error_reporting(E_ALL);
    ini_set("display_errors", 0);

    if (!isset($_GET['url']) || $_GET['url'] === '') exit();

    $url = (string)$_GET['url'];
    if ($url === '') exit();

    // set compression rate
    $rate = 75;
    if (isset($_GET['rate']) && $_GET['rate'] !== '') {
        $rate = (int)$_GET['rate'];
    }
    if ($rate < 0) $rate = 0;
    if ($rate > 100) $rate = 100;

    // SAFE: ler params sem gerar notices
    $widthParam  = isset($_GET['width'])  ? (string)$_GET['width']  : '';
    $heightParam = isset($_GET['height']) ? (string)$_GET['height'] : '';

    // normalização original
    if (strpos($url, "https") !== false) $url = str_replace("https:", "", $url);
    if (strpos($url, "http") !== false)  $url = str_replace("http:", "", $url);

    $inputPath = 'http:' . trim((string)urldecode($url));
    $inputPath = str_replace(" ", "%20", $inputPath);

    // validar imagem
    $img = @getimagesize($inputPath);
    if (empty($img)) {
        http_response_code(404);
        exit();
    }

    list($old_width, $old_height) = $img;

    if (empty($old_width) || empty($old_height)) {
        http_response_code(404);
        exit();
    }

    // dimensões base
    $new_width  = ($widthParam !== ''  && $widthParam !== 'auto')  ? (int)$widthParam  : $old_width;
    $new_height = ($heightParam !== '' && $heightParam !== 'auto') ? (int)$heightParam : $old_height;

    // lógica original de auto/omisso (mantida, mas sem tocar em $_GET)
    if ($widthParam !== '') {
        if ($widthParam === "auto") {
            $newRatio  = ($new_height * 100 / $old_height);
            $new_width = (int)round($old_width * ($newRatio / 100));
        }
    } else {
        $newRatio  = ($new_height * 100 / $old_height);
        $new_width = (int)round($old_width * ($newRatio / 100));
    }

    if ($heightParam !== '') {
        if ($heightParam === "auto") {
            $newRatio   = ($new_width * 100 / $old_width);
            $new_height = (int)round($old_height * ($newRatio / 100));
        }
    } else {
        $newRatio   = ($new_width * 100 / $old_width);
        $new_height = (int)round($old_height * ($newRatio / 100));
    }

    // impedir dimensões inválidas (evita warnings/fatal no GD)
    if ($new_width < 1 || $new_height < 1) {
        http_response_code(400);
        exit();
    }

    // criar imagem origem
    $mime = isset($img['mime']) ? $img['mime'] : '';

    if (strpos($mime, "png") !== false) {
        $src_img = @imagecreatefrompng($inputPath);
        if ($src_img === false) { http_response_code(404); exit(); }
        imagealphablending($src_img, false);
        imagesavealpha($src_img, true);

    } elseif (strpos($mime, "jpg") !== false || strpos($mime, "jpeg") !== false) {
        $src_img = @imagecreatefromjpeg($inputPath);
        if ($src_img === false) { http_response_code(404); exit(); }

    } else {
        http_response_code(406);
        exit();
    }

    $dst_img = imagecreatetruecolor($new_width, $new_height);

    imagecopyresampled(
        $dst_img,
        $src_img,
        0, 0, 0, 0,
        $new_width, $new_height,
        $old_width, $old_height
    );

    // output
    ob_start();
    imagejpeg($dst_img, null, $rate);
    $jpegData = ob_get_clean();

    if ($jpegData === false) {
        if (!empty($dst_img)) imagedestroy($dst_img);
        if (!empty($src_img)) imagedestroy($src_img);
        http_response_code(500);
        exit();
    }

    header("Content-type: image/jpeg");
    header("Content-Length: " . strlen($jpegData));
    header("Last-Modified: " . date(DATE_RFC2822));

    echo $jpegData;

    if (!empty($dst_img)) imagedestroy($dst_img);
    if (!empty($src_img)) imagedestroy($src_img);