app_key is now generated automatically upon install

Athlon1600 · May 13, 2015 · 9293c40 · 9293c40
1 parent dfe9fad
commit 9293c40
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 22 deletions.
diff --git a/composer.json b/composer.json
@@ -1,10 +1,15 @@
 {
 	"name": "athlon1600/php-proxy-app",
 	"type": "project",
-	"version": "1.0.0",
-	"keywords": ["php proxy", "php proxy application", "php proxy web", "proxy script", "php web proxy", "web proxy"],
+	"version": "2.0.0",
+	"license": "MIT",
+	"description": "Web proxy application project powered by PHP-Proxy library",
+	"keywords": ["php proxy application", "php proxy web", "proxy script", "php web proxy", "web proxy"],
 	"homepage": "https://www.php-proxy.com/",
 	"require": {
 		"athlon1600/php-proxy": "@dev"
-	}
+	},
+	"post-create-project-cmd": [
+		"php -f setup.txt"
+	]
 }
diff --git a/config.php b/config.php
@@ -3,8 +3,20 @@
 // all possible options will be stored
 $config = array();
 
-// make it as long as possible for extra security... secret key is being used when encrypting urls
-$config['secret_key'] = '';
+// a unique key that identifies application - DO NOT LEAVE THIS EMPTY!
+$config['app_key'] = '';
+
+// a secret key to be used during encryption
+$config['encryption_key'] = '';
+
+/* 
+how unique is each URL that is generated by this proxy app?
+0 - no encryption, people can hotlink to your proxy
+1 - unique to the IP address that generated it. A person that generated that URL, can bookmark it and visit it and any point
+2 - unique to that session and IP address - URL no longer valid anywhere when browser session ends
+*/
+
+$config['url_mode'] = 1;
 
 // plugins to load - plugins will be loaded in this exact order as in array
 $config['plugins'] = array(

diff --git a/index.php b/index.php
@@ -1,10 +1,8 @@
 <?php
 
-require("vendor/autoload.php");
-
 define('PROXY_START', microtime(true));
-define('SCRIPT_BASE', (!empty($_SERVER['HTTPS']) ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
-define('SCRIPT_DIR', pathinfo(SCRIPT_BASE, PATHINFO_DIRNAME).'/');
+
+require("vendor/autoload.php");
 
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
@@ -15,17 +13,31 @@
 use Proxy\Config;
 use Proxy\Proxy;
 
+// start the session
+session_start();
+
 // load config...
 Config::load('./config.php');
 
+if(!Config::get('app_key')){
+	die("app_key inside config.php cannot be empty!");
+}
+
+// how are our URLs be generated from this point? this must be set here so the proxify_url function below can make use of it
+if(Config::get('url_mode') == 1){
+	Config::set('encryption_key', md5(Config::get('app_key').$_SERVER['REMOTE_ADDR']));
+} else if(Config::get('url_mode') == 2){
+	Config::set('encryption_key', md5(Config::get('app_key').session_id()));
+}
+
 // form submit in progress...
 if(isset($_POST['url'])){
 
 	$url = $_POST['url'];
 	$url = add_http($url);
 
 	header("HTTP/1.1 302 Found");
-	header('Location: '.SCRIPT_BASE.'?q='.encrypt_url($url));
+	header('Location: '.proxify_url($url));
 	exit;
 
 } else if(!isset($_GET['q'])){
@@ -38,21 +50,17 @@
 		header("Location: ".Config::get('index_redirect'));
 
 	} else {
-		echo render_template("./templates/main.php", array('script_base' => SCRIPT_BASE, 'version' => Proxy::VERSION));
+		echo render_template("./templates/main.php", array('version' => Proxy::VERSION));
 	}
 
 	exit;
 }
 
-
-// get real URL
-$url = decrypt_url($_GET['q']);
-define('URL', $url);
-
+// decode q parameter to get the real URL
+$url = base64_decrypt($_GET['q']);
 
 $proxy = new Proxy();
 
-
 // load plugins
 foreach(Config::get('plugins', array()) as $plugin){
 
@@ -63,12 +71,13 @@
 		// use user plugin from /plugins/
 		require_once('./plugins/'.$plugin_class.'.php');
 
-	} else {
+	} else if(class_exists('\\Proxy\\Plugin\\'.$plugin_class)){
 
-		// use native plugin from php-proxy - it was already loaded into namespace automatically through composer
+		// does the native plugin from php-proxy package with such name exist?
 		$plugin_class = '\\Proxy\\Plugin\\'.$plugin_class;
 	}
 
+	// otherwise plugin_class better be loaded already and match namespace exactly \\Vendor\\Plugin\\SuperPlugin
 	$proxy->getEventDispatcher()->addSubscriber(new $plugin_class());
 }
 
@@ -86,8 +95,7 @@
 	}
 
 	$url_form = render_template("./templates/url_form.php", array(
-		'url' => $url,
-		'script_base' => SCRIPT_BASE
+		'url' => $url
 	));
 
 	$output = $response->getContent();
@@ -131,7 +139,6 @@
 
 		echo render_template("./templates/main.php", array(
 			'url' => $url,
-			'script_base' => SCRIPT_BASE,
 			'error_msg' => $ex->getMessage(),
 			'version' => Proxy::VERSION
 		));

diff --git a/setup.txt b/setup.txt
@@ -0,0 +1,34 @@
+<?php
+
+function generate_random_key(){
+
+	if(function_exists('openssl_random_pseudo_bytes')){
+		$random = openssl_random_pseudo_bytes(100);
+	} else {
+		$random = rand().microtime().rand();
+	}
+
+	return md5($random);
+}
+
+$path_config = './config.php';
+
+// config.php won't be writable if ran from within web server
+if(!is_writable($path_config)){
+	exit;
+}
+
+$key = generate_random_key();
+
+// open config.php
+$config = file_get_contents($path_config);
+
+// replace blank app_key with new generated key
+$config = str_replace('$config[\'app_key\'] = \'\';', '$config[\'app_key\'] = \''.$key.'\';', $config);
+
+// write to config.php
+file_put_contents($path_config, $config);
+
+echo "New Key: {$key}\r\n";
+
+?>