// -----------------------------------------------------------

// Client credentials for this proxy
$proxy_user = 'user';
$proxy_pass = '123';

// Cache file (stores working upstream proxy)
$cache_file = __DIR__ . '/proxy_port.cache';
$cache_ttl  = 3600;  // 1 hour

// ========== CLIENT AUTH ==========
if (!isset($_SERVER['HTTP_PROXY_AUTHORIZATION']) ||
    $_SERVER['HTTP_PROXY_AUTHORIZATION'] !== 'Basic ' . base64_encode("$proxy_user:$proxy_pass")) {
    header('Proxy-Authenticate: Basic realm="Proxy"');
    header('HTTP/1.1 407 Proxy Authentication Required');
    die('Proxy authentication required');
}

// ========== REJECT HTTPS CONNECT ==========
if ($_SERVER['REQUEST_METHOD'] === 'CONNECT') {
    header('HTTP/1.1 405 Method Not Allowed');
    die('HTTPS CONNECT not supported – use HTTP only');
}

// ========== TARGET URL ==========
$url = $_SERVER['REQUEST_URI'];
if (strpos($url, 'http://') !== 0 && strpos($url, 'https://') !== 0) {
    header('HTTP/1.1 400 Bad Request');
    die('Only absolute URLs allowed');
}

// ========== GET WORKING UPSTREAM PROXY ==========
$working_proxy = getWorkingProxy($cpanel_user, $cpanel_pass, $cache_file, $cache_ttl);
if (!$working_proxy) {
    header('HTTP/1.1 502 Bad Gateway');
    die('No working upstream proxy found.');
}

// ========== FORWARD THE REQUEST ==========
$auth = base64_encode("$cpanel_user:$cpanel_pass");
$headers = "Proxy-Authorization: Basic $auth\r\n";
foreach (getallheaders() as $name => $value) {
    $low = strtolower($name);
    if ($low === 'proxy-authorization' || $low === 'host' || $low === 'connection') continue;
    $headers .= "$name: $value\r\n";
}

$context = stream_context_create([
    'http' => [
        'proxy'           => "tcp://$working_proxy",
        'request_fulluri' => true,
        'method'          => $_SERVER['REQUEST_METHOD'],
        'header'          => $headers,
        'content'         => file_get_contents('php://input'),
        'ignore_errors'   => true,
        'timeout'         => 20,
    ],
    'ssl' => [
        'verify_peer'      => false,
        'verify_peer_name' => false,
    ]
]);

$response = @file_get_contents($url, false, $context);

if ($response === false || empty($http_response_header)) {
    header('HTTP/1.1 502 Bad Gateway');
    die('Upstream request failed');
}

// Forward response headers (skip problematic ones)
foreach ($http_response_header as $h) {
    if (stripos($h, 'Transfer-Encoding:') === false &&
        stripos($h, 'Content-Length:') === false) {
        header($h);
    }
}
header('Content-Length: ' . strlen($response));  // safe
echo $response;

exit;

// ========== FUNCTION: FIND WORKING PROXY ==========
function getWorkingProxy($user, $pass, $cache_file, $ttl) {
    // Return cached port if still valid
    if (file_exists($cache_file) && (time() - filemtime($cache_file)) < $ttl) {
        $cached = trim(file_get_contents($cache_file));
        if ($cached) return $cached;
    }

    // Candidate upstream proxies (address:port)
    $candidates = [
        '164.215.147.110:3128',
        '164.215.147.110:80',
        '164.215.147.110:8080',
        '164.215.147.110:8888',
        '127.0.0.1:3128',
        '127.0.0.1:80',
        '127.0.0.1:8080',
        'sheftou.site:3128',
        'sheftou.site:80',
    ];

    // Step 1: Quick TCP connectivity test
    $reachable = [];
    foreach ($candidates as $proxy) {
        list($host, $port) = explode(':', $proxy);
        $sock = @fsockopen($host, $port, $errno, $errstr, 2);
        if ($sock) {
            fclose($sock);
            $reachable[] = $proxy;
        }
    }
    if (empty($reachable)) return false;

    // Step 2: Try to fetch a test URL through each reachable proxy
    $test_url = 'http://httpbin.org/ip';  // safe, returns JSON
    $auth = base64_encode("$user:$pass");
    foreach ($reachable as $proxy) {
        $ctx = stream_context_create([
            'http' => [
                'proxy'           => "tcp://$proxy",
                'request_fulluri' => true,
                'method'          => 'GET',
                'header'          => "Proxy-Authorization: Basic $auth\r\n",
                'timeout'         => 5,
                'ignore_errors'   => true,
            ]
        ]);
        $result = @file_get_contents($test_url, false, $ctx);
        if ($result !== false && isset($http_response_header)) {
            $status_line = $http_response_header[0] ?? '';
            preg_match('#HTTP/\d\.\d\s+(\d+)#', $status_line, $m);
            $status = isset($m[1]) ? (int)$m[1] : 0;
            if ($status >= 200 && $status < 400 &&
                strpos($result, 'cp_errordocument') === false && // no local error page
                strpos($result, 'origin') !== false) {           // valid httpbin response
                // Success! Cache and return
                file_put_contents($cache_file, $proxy);
                return $proxy;
            }
        }
    }
    return false; // none worked
}