From 92babb43a2a0041a71b54db35cbc9d2fba908a63 Mon Sep 17 00:00:00 2001
From: root
Date: Thu, 27 Nov 2014 02:41:21 +0100
Subject: Rewrote the linkshorter.

---
 linkshorter/index.php | 155 +++++++++++++++++++-------------------------------
 1 file changed, 59 insertions(+), 96 deletions(-)

(limited to 'linkshorter/index.php')

diff --git a/linkshorter/index.php b/linkshorter/index.php
index 1d56be5..c60bc82 100644
--- a/linkshorter/index.php
+++ b/linkshorter/index.php
@@ -1,114 +1,77 @@
 <?php
 require 'functions.php';
-require 'db.php';
+require 'config.php';
+require 'class/db.php';
 
-//ob_start("sanitize_output");
-ob_start();
+if ( ! isset($_REQUEST['url']) || $_REQUEST['url'] == "" ){
+if ( ! isset($_REQUEST['checkpassword']) || $_REQUEST['checkpassword'] != 1 )
 
-if ( $_SERVER['REQUEST_METHOD'] != 'POST'){
+		require 'view/templ-index.php';
 
-/*
-	$key = "lscache_" . md5( strtolower($_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"].$_SERVER["QUERY_STRING"]));
-	if ( $db->exists($key) ) {
-		header("X-Cache: Hit");
-		echo $db->get($key);	
-		ob_end_flush();
-		exit;
+	else {
+
+		if ( ! isset($_REQUEST["short"]) || $_REQUEST["short"] == "" ){
+			header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found");
+			_do_output("Failure!", "Requested ID not found.");
+		}
+
+		$db = new Database(REDIS_CONNECT, REDIS_SELECT);
+
+		$options = json_decode( $db->get($_REQUEST["short"]), true );
+
+		if ( password_verify( $_REQUEST["password"] . PEPPER, $options["password"] ) )
+			redirect($options["url"]);
+		else
+			_do_output("Failure!", "Wrong password supplied");
 	}
-*/
-
-?>
-<!doctype html>
-<html>
-<head>
-	<meta charset="utf-8">
-	<title>Link Shorter</title>
-	<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">
-	<link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet">
-	<style>
-	<?php echo file_get_contents("../tools/style.css"); ?>
-	</style>
-	<noscript><style>.navbar{margin-bottom:0;}</style></noscript>
-	<link rel='shortcut icon' href='../tools/favicon.ico' type='image/x-icon'>
-	<meta name="viewport" content="width=device-width, initial-scale=1.0">
-</head>
-	<?php require("../tools/navbar.php"); ?>
-	<div class="container"> 
-		<div class="text-center">
-			<div class="row center-block vertical-center">
-				<form class="form-horizontal " method="POST">
-					<fieldset>
-
-					<legend class="text-centered"><h1>Amazing Linkshorter</h1>
-					<p>Short your link and use a easy to remembery query string</p>
-					</legend>
-
-					<div class="form-group">
-					  <label class="col-md-4 control-label" for="url">Link:</label>  
-					  <div class="col-md-5">
-					  <input id="url" name="url" placeholder="http://www.moehm.org/" class="form-control input-md" required="" type="text">
-    
-					  </div>
-					</div>
-
-					<div class="form-group">
-					  <label class="col-md-4 control-label" for="short">(optional)</label>  
-					  <div class="col-md-4">
-					  <input id="short" name="short" placeholder="Your own query string here." class="form-control input-md" type="text">
-    
-					  </div>
-					</div>
-
-					<div class="form-group">
-					  <label class="col-md-4 control-label" for="singlebutton"></label>
-					  <div class="col-md-4">
-					    <button id="singlebutton" name="singlebutton" class="btn btn-primary" type="submit">Short!</button>
-					  </div>
-					</div>
-
-					</fieldset>
-				</form>
-			</div>
-		</div>
-	</div>
-	<?php require("../tools/footer.php"); ?>
-</body>
-<?php
-	$html = ob_get_contents();
-	$db->set($key, $html, 3600);
-	ob_end_flush();
 
 } else {
 
-	if ( empty($_POST["url"]) || $_POST["url"] == "" ){
-		do_output("<p>We need a link to be shortened.</p>", "400 Client Failed", false, "<h1>Missing URL</h1>");
-	} 
+	$url = trim($_REQUEST['url']);
 
-	if ( ! preg_match("/^[a-z]+:\/\/[a-z0-9_]+/i", $_POST["url"]) ){
-		do_output("<p>Only schemas like http:// or ftp:// are supported.</p>", "400 Client Failed", false, "<h1>This does not look like an url</h1>");
+	if( ! preg_match("/^https?:\/\//", $url) ){
+		$heading = "Failure!";
+		$reason = "This doesn't look like a valid URL.";
+		_do_output($heading, $reason);
 	}
 
+	$options = array("url" => $url);
+	if ( ! isset($_REQUEST["short"]) || $_REQUEST["short"] == "" )
+		$options["short"] = "";
+	else
+		$options["short"] = $_REQUEST["short"];
+
+	if ( ! isset($_REQUEST["ttl"]) || $_REQUEST["ttl"] == "" )
+		$options["ttl"] = "";
+	else {
+		if ( ! preg_match( "/^[0-9]+$/", trim($_REQUEST["ttl"]) ) ){
+			_do_output("Failure", "Your Lifetime doesn't look like a valid number.");
+		}
+		$options["ttl"] = $_REQUEST["ttl"];
+	}
 
-	$hash = md5($_POST["url"]);
-	if( ! empty($_POST["short"]) && $_POST["short"] != "" ) {
-		$short = $_POST["short"];
-		if ( $db->exists($short) == 1 && $_POST["url"] != $db->get($short) )
-			do_output("<p>Someone else has already a registered entry under '".htmlentities($short)."'.</p>", "422 Unprocessable Entity", false, "<h1>Query string already exists.</h1>");
+	if ( ! isset($_REQUEST["password"]) || $_REQUEST["password"] == "" )
+		$options["password"] = "";
+	else
+		$options["password"] = password_hash($_REQUEST["password"] . PEPPER, PASSWORD_DEFAULT);
+	
+	$db = new Database(REDIS_CONNECT, REDIS_SELECT);
+
+	if ( $options["short"] != "" && $db->exists($options["short"]) )
+		_do_output("Failure", "Query string '".htmlentities($options["short"])."' already taken. Please choose a different one.");
+
+	if ( $options["short"] == "" )
+		$options["short"] = getToken();
+		
+	if ( $options["ttl"] != "" ){
+		if ( ! $db->set($options["short"], json_encode($options), $options["ttl"]) ){
+			_do_output("Failure", "Database went away. :(");
+		}
 	} else {
-		if( ! $short = $db->get($hash) ){
-				$arr = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9");
-
-			do {
-				$short="";
-				for ($i=0;$i<5;$i++){
-	        			$r = mt_rand(0, count($arr)-1);
-			        	$short.=$arr[$r];
-				}
-			} while ( $db->exists($short) );
-			$db->set($hash, $short);
+		if ( ! $db->set($options["short"], json_encode($options)) ){
+			_do_output("Failure", "Database went away. :(");
 		}
 	}
-	$db->set($short, $_POST["url"]);
 
-	do_output("<p>Your short link for <a href=\"".htmlentities($_POST["url"])."\">".htmlentities($_POST["url"])."</a> is <br> http://s.moehm.org/".$short."</p>", "200 OK", false, "<h1>Success</h1>");
+	_do_output("Success!", "Your shortlink is " . SHORTDOMAIN . htmlentities($options["short"]) . ".");
 }
-- 
cgit v1.2.3