Nexus File Manager | Rose Theme

fetch_institute.php

Cancel

<?php
/**
 * Secure API Proxy
 * This hides the real API from the frontend and prevents direct scraping.
 */

require_once '../config/core.php';

// Set headers to return JSON and prevent caching
header('Content-Type: application/json; charset=utf-8');
header('Cache-Control: no-cache, must-revalidate');

// Security: Only allow GET requests
if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
    http_response_code(405);
    echo json_encode(['status' => 'error', 'message' => 'Method not allowed']);
    exit;
}

// Security: Validate and sanitize EIIN (Must be an integer)
$eiin = isset($_GET['eiin']) ? filter_var($_GET['eiin'], FILTER_SANITIZE_NUMBER_INT) : 0;

if (empty($eiin) || strlen($eiin) < 4) {
    echo json_encode(['status' => 'error', 'message' => 'Invalid EIIN provided.']);
    exit;
}

// Construct the secure, hidden URL
$targetUrl = EXTERNAL_API_BASE . "?eiinNo=" . $eiin;

// Initialize cURL for server-to-server request
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $targetUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 15); // 15 seconds timeout
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Accept: application/json',
    'User-Agent: EduInfo-Portal/1.0'
]);

$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$curlError = curl_error($ch);
curl_close($ch);

// Handle upstream server errors
if ($curlError || $httpCode !== 200) {
    http_response_code(502); // Bad Gateway
    echo json_encode([
        'status' => 'error', 
        'message' => 'Server is currently unavailable. Please try again later.'
    ]);
    exit;
}

// Return the direct JSON response back to our frontend
echo $response;
?>

New Folder

New File