2019-01-26 22:34:48 +00:00
< ? php
session_start ( );
require_once ( 'config.php' );
require_once ( 'functions.php' );
2019-02-07 11:36:44 +00:00
$request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] );
if ( isset ( $request [ 0 ] ) && $request [ 0 ] != " " ) {
switch ( $request [ 0 ] ) {
case " go " :
if ( isset ( $request [ 1 ] ) ) {
$link_id = $request [ 1 ];
$link_id = ( int ) $link_id ;
if ( ! is_int ( $link_id ) ) {
die ( " You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go= " . $link_id . " for more investigations " );
}
$db_connection = db_connect ( );
$statement = db_prepare ( $db_connection , " SELECT links.URL FROM links WHERE links.ID = ? " );
$parameters = [
[ " i " ],
[ & $link_id ],
];
db_bind ( $statement , $parameters );
db_execute ( $statement );
$result = $statement -> get_result ( );
$row = $result -> fetch_assoc ( );
if ( ! $row ) {
include ( 'errors/404.html' );
}
else {
include ( 'templates/redirect.html' );
echo ( '<script>var my_location = "' . $row [ 'URL' ] . '";</script>' );
}
}
break ;
case " login " :
if ( isset ( $_SESSION [ 'user_id' ] ) ) {
header ( " Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0 , - 10 ) . " /insert " );
exit ;
}
if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {
$username = $_POST [ 'username' ];
$password = $_POST [ 'password' ];
$db_connection = db_connect ( );
$statement = db_prepare ( $db_connection , " SELECT users.id FROM users WHERE users.username = ? AND users.password = ? " );
$parameters = [
[ " ss " ],
[ & $username , & $password ],
];
db_bind ( $statement , $parameters );
db_execute ( $statement );
$result = $statement -> get_result ( );
$row = $result -> fetch_assoc ( );
if ( ! $row ) {
header ( 'Content-Type: application/json' );
$response = [
'status' => 401 ,
'error_message' => 'Username or password not correct.' ,
];
echo ( json_encode ( $response ) );
}
else {
$_SESSION [ 'user_id' ] = $row [ 'id' ];
header ( 'Content-Type: application/json' );
$response = [
'status' => 200 ,
'message' => 'Authentication succesfully executed.' ,
];
echo ( json_encode ( $response ) );
}
2019-01-26 22:34:48 +00:00
}
else {
2019-02-07 11:36:44 +00:00
include ( 'templates/login.php' );
2019-01-26 22:34:48 +00:00
}
2019-02-07 11:36:44 +00:00
break ;
case " logout " :
$_SESSION = array ( );
session_destroy ( );
header ( " Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0 , - 10 ) );
break ;
case " insert " :
if ( ! isset ( $_SESSION [ 'user_id' ] ) ) {
header ( " Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0 , - 10 ) . " /login " );
}
if ( isset ( $_POST [ 'url' ] ) ) {
$url = $_POST [ 'url' ];
$db_connection = db_connect ( );
$statement = db_prepare ( $db_connection , " INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " ); " );
$parameters = [
[ " s " ],
[ & $url ],
];
db_bind ( $statement , $parameters );
db_execute ( $statement );
$statement = db_prepare ( $db_connection , " SELECT COUNT( links.ID ) as `count` FROM links; " );
db_execute ( $statement );
$result = $statement -> get_result ( );
$row = $result -> fetch_assoc ( );
header ( 'Content-Type: application/json' );
$response = [
'status' => 200 ,
'message' => 'URL inserted correctly.' ,
'new_id' => $row [ 'count' ],
];
echo ( json_encode ( $response ) );
}
else {
$db_connection = db_connect ( );
$statement = db_prepare ( $db_connection , " SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
db_execute ( $statement );
$result = $statement -> get_result ( );
$row = $result -> fetch_assoc ( );
include ( 'templates/insert.php' );
}
break ;
default :
http_response_code ( 404 );
echo " fuck, 404! " ;
die ( );
2019-01-26 22:34:48 +00:00
}
}
2019-02-07 11:36:44 +00:00
else {
header ( " Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0 , - 10 ) . " /login " );
}
2019-01-26 22:34:48 +00:00
?>