameters, $param);
  31.  
  32. $format = $param['f']; //examples: &f=xml | &f=json | &f=html (for more MIME-Types, see: http://en.wikipedia.org/wiki/Mime_type)
  33. $encoding = $param['e']; //examples: &e=utf-8 | &e=iso-8859-1 | &e=Shift-JIS (for more Character Encodings, see: http://en.wikipedia.org/wiki/Character_encoding)
  34. $e = (!empty($encoding)) ? $encoding : "utf-8"; //might want to limit allowed charset/encoding types
  35.  
  36. header('Cache-Control: no-cache, must-revalidate'); //force fresh request
  37. header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
  38. // Set your return content type, based on the expected response type...
  39. switch ($format) {
  40. case "xml":
  41. case "xsl":
  42. case "kml":
  43. header("Content-type: application/xml; charset={$e}");
  44. break;
  45. case "geojson":
  46. case "json":
  47. case "rdfjson": case "rdf/json": case "rdf+json": case "jron":
  48. header("Content-type: application/json; charset={$e}");
  49. break;
  50. case "georss":
  51. case "atom":
  52. header("Content-type: application/atom+xml; charset={$e}");
  53. break;
  54. case "rss":
  55. case "rss2": case "rss2.0":
  56. case "rss1": case "rss1.0":
  57. case "rss0.92": case "rss0.91": case "rss0.90": case "feed": case "rdf":
  58. header("Content-type: text/xml; charset={$e}");
  59. break;
  60. case "owl":
  61. case "rdf+xml": case "rdfxml":
  62. header("Content-type: application/rdf+xml; charset={$e}");
  63. break;
  64. case "swf":
  65. case "flash": case "flv":
  66. header("Content-type: application/x-shockwave-flash");
  67. break;
  68. case "image":
  69. header("Content-type: image/png");
  70. break;
  71. case "svg":
  72. header("Content-type: image/svg+xml");
  73. break;
  74. case "audio": case "ogg":
  75. header("Content-type: audio/ogg");
  76. break;
  77. case "mp3":
  78. header("Content-type: audio/mpeg");
  79. break;
  80. case "video": case "webm":
  81. header("Content-type: video/webm");
  82. break;
  83. case "mp4":
  84. header("Content-type: video/mp4");
  85. break;
  86. case "xhtml":
  87. header("Content-type: application/xhtml+xml; charset={$e}");
  88. break;
  89. case "xslt":
  90. case "html":
  91. case "html5":
  92. header("Content-type: text/html; charset={$e}");
  93. break;
  94. default:
  95. header("Content-type: text/plain; charset={$e}"); //could be any other plaintext format (including: CSV, TSV, conf, ini, rtf, txt, dat, n3, turtle, JSONp etc...)
  96. break;
  97. }
  98.  
  99.  
  100. try {
  101. // Get remote content/data (NOTE: your hosting provider may not allow fopen, if not you can request they allow for your VPS...if still not, we can use file_get_contents or CURL lib instead)
  102. $handle = fopen($url, "r");
  103.  
  104. // some content/data was received, then read & return
  105. if ($handle) {
  106. while (!feof($handle)) {
  107. $buffer = fgets($handle, 4096);
  108. echo $buffer;
  109. }
  110. fclose($handle);
  111. }
  112. }
  113. catch (Exception $e) {
  114. }
  115. ?>

Report this snippet  

You need to login to post a comment.