Broke the shortener

I broke everything.
This commit is contained in:
Arctic Code 2014-04-13 19:50:36 -05:00
parent c1c557ed07
commit 25ab98ae1c
4 changed files with 48 additions and 29 deletions

View File

@ -37,8 +37,10 @@ function checkRemoteFile($ip=null){
} }
class api{ class api{
require_once('dbsettings.php');
// Begin Short // Begin Short
function shorten($apidb, $apikey, $sdb, $link, $dpass=null){ function shorten($link, $dpass=null){
$apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1"; $apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1";
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']'; if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
if($row = $result->fetch_assoc()){ if($row = $result->fetch_assoc()){
@ -126,6 +128,39 @@ class api{
return "<div id=\"success\">Reported $link. Please check back in a day or two</div>"; return "<div id=\"success\">Reported $link. Please check back in a day or two</div>";
} }
function trackLink($apidb, $apikey, $sdb, $linkid){
$apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1;";
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
if($row = $result->fetch_assoc()){
$canshort = $row['short'];
$name = $row['name'];
$ip = $_SERVER['REMOTE_ADDR'];
$apisql = "INSERT INTO `apiuse` (time, name, apikey, ip, type, allowed, misc) VALUES (NOW(), '$name', '$apikey', '$ip', 'Track Link', '$canshort', '$link')";
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
}
if($canshort != 1) return '<div id="error">Failed to report</div>';
$sql = "INSERT INTO `tracking` (time, apikey, ip, linkid) VALUES (NOW(), '$apikey', '$ip', '$linkid')";
if(!$result = $sdb->query($sql)): die( 'ERROR: ['.$sdb->error.']');
else: die("SUCCESS");
endif;
}
function resLink($link){
$link = sanitize($link);
$sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;";
if($result = $shortdb->query($sql)){
if($row = $result->fetch_assoc()){
$link = $row['link'];
trackLink($apidb, $key, $sdb, $link);
header("location:$link");
exit(); // Stop script execution to save on resources
}
}
}
// End Short // End Short
} }

View File

@ -2,12 +2,12 @@
// DBSettings // DBSettings
$apidb = new mysqli('localhost', 'api', 'password', 'api'); // Connect to main APIDB global $apidb = new mysqli('localhost', 'api', 'password', 'api'); // Connect to main APIDB
if($apidb->connect_errno > 0) die('Unable to connect to database [' . $apidb->connect_error . '] - Check dbsettings.php'); if($apidb->connect_errno > 0) die('Unable to connect to database [' . $apidb->connect_error . '] - Check dbsettings.php');
$shortdb = new mysqli('localhost', 'short', 'password', 'short'); // Connect to link shortener DB global $shortdb = new mysqli('localhost', 'short', 'password', 'short'); // Connect to link shortener DB
if($shortdb->connect_errno > 0) die('Unable to connect to database [' . $shortdb->connect_error . '] - Check dbsettings.php'); if($shortdb->connect_errno > 0) die('Unable to connect to database [' . $shortdb->connect_error . '] - Check dbsettings.php');
$key = '9a211e90b0a0570ed33e47428231e702af47b6f54fb347960f661184e063a1d0'; // KEEP THIS PRIVATE! This is the only thing that authenticates the application global $key = '9a211e90b0a0570ed33e47428231e702af47b6f54fb347960f661184e063a1d0'; // KEEP THIS PRIVATE! This is the only thing that authenticates the application
?> ?>

View File

@ -13,33 +13,18 @@
$catchVal = base_convert($catchVal.$catchid, 10, 36); $catchVal = base_convert($catchVal.$catchid, 10, 36);
$_SESSION['catch'] = $catchid.":".$catchVal; $_SESSION['catch'] = $catchid.":".$catchVal;
require('api/api.backend.php');
$api = new api();
// This has been depreciated. Still here for backwards compatibility with existing links // This has been depreciated. Still here for backwards compatibility with existing links
if(!empty($_GET['l'])){ if(!empty($_GET['l'])){
include('api/dbsettings.php'); $api->resLink($_GET['l']);
$link = $shortdb->real_escape_string(strtolower(stripslashes(strip_tags($_GET['l']))));
$sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;";
if($result = $shortdb->query($sql)){
if($row = $result->fetch_assoc()){
$link = $row['link'];
header("location:$link");
exit(); // Stop script execution to save on resources
}
}
} }
// New way to check for valid short links, two characters shorter than the if statement above // New way to check for valid short links, two characters shorter than the if statement above
if(!empty($_GET)){ if(!empty($_GET)){
$key = key($_GET); $key = key($_GET);
include('api/dbsettings.php'); $api->resLink($key);
$link = $shortdb->real_escape_string(strtolower(stripslashes(strip_tags($key))));
$sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;";
if($result = $shortdb->query($sql)){
if($row = $result->fetch_assoc()){
$link = $row['link'];
header("location:$link");
exit(); // Stop script execution to save on resources
}
}
} }
?> ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

View File

@ -5,10 +5,6 @@
$catchid = $catches[0]; $catchid = $catches[0];
$catchVal = $catches[1]; $catchVal = $catches[1];
if(empty($_GET['token']) || $_GET['token'] != $_SESSION['token'] || empty($_POST[$catchid]) || $_POST[$catchid] != $catchVal){
die("<div id=\"error\">Oh Noes! Something happened and I can't continue.<br />Please try again by using the form located at <a href=\"http://unps.us\">http://unps.us</a>.</div>");
}
require('api/api.backend.php'); require('api/api.backend.php');
require('api/dbsettings.php'); require('api/dbsettings.php');
@ -24,13 +20,16 @@
$unpsAPI = new api(); $unpsAPI = new api();
if(!empty($_POST['link']) && !empty($_POST['linkmod'])){ if(!empty($_POST['link']) && !empty($_POST['linkmod'])){
if(empty($_GET['token']) || $_GET['token'] != $_SESSION['token'] || empty($_POST[$catchid]) || $_POST[$catchid] != $catchVal){
die("<div id=\"error\">Oh Noes! Something happened and I can't continue.<br />Please try again by using the form located at <a href=\"http://unps.us\">http://unps.us</a>.</div>");
}
switch ($_POST['linkmod']){ switch ($_POST['linkmod']){
case "shorten": case "shorten":
$short = sanitize($_POST['link']); $short = sanitize($_POST['link']);
if(strpos($short, "http://") === false && strpos($short, "https://") === false){ if(strpos($short, "http://") === false && strpos($short, "https://") === false){
$short = "http://$short"; $short = "http://$short";
} }
echo $unpsAPI->shorten($apidb, $key, $shortdb, $short); echo $unpsAPI->shorten($short);
break; break;
default: default:
die("<div id=\"error\">I don't know what you want to do... [-Check linkmod-]</div>"); die("<div id=\"error\">I don't know what you want to do... [-Check linkmod-]</div>");