From 25ab98ae1ca3b52506f1d85ccccf026cd2fbfbbc Mon Sep 17 00:00:00 2001 From: Arctic Code Date: Sun, 13 Apr 2014 19:50:36 -0500 Subject: [PATCH] Broke the shortener I broke everything. --- api/api.backend.php | 37 ++++++++++++++++++++++++++++++++++++- api/dbsettings.php | 6 +++--- index.php | 25 +++++-------------------- process.php | 9 ++++----- 4 files changed, 48 insertions(+), 29 deletions(-) diff --git a/api/api.backend.php b/api/api.backend.php index 6d7b7f1..effecfa 100644 --- a/api/api.backend.php +++ b/api/api.backend.php @@ -37,8 +37,10 @@ function checkRemoteFile($ip=null){ } class api{ + require_once('dbsettings.php'); + // Begin Short - function shorten($apidb, $apikey, $sdb, $link, $dpass=null){ + function shorten($link, $dpass=null){ $apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1"; if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']'; if($row = $result->fetch_assoc()){ @@ -126,6 +128,39 @@ class api{ return "
Reported $link. Please check back in a day or two
"; } + function trackLink($apidb, $apikey, $sdb, $linkid){ + $apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1;"; + if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']'; + if($row = $result->fetch_assoc()){ + $canshort = $row['short']; + $name = $row['name']; + + $ip = $_SERVER['REMOTE_ADDR']; + + $apisql = "INSERT INTO `apiuse` (time, name, apikey, ip, type, allowed, misc) VALUES (NOW(), '$name', '$apikey', '$ip', 'Track Link', '$canshort', '$link')"; + if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']'; + } + if($canshort != 1) return '
Failed to report
'; + + $sql = "INSERT INTO `tracking` (time, apikey, ip, linkid) VALUES (NOW(), '$apikey', '$ip', '$linkid')"; + if(!$result = $sdb->query($sql)): die( 'ERROR: ['.$sdb->error.']'); + else: die("SUCCESS"); + endif; + } + + function resLink($link){ + $link = sanitize($link); + $sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;"; + if($result = $shortdb->query($sql)){ + if($row = $result->fetch_assoc()){ + $link = $row['link']; + trackLink($apidb, $key, $sdb, $link); + header("location:$link"); + exit(); // Stop script execution to save on resources + } + } + } + // End Short } diff --git a/api/dbsettings.php b/api/dbsettings.php index 927bc53..7789529 100644 --- a/api/dbsettings.php +++ b/api/dbsettings.php @@ -2,12 +2,12 @@ // DBSettings -$apidb = new mysqli('localhost', 'api', 'password', 'api'); // Connect to main APIDB +global $apidb = new mysqli('localhost', 'api', 'password', 'api'); // Connect to main APIDB if($apidb->connect_errno > 0) die('Unable to connect to database [' . $apidb->connect_error . '] - Check dbsettings.php'); -$shortdb = new mysqli('localhost', 'short', 'password', 'short'); // Connect to link shortener DB +global $shortdb = new mysqli('localhost', 'short', 'password', 'short'); // Connect to link shortener DB if($shortdb->connect_errno > 0) die('Unable to connect to database [' . $shortdb->connect_error . '] - Check dbsettings.php'); -$key = '9a211e90b0a0570ed33e47428231e702af47b6f54fb347960f661184e063a1d0'; // KEEP THIS PRIVATE! This is the only thing that authenticates the application +global $key = '9a211e90b0a0570ed33e47428231e702af47b6f54fb347960f661184e063a1d0'; // KEEP THIS PRIVATE! This is the only thing that authenticates the application ?> \ No newline at end of file diff --git a/index.php b/index.php index 1b0ba4d..b0c5756 100644 --- a/index.php +++ b/index.php @@ -13,33 +13,18 @@ $catchVal = base_convert($catchVal.$catchid, 10, 36); $_SESSION['catch'] = $catchid.":".$catchVal; + require('api/api.backend.php'); + $api = new api(); + // This has been depreciated. Still here for backwards compatibility with existing links if(!empty($_GET['l'])){ - include('api/dbsettings.php'); - $link = $shortdb->real_escape_string(strtolower(stripslashes(strip_tags($_GET['l'])))); - $sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;"; - if($result = $shortdb->query($sql)){ - if($row = $result->fetch_assoc()){ - $link = $row['link']; - header("location:$link"); - exit(); // Stop script execution to save on resources - } - } + $api->resLink($_GET['l']); } // New way to check for valid short links, two characters shorter than the if statement above if(!empty($_GET)){ $key = key($_GET); - include('api/dbsettings.php'); - $link = $shortdb->real_escape_string(strtolower(stripslashes(strip_tags($key)))); - $sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;"; - if($result = $shortdb->query($sql)){ - if($row = $result->fetch_assoc()){ - $link = $row['link']; - header("location:$link"); - exit(); // Stop script execution to save on resources - } - } + $api->resLink($key); } ?> diff --git a/process.php b/process.php index 2cd66e6..2541596 100644 --- a/process.php +++ b/process.php @@ -5,10 +5,6 @@ $catchid = $catches[0]; $catchVal = $catches[1]; - if(empty($_GET['token']) || $_GET['token'] != $_SESSION['token'] || empty($_POST[$catchid]) || $_POST[$catchid] != $catchVal){ - die("
Oh Noes! Something happened and I can't continue.
Please try again by using the form located at http://unps.us.
"); - } - require('api/api.backend.php'); require('api/dbsettings.php'); @@ -24,13 +20,16 @@ $unpsAPI = new api(); if(!empty($_POST['link']) && !empty($_POST['linkmod'])){ + if(empty($_GET['token']) || $_GET['token'] != $_SESSION['token'] || empty($_POST[$catchid]) || $_POST[$catchid] != $catchVal){ + die("
Oh Noes! Something happened and I can't continue.
Please try again by using the form located at http://unps.us.
"); + } switch ($_POST['linkmod']){ case "shorten": $short = sanitize($_POST['link']); if(strpos($short, "http://") === false && strpos($short, "https://") === false){ $short = "http://$short"; } - echo $unpsAPI->shorten($apidb, $key, $shortdb, $short); + echo $unpsAPI->shorten($short); break; default: die("
I don't know what you want to do... [-Check linkmod-]
");