diff --git a/api/api.backend.php b/api/api.backend.php
index effecfa..6d7b7f1 100644
--- a/api/api.backend.php
+++ b/api/api.backend.php
@@ -37,10 +37,8 @@ function checkRemoteFile($ip=null){
}
class api{
- require_once('dbsettings.php');
-
// Begin Short
- function shorten($link, $dpass=null){
+ function shorten($apidb, $apikey, $sdb, $link, $dpass=null){
$apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1";
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
if($row = $result->fetch_assoc()){
@@ -128,39 +126,6 @@ class api{
return "Reported $link. Please check back in a day or two
";
}
- function trackLink($apidb, $apikey, $sdb, $linkid){
- $apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1;";
- if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
- if($row = $result->fetch_assoc()){
- $canshort = $row['short'];
- $name = $row['name'];
-
- $ip = $_SERVER['REMOTE_ADDR'];
-
- $apisql = "INSERT INTO `apiuse` (time, name, apikey, ip, type, allowed, misc) VALUES (NOW(), '$name', '$apikey', '$ip', 'Track Link', '$canshort', '$link')";
- if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
- }
- if($canshort != 1) return 'Failed to report
';
-
- $sql = "INSERT INTO `tracking` (time, apikey, ip, linkid) VALUES (NOW(), '$apikey', '$ip', '$linkid')";
- if(!$result = $sdb->query($sql)): die( 'ERROR: ['.$sdb->error.']');
- else: die("SUCCESS");
- endif;
- }
-
- function resLink($link){
- $link = sanitize($link);
- $sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;";
- if($result = $shortdb->query($sql)){
- if($row = $result->fetch_assoc()){
- $link = $row['link'];
- trackLink($apidb, $key, $sdb, $link);
- header("location:$link");
- exit(); // Stop script execution to save on resources
- }
- }
- }
-
// End Short
}
diff --git a/index.php b/index.php
index b0c5756..1b0ba4d 100644
--- a/index.php
+++ b/index.php
@@ -13,18 +13,33 @@
$catchVal = base_convert($catchVal.$catchid, 10, 36);
$_SESSION['catch'] = $catchid.":".$catchVal;
- require('api/api.backend.php');
- $api = new api();
-
// This has been depreciated. Still here for backwards compatibility with existing links
if(!empty($_GET['l'])){
- $api->resLink($_GET['l']);
+ include('api/dbsettings.php');
+ $link = $shortdb->real_escape_string(strtolower(stripslashes(strip_tags($_GET['l']))));
+ $sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;";
+ if($result = $shortdb->query($sql)){
+ if($row = $result->fetch_assoc()){
+ $link = $row['link'];
+ header("location:$link");
+ exit(); // Stop script execution to save on resources
+ }
+ }
}
// New way to check for valid short links, two characters shorter than the if statement above
if(!empty($_GET)){
$key = key($_GET);
- $api->resLink($key);
+ include('api/dbsettings.php');
+ $link = $shortdb->real_escape_string(strtolower(stripslashes(strip_tags($key))));
+ $sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;";
+ if($result = $shortdb->query($sql)){
+ if($row = $result->fetch_assoc()){
+ $link = $row['link'];
+ header("location:$link");
+ exit(); // Stop script execution to save on resources
+ }
+ }
}
?>
diff --git a/process.php b/process.php
index ba57f98..b9e0718 100644
--- a/process.php
+++ b/process.php
@@ -5,6 +5,10 @@
$catchid = $catches[0];
$catchVal = $catches[1];
+ if(empty($_GET['token']) || $_GET['token'] != $_SESSION['token'] || empty($_POST[$catchid]) || $_POST[$catchid] != $catchVal){
+ die("Oh Noes! Something happened and I can't continue.
Please try again by using the form located at
http://unps.us.
Oh Noes! Something happened and I can't continue.
Please try again by using the form located at
http://unps.us.
I don't know what you want to do... [-Check linkmod-]
");