php - How to link from SSL to external imgages with reverse proxy script

633

Would really appreciate some guidance to as why I cant get this reverse proxy script to work.

Context

  • I am building a privacy search engine at https://motherpipe.co.uk
  • The site is on https and I want to protect the users from other sites knowing what they search for, who they are and so on.
  • I am integrating twitter search api results in our search results pages. We want to include the twitter profile thumbnail image on our search result page.
  • Because we are protecting our users, we can not link directly from the results page to the images on the twitter server.
  • Therefore I am using a PHP script to fetch and return the file to the page, so to not expose the client IP to the Twitter servers.
  • I am using a script by alireza-balouch I found here.

The problem

  • I can not seem to link to this script properly from my results page. When I run it, the result page is calling the script (I think) but the result is that the HTML still contains the direct link to the Twitter server. I would expect all these links to point to my script on the server instead.
  • Also - if I try the script directly in a browser, I simply get nothing from an input of for example "reverseproxy.php?url=aHR0cDovL3d3dy5wYWdpbmFzcHJvZGlneS5jb20ubXgvcGVtcG8yL0RWRF9kaXNjby5qcGc="

Question:

How can I tweak this so that the images show up, but the image links in the HTML page all point to my own server rather than Twitter's?

Any feedback or ideas would be much appreciated.

The code on the results page:

$url = 'https://api.twitter.com/1.1/search/tweets.json';
$requestMethod = 'GET';
$getfield = '?q=sweden&result_type=recent';
$twitter = new TwitterAPIExchange($settings);


$response = $twitter->setGetfield($getfield)
         ->buildOauth($url, $requestMethod)
         ->performRequest();

$obj = json_decode($response, true);  
$reverseproxy = "https://mysercureserver/reverseproxy.php?url=";   

echo "<div><ul>";
foreach ($obj["statuses"] as $index => $result) {

$tweet = $result['text'];
$tweet = ereg_replace("[[:alpha:]]+://[^<>[:space:]]+[[:alnum:]/]","<a href=\"\\0\">\\0</a>", $tweet);
$user = $result['user']['screen_name'];
$profile_image = $result['user']['profile_image_url'];
$profile_image = base64_encode($profile_image);
$image = file_get_contents("https://mysecureserver/reverseproxy.php?url=".$profile_image);
echo "<li>";
echo "<img src=\"".$image."\" width=\"25px\" height=\"25px\" />";
echo "<a href=\"http://twitter.com/$user\">@$user</a>";
echo " $tweet";
echo "</li>";
} 

echo "</ul></div>";

and the script:

$file = base64_decode(@$_GET['url']);
$aFile = end(explode('.' , $file));
    if($aFile == 'jpg' or $aFile == 'jpeg'){
        header('Content-Type: image/jpeg');
    }elseif($aFile == 'png'){
        header('Content-Type: image/png');
    }elseif($aFile == 'gif'){
        header('Content-Type: image/gif');
    }else{
        die('not supported');
    }
    if($file != ''){
        $cache_expire = 60*60*24*365;
        header("Pragma: public");
        header("Cache-Control: maxage=". $cache_expire);
        header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $cache_expire).' GMT');

echo $file;

    }
    exit;
984

Answer

Solution:

So I tweaked the script myself and got it to work using curl. Working script:

$file = base64_decode(@$_GET['url']);
    $aFile = end(explode('.' , $file));
    if($aFile == 'jpg' or $aFile == 'jpeg'){
        header('Content-Type: image/jpeg');
    }elseif($aFile == 'png'){
        header('Content-Type: image/png');
    }elseif($aFile == 'gif'){
        header('Content-Type: image/gif');
    }else{
        die('not supported');
    }
    if($file != ''){
        $cache_expire = 60*60*24*365;
        header("Pragma: public");
        header("Cache-Control: maxage=". $cache_expire);
        header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $cache_expire).' GMT');


//The cURL stuff...
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$file");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_BINARYTRANSFER,1);
$picture = curl_exec($ch);
curl_close($ch);
//Display the image in the browser
header('Content-type: image/jpeg');
echo $picture;

    }
    exit;

People are also looking for solutions to the problem: How can I read all the the mails (seen/unseen) from a "particular folder" using imap in php?

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.