From 7b01ce691f6ebb2edc7d75977bc6f2749ddf80a8 Mon Sep 17 00:00:00 2001
From: Arctic Code <tehfoxy.c0de@gmail.com>
Date: Thu, 18 Jul 2013 17:26:53 -0500
Subject: [PATCH] Initial commit

UnPS-GAMA API first release - Not in usable production state
Version 0.0.1
---
 api.backend.php | 79 +++++++++++++++++++++++++++++++++++++++++++++++++
 api.test.php    | 13 ++++++++
 dbsettings.php  | 14 +++++++++
 readme.md       | 33 +++++++++++++++++++++
 4 files changed, 139 insertions(+)
 create mode 100644 api.backend.php
 create mode 100644 api.test.php
 create mode 100644 dbsettings.php
 create mode 100644 readme.md

diff --git a/api.backend.php b/api.backend.php
new file mode 100644
index 0000000..0fae788
--- /dev/null
+++ b/api.backend.php
@@ -0,0 +1,79 @@
+<?php
+
+function checkRemoteFile($link){
+	if (@file_get_contents($link)): return true;
+	else: return false;
+	endif;
+}
+
+class api{
+	function shorten($apidb, $apikey, $sdb, $link, $dpass=null){
+		$apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1";
+		if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+		if($row = $result->fetch_assoc()){
+			$canshort = $row['short'];
+			$name = $row['name'];
+			
+			$name = addslashes($name);
+			$ip = '127.0.0.1';
+			
+			$apisql = "INSERT INTO `apiuse` (time, name, apikey, ip, type, allowed, misc) VALUES (NOW(), '$name', '$apikey', '$ip', 'Link Shorten', '$canshort', '$link')";
+			if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+		}
+		if($canshort != 1) return 'You are not authorized to shorten links';
+		
+		$sql = "SELECT * FROM `links` WHERE `link` = '$link' LIMIT 1;";
+		if($result = $sdb->query($sql)){
+			if($row = $result->fetch_assoc()){
+				$short = $row['shortlink'];
+				return "Existing link: http://unps.us/?l=$short";
+			}
+		}
+		if(checkRemoteFile($link) !== true) return "Dead Link: $link";
+		$short = substr(number_format(time() * mt_rand(),0,'',''),0,10); 
+		$short = base_convert($short, 10, 36); 
+		
+		$dpass = addslashes($dpass);
+		if($dpass != null): $sql = "INSERT INTO `links` (link, shortlink, dpass) VALUES ('$link', '$short', '$dpass')";
+		else: $sql = "INSERT INTO `links` (link, shortlink, dpass) VALUES ('$link', '$short', '$apikey')";
+		endif;
+		
+		if($result = $sdb->query($sql)): return "Shortened: http://unps.us/?l=$short";
+		else: return 'ERROR: ['.$sdb->error.']';
+		endif;
+	}
+	
+	function delShort ($apidb, $apikey, $sdb, $link, $dpass=null){
+		$apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1";
+		if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+		if($row = $result->fetch_assoc()){
+			$canshort = $row['short'];
+			$name = $row['name'];
+			
+			$name = addslashes($name);
+			$ip = '127.0.0.1';
+			
+			$apisql = "INSERT INTO `apiuse` (time, name, apikey, ip, type, allowed, misc) VALUES (NOW(), '$name', '$apikey', '$ip', 'Short Link Delete', '$canshort', '$link')";
+			if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+		}
+		if($canshort != 1) return 'You are not authorized to delete short links';
+		
+		$sql = "SELECT * FROM `links` WHERE `link` = '$link' LIMIT 1;";
+		if($result = $sdb->query($sql)){
+			if($row = $result->fetch_assoc()){
+				$short = $row['shortlink'];
+				$password = $row['dpass'];
+				
+				if($dpass != null) $apikey = addslashes($dpass);
+				
+				if($apikey == $password){
+					$sql = "DELETE FROM `links` WHERE `shortlink` = '$link' AND `dpass` = '$apikey' LIMIT 1;";
+					if(!$result = $sdb->query($sql)) return 'ERROR: ['.$sdb->error.']';
+					return "Deleted: $link";
+				}else return "You are not authorized to delete that link.";
+			}
+		}else{ return 'ERROR: ['.$sdb->error.']'; }
+	}
+}
+
+?>
\ No newline at end of file
diff --git a/api.test.php b/api.test.php
new file mode 100644
index 0000000..c981fe4
--- /dev/null
+++ b/api.test.php
@@ -0,0 +1,13 @@
+<?php
+ // api.test.php - Example usage of the API, to be replaced with API front end
+ // At the moment, the API has two features: Create a short link, and Delete a short link
+
+require('api.backend.php');
+require('dbsettings.php');
+
+$unpsAPI = new api();
+
+echo $unpsAPI->shorten($apidb, '580658027', $shortdb, '[Full URL]');
+echo $unpsAPI->delShort($apidb, '580658027', $shortdb, '[Short link Code Only]]');
+
+?>
\ No newline at end of file
diff --git a/dbsettings.php b/dbsettings.php
new file mode 100644
index 0000000..de5e9e3
--- /dev/null
+++ b/dbsettings.php
@@ -0,0 +1,14 @@
+<?php
+
+// DBSettings
+
+$apidb = new mysqli('localhost', 'api', 'password', 'api'); // Connect to main APIDB
+if($apidb->connect_errno > 0) die('Unable to connect to database [' . $apidb->connect_error . '] - Check dbsettings.php');
+
+$shortdb = new mysqli('localhost', 'short', 'password', 'short'); // Connect to link shortener DB
+if($shortdb->connect_errno > 0) die('Unable to connect to database [' . $shortdb->connect_error . '] - Check dbsettings.php');
+
+$imgdb = new mysqli('localhost', 'image', 'password', 'image'); // Connect to image host DB
+if($imgdb->connect_errno > 0) die('Unable to connect to database [' . $imgdb->connect_error . '] - Check dbsettings.php');
+
+?>
\ No newline at end of file
diff --git a/readme.md b/readme.md
new file mode 100644
index 0000000..4c98391
--- /dev/null
+++ b/readme.md
@@ -0,0 +1,33 @@
+#UnPS-GAMA API
+
+This is my upcoming API for the services I provide.
+
+Currently, the API only supports two functions:
+	Shortening of links
+	Deletion of shortened links
+
+This implements the upcoming Shortv4 code (which includes deletion of short links with a password)
+
+API usage can only happen with a valid apikey (a 64 character long string), all transactions are logged for future analysys (either automatic or manual)
+The api.backend.php file does not attempt to sanatize imput (other than addslashes on a few uses), that must be done in api.frontend.php
+
+##To Shorten links:
+	Pass the apidb, your apikey, the shortdb, and a sanitized full url to the shorten function in the api class
+	OPTIONAL: include a password at the very end to have a password that isn't your apikey
+	The function will see if your key is allowed to shorten links, test if the url exists in the database, and test if the url will load a page
+	If those tests pass, your link will be shortened and be presented with "Shortened: http://unps.us/?l=[SHORT LINK ID]"
+
+##To Delete short links:
+NOTE: This does not verify if you want to delete the link
+	Pass the apidb, your apikey, the shortdb, and only the id of a short link to the delShort function in the api class
+	OPTIONAL: include a password at the very end to have a password that isn't your apikey
+	The function will see if your key is allowed to delete links, test if the id exists in the database, and test if the password is correct (apikey by default but can be a defined password)
+	If those tests pass, your link will be deleted and be presented with "Deleted: [SHORT LINK ID]"
+
+
+TODO:
+	Code the frontend
+	Add Image Host uploading
+	Add API user creation
+	Add future services
+	Implement into services
\ No newline at end of file