Add Shortv4-2 files, watered down UnPSAPI, and Bootstrap 3

api/api.backend.php

@@ -0,0 +1,113 @@
+<?php
+
+ /* ============================================================
+  *
+  *						  UnPS-API Backend
+  *
+  *	  Remember to sanitize everything before sending it here!
+  *
+  * ============================================================
+  */
+
+function checkRemoteFile($link){
+	if (@file_get_contents($link)): return true;
+	else: return false;
+	endif;
+}
+
+include('hashpass.php');
+
+class api{
+	// Begin Short
+	function shorten($apidb, $apikey, $sdb, $link, $dpass=null){
+		$apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1";
+		if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+		if($row = $result->fetch_assoc()){
+			$canshort = $row['short'];
+			$name = $row['name'];
+			
+			$ip = $_SERVER['REMOTE_ADDR'];
+			
+			$apisql = "INSERT INTO `apiuse` (time, name, apikey, ip, type, allowed, misc) VALUES (NOW(), '$name', '$apikey', '$ip', 'Link Shorten', '$canshort', '$link')";
+			if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+		}
+		if($canshort != 1) return 'You are not authorized to shorten links';
+		
+		$sql = "SELECT * FROM `links` WHERE `link` = '$link' LIMIT 1;";
+		if($result = $sdb->query($sql)){
+			if($row = $result->fetch_assoc()){
+				$short = $row['shortlink'];
+				return "Existing link: <a href=\"http://unps.us/?l=$short\" target=\"$short\">http://unps.us/?l=$short</a>";
+			}
+		}
+		if(checkRemoteFile($link) !== true) return "Dead Link: $link";
+		$short = substr(number_format(time() * mt_rand(),0,'',''),0,10); 
+		$short = base_convert($short, 10, 36); 
+		
+		$dpass = substr(number_format(time() * mt_rand(),0,'',''),0,10); 
+		$dpass = base_convert($short.$dpass, 10, 36); 
+
+		if($dpass != null): $sql = "INSERT INTO `links` (link, shortlink, dpass) VALUES ('$link', '$short', '$dpass')";
+		else: $sql = "INSERT INTO `links` (link, shortlink, dpass) VALUES ('$link', '$short', '$apikey')";
+		endif;
+		
+		if($result = $sdb->query($sql)): return "Shortened: <a href=\"http://unps.us/?l=$short\" target=\"$short\">http://unps.us/?l=$short</a><br />Your link deletion password (write this down): $dpass";
+		else: return 'ERROR: ['.$sdb->error.']';
+		endif;
+	}
+	
+	function delShort ($apidb, $apikey, $sdb, $link, $dpass=null){
+		$apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1";
+		if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+		if($row = $result->fetch_assoc()){
+			$canshort = $row['short'];
+			$name = $row['name'];
+			
+			$ip = $_SERVER['REMOTE_ADDR'];
+			
+			$apisql = "INSERT INTO `apiuse` (time, name, apikey, ip, type, allowed, misc) VALUES (NOW(), '$name', '$apikey', '$ip', 'Short Link Delete', '$canshort', '$link')";
+			if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+		}
+		if($canshort != 1) return 'You are not authorized to delete short links';
+		
+		$sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;";
+		if($result = $sdb->query($sql)){
+			if($row = $result->fetch_assoc()){
+				$short = $row['shortlink'];
+				$password = $row['dpass'];
+				
+				if($dpass != null) $apikey = $dpass;
+				
+				if($apikey == $password){
+					$sql = "DELETE FROM `links` WHERE `shortlink` = '$link' AND `dpass` = '$apikey' LIMIT 1;";
+					if(!$result = $sdb->query($sql)) return 'ERROR: ['.$sdb->error.']';
+					echo "Deleted: $link";
+					return;
+				}else{ return "The password doesn't match. Delete $link aborted!"; }
+			}
+		}else{ return 'ERROR: ['.$sdb->error.']'; }
+	}
+
+	function reportLink($apidb, $apikey, $sdb, $link, $reason){
+		$apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1;";
+		if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+		if($row = $result->fetch_assoc()){
+			$canshort = $row['short'];
+			$name = $row['name'];
+			
+			$ip = $_SERVER['REMOTE_ADDR'];
+
+			$apisql = "INSERT INTO `apiuse` (time, name, apikey, ip, type, allowed, misc) VALUES (NOW(), '$name', '$apikey', '$ip', 'Report Link', '$canshort', '$link')";
+			if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+		}
+		if($canshort != 1) return 'You are not authorized to shorten links, meaning you also can\'t report false negatives';
+
+		$sql = "INSERT INTO `manual` (time, apikey, ip, link, reason) VALUES(NOW(), '$apikey', '$ip', '$link', '$reason');";
+		if(!$result = $sdb->query($sql)) return 'ERROR: ['.$sdb->error.']';
+		return "Reported $link. Please check back in a day or two";
+	}
+
+	// End Short
+}
+
+?>

api/dbsettings.php

@@ -0,0 +1,11 @@
+<?php
+
+// DBSettings
+
+$apidb = new mysqli('localhost', 'api', 'password', 'api'); // Connect to main APIDB
+if($apidb->connect_errno > 0) die('Unable to connect to database [' . $apidb->connect_error . '] - Check dbsettings.php');
+
+$shortdb = new mysqli('localhost', 'short', 'password', 'short'); // Connect to link shortener DB
+if($shortdb->connect_errno > 0) die('Unable to connect to database [' . $shortdb->connect_error . '] - Check dbsettings.php');
+
+?>

api/hashpass.php

@@ -0,0 +1,40 @@
+<?php
+/* HashPass() function takes $plaintext, $salt and $i (number of iterations) as inputs and outputs $hashpass - $salt and $i are optional
+* Copyright David Todd (C) 2012 
+* http://www.unps-gama.info
+* This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. 
+* To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/
+* If no $salt provided, generate large int and output $hashpass and $salt
+* If no $i (number of iterations) provided, go through once and return - not as secure as using iterations, but chances are low it will get cracked easily
+* If no $plaintext provided, die with error message saved to error variable
+*/
+
+function hashpass($plaintext, $salt, $i){
+	if($plaintext == null) die("No password given"); // Die with error
+	$plaintext = hash("sha1", $plaintext); // First step - get plaintext sha1
+	if($salt == null || $salt == ''){
+		$salt =  mt_rand(10000, 20000); // Generate random number between 1000 and 20000
+		$salt = hash("sha1", $salt); // Get sha1 hash of random number
+		$salt = $salt.mt_rand(5000, 80000); // Append new random number between 5000 and 80000 to md5 salt
+		$salt = hash("sha256", $salt); // Take a sha256 hash of new salt and done with salt generation
+	}
+	if($i == null || $i == ''){
+		$plaintext = hash("sha256", $plaintext.$salt); // Take first sha256 hash of $plaintext+$salt (64 bits)
+		$plaintext = hash("sha1", $salt.$plaintext.$salt); // Take sha1 of salt+plaintext+salt (32 bits)
+		$plaintext = hash("sha512", $salt.$plaintext.$salt.$salt.$plaintext.$salt); // Take sha512 of this (128bits)
+		$hashpass = hash("sha256", $plaintext); // final hash is sha256 of the sha512 above (back down to 64bits)
+		return $hashpass."/".$salt; // Give calling script the hashed password and salt, seperate strings with "/" to be exploded into array later
+	}else{
+		$il = '';
+		while($il < $i && $il <= 50){
+			$plaintext = hash("sha256", $plaintext.$salt); // Take first sha256 hash of $plaintext+$salt (64 bits)
+			$plaintext = hash("sha1", $salt.$plaintext.$salt); // Take sha1 of salt+plaintext+salt (32 bits)
+			$plaintext = hash("sha512", $salt.$plaintext.$salt.$salt.$plaintext.$salt); // Take sha512 of this (128bits)
+			$il++;
+			//echo "Iteration: $il Password: $plaintext\r\n";
+		}
+		$hashpass = hash("sha256", $plaintext); // final hash is sha256 of the sha512 above (back down to 64bits)
+		return $hashpass."/".$salt; // Give calling script the hashed password and salt, seperate strings with "/" to be exploded into array later
+	}
+}
+?>